From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0CE1C4829E for ; Thu, 15 Feb 2024 13:57:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0E86E8D0006; Thu, 15 Feb 2024 08:57:20 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0962E8D0001; Thu, 15 Feb 2024 08:57:20 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E52148D0006; Thu, 15 Feb 2024 08:57:19 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id D0EDA8D0001 for ; Thu, 15 Feb 2024 08:57:19 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 4BA51C10F1 for ; Thu, 15 Feb 2024 13:57:19 +0000 (UTC) X-FDA: 81794190198.12.09A3E41 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) by imf16.hostedemail.com (Postfix) with ESMTP id B95DC18000A for ; Thu, 15 Feb 2024 13:57:15 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=HIH47Xn3; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=fchA0G6G; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b="hEE/25LG"; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=1mDNcQHO; dmarc=none; spf=pass (imf16.hostedemail.com: domain of jack@suse.cz designates 195.135.223.131 as permitted sender) smtp.mailfrom=jack@suse.cz ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1708005436; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=YM/uzfX85UNWZjIaQT+BrrcGbq6mDrktdy+t3iMmxTo=; b=7SZxs4itnM3KPg8y1W3aNgm51eS3dvdfTQCtdKJ1bxLo9GfViDM/X7p1P0S6paUvwUJutU E1eqr+1/RqV8jr8MqoVGPXBcJu2FTjXFOizlEQ3+NoPHVpFWNK6eH1rS32ijByFapYAQQ5 FOKfoQKL+a9Y9WHYNcj79Yndh+5ZhUE= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=HIH47Xn3; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=fchA0G6G; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b="hEE/25LG"; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=1mDNcQHO; dmarc=none; spf=pass (imf16.hostedemail.com: domain of jack@suse.cz designates 195.135.223.131 as permitted sender) smtp.mailfrom=jack@suse.cz ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708005436; a=rsa-sha256; cv=none; b=SK9IrVxs8RXPjM4zNQ0HwaPhCq5D/LYMIkiKBw78lq1gKd4byAhfLcmQvkC678ge2pBzPG vCckXLdu+6dkCSqK1Ttho2W4oi1rP6WUPJ4YGTtW/yBoHKsIOy4mwUq5e6TWUg4BCw176x 1KPuJRpGJfpX3W3QE9CUA5HjXUs0c7k= Received: from imap2.dmz-prg2.suse.org (imap2.dmz-prg2.suse.org [10.150.64.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id EDA9D1F8A4; Thu, 15 Feb 2024 13:57:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1708005434; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=YM/uzfX85UNWZjIaQT+BrrcGbq6mDrktdy+t3iMmxTo=; b=HIH47Xn3s/imS2dkQ1Piz1H5w78/hNxlmrwhDtdrRM0HVrgXtMa3mKprq/akNODAVx2Rke sJqgmILq0pRTyWtapSrt1ZS2+LPxTEexpvYquSnnYrg4ZbK13tSvYMfdpDsA3N3+ixGfgU DFAlVN6jBajl0b+5h8Wfi6Cxg83ELEs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1708005434; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=YM/uzfX85UNWZjIaQT+BrrcGbq6mDrktdy+t3iMmxTo=; b=fchA0G6G5rNTNN7cXH4hHdZGb7aiFIcGVSNj2mSJNDJtYC0IwCMmRSK/er0IU2dirvLXzB t27uqU/wSnAshOBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1708005433; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=YM/uzfX85UNWZjIaQT+BrrcGbq6mDrktdy+t3iMmxTo=; b=hEE/25LGdzh4bXpEiRTRx+86eDxd/7KOXRgqaPiLm9HGq8fCHw49WHOMdaIOqQ55W1puRN Tz6epXQOl2G0WnBx2KuuTYth7sjEzSnB6TGwFUTUW9QKJ+5F8psSPE9dESQ2A16rjW0w8k bgflJUZXrgNW78GqEDdKncPo3Yn8uAQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1708005433; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=YM/uzfX85UNWZjIaQT+BrrcGbq6mDrktdy+t3iMmxTo=; b=1mDNcQHOi1hfjcKMwI4r6uz91XwTDRduxm3/BP9dKJufAIbxwn8kdECOHkFXlaX0uWOc/F hj5jOl0O4HHTGYDg== Received: from imap2.