From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.6 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 488F1C433E0 for ; Fri, 3 Jul 2020 22:56:33 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 0D520221ED for ; Fri, 3 Jul 2020 22:56:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UeZlVA56" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0D520221ED Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 5B1A78D00A5; Fri, 3 Jul 2020 18:56:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 539108D0010; Fri, 3 Jul 2020 18:56:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4287C8D00A5; Fri, 3 Jul 2020 18:56:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0033.hostedemail.com [216.40.44.33]) by kanga.kvack.org (Postfix) with ESMTP id 2E35A8D0010 for ; Fri, 3 Jul 2020 18:56:32 -0400 (EDT) Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id DC9351DF7 for ; Fri, 3 Jul 2020 22:56:31 +0000 (UTC) X-FDA: 76998275382.16.skin45_081703326e95 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin16.hostedemail.com (Postfix) with ESMTP id AE091100E6903 for ; Fri, 3 Jul 2020 22:56:31 +0000 (UTC) X-HE-Tag: skin45_081703326e95 X-Filterd-Recvd-Size: 4594 Received: from mail-lf1-f67.google.com (mail-lf1-f67.google.com [209.85.167.67]) by imf04.hostedemail.com (Postfix) with ESMTP for ; Fri, 3 Jul 2020 22:56:31 +0000 (UTC) Received: by mail-lf1-f67.google.com with SMTP id y18so19340872lfh.11 for ; Fri, 03 Jul 2020 15:56:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HbgA4RzqidtZFEVtt5akl8++MP32OZjgKqPdlkBDgXs=; b=UeZlVA56DqwTv9Lh1HYTByyGxaiUrgbCpUb5wwS/W3ttQUa/nvZj+SlwPS35p4CYSP Dowgopsc43EYqpsAdDrA2Xpid3lkfppKMVYaEQf/e8bD3MGnuO2VKhSicJ5UMowB4JIv 1EGmWrpPbBWxHHAF74B0p12xAwXZ89dk7RJo6xAoFLJ0ejv4EI2nlhY1B50UjO1cPtJ7 nKtGAslCAzgcf2mxWINZ5sK/mtNkc7OeZe8Lkwg/U5dpuvCWk8FDTjU70/wcDwVNA6o0 gSdzbay7w2WFaxVj7xbHwB0IyEehWpmOReepW9FeS88uEUObxDYUB7E8A0YxAmd/b9tG M72Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HbgA4RzqidtZFEVtt5akl8++MP32OZjgKqPdlkBDgXs=; b=SwwDJQYrpvtonIgtWpcvxDHUeeI+jGk/5s1aw4nQWlU/bmXE7Dso4UBokbLqdKWEm3 g1AjWox7tN4+EkczpBlsohEyfIC/W1Rh5V793Hka1vkRko1HBPpxA/v7KSAK+n1wG+Ya uBRIqyHsZdCd5u5LO9+jslCiAf6b/NSK7a3Mie0BZqzAY42wuJ5gQxkgH3aka2e3bqUi WA/X29Tzyrq9CYQRF1DCJqAqhluYND/bOtbGnYn3vvojf5C+vJMXWxq2L5NwNwOANaR/ ZYcfTcyagNhYwumi/3aLnZs5DecoWaTT4zPL/fC1aQCWHoAMVN+C0hvsHFrMq5q2oJsA j9Yg== X-Gm-Message-State: AOAM531KWkc1ZpVQntoX2xqa5BYXVJ+JWkPQo18p1RgyL6XZnfWVfgj3 /ynZSeWJFd0sI6m+Ps60A2HHEp6A0GNyQktcsjS3DA== X-Google-Smtp-Source: ABdhPJwMLT+gN9QjK+IvxYNcKqOXF1CgkwQpOJdeVbidIY1M/NzUS4Gb23Gqi9y7RTbtdUpFyLm5YuABMHLAclQ1HnM= X-Received: by 2002:a05:6512:752:: with SMTP id c18mr888011lfs.141.1593816989653; Fri, 03 Jul 2020 15:56:29 -0700 (PDT) MIME-Version: 1.0 References: <20200703224411.GC25072@amd> In-Reply-To: <20200703224411.GC25072@amd> From: Jann Horn Date: Sat, 4 Jul 2020 00:56:03 +0200 Message-ID: Subject: Re: [RFC]: mm,power: introduce MADV_WIPEONSUSPEND To: Pavel Machek Cc: "Catangiu, Adrian Costin" , "linux-mm@kvack.org" , "linux-pm@vger.kernel.org" , "virtualization@lists.linux-foundation.org" , "linux-api@vger.kernel.org" , "akpm@linux-foundation.org" , "rjw@rjwysocki.net" , "len.brown@intel.com" , "mhocko@kernel.org" , "fweimer@redhat.com" , "keescook@chromium.org" , "luto@amacapital.net" , "wad@chromium.org" , "mingo@kernel.org" , "bonzini@gnu.org" , "Graf (AWS), Alexander" , "MacCarthaigh, Colm" , "Singh, Balbir" , "Sandu, Andrei" , "Brooker, Marc" , "Weiss, Radu" , "Manwaring, Derek" Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: AE091100E6903 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam01 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sat, Jul 4, 2020 at 12:44 AM Pavel Machek wrote: > > Cryptographic libraries carry pseudo random number generators to > > quickly provide randomness when needed. If such a random pool gets > > cloned, secrets may get revealed, as the same random number may get > > used multiple times. For fork, this was fixed using the WIPEONFORK > > madvise flag [1]. > > > Unfortunately, the same problem surfaces when a virtual machine gets > > cloned. The existing flag does not help there. This patch introduces a > > new flag to automatically clear memory contents on VM suspend/resume, > > which will allow random number generators to reseed when virtual > > machines get cloned. > > Umm. If this is real problem, should kernel provide such rng in the > vsdo page using vsyscalls? Kernel can have special interface to its > vsyscalls, but we may not want to offer this functionality to rest of > userland... And then the kernel would just need to maintain a sequence number in the vDSO data page that gets bumped on suspend, right?