From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29245C433E2 for ; Fri, 3 Jul 2020 22:44:15 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id E9E7720885 for ; Fri, 3 Jul 2020 22:44:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E9E7720885 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=ucw.cz Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 874C68D00A3; Fri, 3 Jul 2020 18:44:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 824978D0010; Fri, 3 Jul 2020 18:44:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 73A8F8D00A3; Fri, 3 Jul 2020 18:44:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0043.hostedemail.com [216.40.44.43]) by kanga.kvack.org (Postfix) with ESMTP id 5EB468D0010 for ; Fri, 3 Jul 2020 18:44:14 -0400 (EDT) Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id EC9F2181AC9CB for ; Fri, 3 Jul 2020 22:44:13 +0000 (UTC) X-FDA: 76998244386.16.ring43_4d0466026e95 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin16.hostedemail.com (Postfix) with ESMTP id BB48E100E690B for ; Fri, 3 Jul 2020 22:44:13 +0000 (UTC) X-HE-Tag: ring43_4d0466026e95 X-Filterd-Recvd-Size: 3872 Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [46.255.230.98]) by imf40.hostedemail.com (Postfix) with ESMTP for ; Fri, 3 Jul 2020 22:44:13 +0000 (UTC) Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 821251C0C0F; Sat, 4 Jul 2020 00:44:11 +0200 (CEST) Date: Sat, 4 Jul 2020 00:44:11 +0200 From: Pavel Machek To: "Catangiu, Adrian Costin" Cc: "linux-mm@kvack.org" , "linux-pm@vger.kernel.org" , "virtualization@lists.linux-foundation.org" , "linux-api@vger.kernel.org" , "akpm@linux-foundation.org" , "rjw@rjwysocki.net" , "len.brown@intel.com" , "mhocko@kernel.org" , "fweimer@redhat.com" , "keescook@chromium.org" , "luto@amacapital.net" , "wad@chromium.org" , "mingo@kernel.org" , "bonzini@gnu.org" , "Graf (AWS), Alexander" , "MacCarthaigh, Colm" , "Singh, Balbir" , "Sandu, Andrei" , "Brooker, Marc" , "Weiss, Radu" , "Manwaring, Derek" Subject: Re: [RFC]: mm,power: introduce MADV_WIPEONSUSPEND Message-ID: <20200703224411.GC25072@amd> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ghzN8eJ9Qlbqn3iT" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Rspamd-Queue-Id: BB48E100E690B X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam01 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000003, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: --ghzN8eJ9Qlbqn3iT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > Cryptographic libraries carry pseudo random number generators to > quickly provide randomness when needed. If such a random pool gets > cloned, secrets may get revealed, as the same random number may get > used multiple times. For fork, this was fixed using the WIPEONFORK > madvise flag [1]. > Unfortunately, the same problem surfaces when a virtual machine gets > cloned. The existing flag does not help there. This patch introduces a > new flag to automatically clear memory contents on VM suspend/resume, > which will allow random number generators to reseed when virtual > machines get cloned. Umm. If this is real problem, should kernel provide such rng in the vsdo page using vsyscalls? Kernel can have special interface to its vsyscalls, but we may not want to offer this functionality to rest of userland... > - Provides a simple mechanism to avoid RAM exfiltration during > traditional sleep/hibernate on a laptop or desktop when memory, > and thus secrets, are vulnerable to offline tampering or > inspection. This second use has nothing to do with RNGs, right? And I don't think we should do this in kernel. It is userspace that initiates the suspend transition. Userspace should lock the screen _before_ starting it, for example. Userspace should also get rid of any secrets, first... Best regards, Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --ghzN8eJ9Qlbqn3iT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAl7/tLsACgkQMOfwapXb+vKLKwCeJYf9jINarjpOcvkWGapwUdIa uagAnjDEdee4JzvzUfcuKH+WBY/IbjHX =2u6r -----END PGP SIGNATURE----- --ghzN8eJ9Qlbqn3iT--