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap2.dmz-prg2.suse.org (Postfix) with ESMTPS id D51421346A; Thu, 15 Feb 2024 13:57:13 +0000 (UTC) Received: from dovecot-director2.suse.de ([10.150.64.162]) by imap2.dmz-prg2.suse.org with ESMTPSA id zpAANDkYzmUAIQAAn2gu4w (envelope-from ); Thu, 15 Feb 2024 13:57:13 +0000 Received: by quack3.suse.cz (Postfix, from userid 1000) id 78BB8A0809; Thu, 15 Feb 2024 14:57:09 +0100 (CET) Date: Thu, 15 Feb 2024 14:57:09 +0100 From: Jan Kara To: Adrian Vovk Cc: Matthew Wilcox , Jan Kara , Christian Brauner , lsf-pc@lists.linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, linux-block@vger.kernel.org, Christoph Hellwig Subject: Re: [LSF/MM/BPF TOPIC] Dropping page cache of individual fs Message-ID: <20240215135709.4zmfb7qlerztbq6b@quack3> References: <20240116-tagelang-zugnummer-349edd1b5792@brauner> <20240116114519.jcktectmk2thgagw@quack3> <20240117-tupfen-unqualifiziert-173af9bc68c8@brauner> <20240117143528.idmyeadhf4yzs5ck@quack3> <3107a023-3173-4b3d-9623-71812b1e7eb6@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3107a023-3173-4b3d-9623-71812b1e7eb6@gmail.com> X-Rspamd-Queue-Id: B95DC18000A X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: axif5czwj36rc59qbke9ytf8yt6mfwm8 X-HE-Tag: 1708005435-893526 X-HE-Meta: U2FsdGVkX199s7vbW2q1rPZzT3aNVFSLku8iVnicpdgPsUd3gW7X+5gwl1Aijhq+r/LXXaRl+ajUgmiSzI4dau7bvwYSHwa0cycrg4vkQLDI3CD88hnEOpkRQZL1f0YZpJ/qCwTILt3b342+302k9VmAVhbk1YhN+F7Y3dvbOHDqjMapKhyCO1cewsWNk02pNkueEUgkZ+IQRVAg6NKzCONZc7BZjH5bwZzrV+TG3XWKGC1PJwI2uRVaSWFLbNvhA3Di7ZL2PGnv9qo45bn8UpGlFMEQQNdwmzbJldgmRFsNL3vTKZPU3ziD7zrUbPKPCrLZ1JlNSMcA2mpDKjqjKqIz+duXqOlkGjQ3GYTgOXa+Lro0FeeUcNiTEjJH+qtJmDdm6G4UP0Ho1uUkGFhuP8KzG0NW2nC7DQZpN2jRFuZWtbFxMpUWWX43QFjKrFF5iYYrGj16KxBfYdIJumJJn/WtQlDf/3LIyBYkt/GBwqQI49Cg6aLqiagbRBIy1YzhAGFJ+tQxwCgZIRlG8AcKycUHyo1yiIaNMCvryb6YHNZV+6mr2XAnNarOegE0Qd+COXmffag86eC2yzn5J0v+fsRCviSYlNXVFlhnI7yy4ZdLAwPqdTR1P8OV+tegQPjbJ2Jhq1OoTuAJRfezyY/YyYVnTwa+/OtA3giZByQH3Jir6T2FnrpU9Ic/OAsl2X5/RimgLQTgYWRpTt1+OyMkewjXJRoorxYszwi9ub0BxLzlMyPwnBKsvxRttpuATUXtLxGSE/3HdqxN4kR2cX0thWdXVnfaYJ9neUxxi7ojsPpkW8MgRjRamlm3Ws7M/0YU3Ai+vmt1+VRw3JtA1lrOzJXmNK6YLALmCCdylWqPG70hZQ9sv7x9rjfC06Czdyb/yAwc2fhJ0U9U4ftR8QcbvJ22fhpYMbO1KKvfe+G3cxVskUWW8KaI2t4I6xnnrQk2grW19OvMK5iaFqleYoL 0c+jVC7e obt4CvFQboMMgZ6dh/P/8D0zB0Fq0cVt24NbheGCeJxGOKIzWxdQd1L6qlHfhlqAkJcQsgiVnKrxVvcxOB//C2uQkPOQ0ihfz+mEgsSu3HoJaBQtgFwnNbOhO4AWJCjv4rwAG1LZuFcbJnxVM1ti7YzzXl54g7waCB8eYOVLmEA7nrGvvCG1071lzyatXipbxr+0jHzJzYQmPG66RuHTRrvzCLiCYYFqIZpHUwgt6nHRlaR80LtFGi+pzwK6S4MbQip01 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon 29-01-24 19:13:17, Adrian Vovk wrote: > Hello! I'm the "GNOME people" who Christian is referring to Got back to thinking about this after a while... > On 1/17/24 09:52, Matthew Wilcox wrote: > > I feel like we're in an XY trap [1]. What Christian actually wants is > > to not be able to access the contents of a file while the device it's > > on is suspended, and we've gone from there to "must drop the page cache". > > What we really want is for the plaintext contents of the files to be gone > from memory while the dm-crypt device backing them is suspended. > > Ultimately my goal is to limit the chance that an attacker with access to a > user's suspended laptop will be able to access the user's encrypted data. I > need to achieve this without forcing the user to completely log out/power > off/etc their system; it must be invisible to the user. The key word here is > limit; if we can remove _most_ files from memory _most_ of the time Ithink > luksSuspend would be a lot more useful against cold boot than it is today. Well, but if your attack vector are cold-boot attacks, then how does freeing pages from the page cache help you? I mean sure the page allocator will start tracking those pages with potentially sensitive content as free but unless you also zero all of them, this doesn't help anything against cold-boot attacks? The sensitive memory content is still there... So you would also have to enable something like zero-on-page-free and generally the cost of this is going to be pretty big? > I understand that perfectly wiping all the files out of memory without > completely unmounting the filesystem isn't feasible, and that's probably OK > for our use-case. As long as most files can be removed from memory most of > the time, anyway... OK, understood. I guess in that case something like BLKFLSBUF ioctl on steroids (to also evict filesystem caches, not only the block device) could be useful for you. Honza -- Jan Kara SUSE Labs, CR