From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60349C54EBD for ; Fri, 6 Jan 2023 21:11:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8F2E18E0003; Fri, 6 Jan 2023 16:11:06 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 87C538E0001; Fri, 6 Jan 2023 16:11:06 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 744148E0003; Fri, 6 Jan 2023 16:11:06 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 652CE8E0001 for ; Fri, 6 Jan 2023 16:11:06 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 313641205C0 for ; Fri, 6 Jan 2023 21:11:06 +0000 (UTC) X-FDA: 80325619332.07.B142A86 Received: from mail-qt1-f181.google.com (mail-qt1-f181.google.com [209.85.160.181]) by imf07.hostedemail.com (Postfix) with ESMTP id 6B35840012 for ; Fri, 6 Jan 2023 21:11:04 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=JkoJF2oW; spf=pass (imf07.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.160.181 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1673039464; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6TxHKlwJQCLSbYZxgdJdZSJ5mNfa7xbEinv+9m+b8dU=; b=oigkR4k2LWr7c2QyvhnVqy/tULdxK1865YyyEUM2Fk8YemXPHF1TaszzkRzz4xK3BpTbqc s0DtWtt0uwsFacbvK1K+GZLoBdlMJEahyAlh5XOjG2//2o1cS8Puzjrkycx+0pySfK8Kvo 89Znv2T2eG7GequFVHfxW8jQYGaAvGU= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=JkoJF2oW; spf=pass (imf07.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.160.181 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1673039464; a=rsa-sha256; cv=none; b=WdYSU4meRtiTx1YMYuwHR6zzESLFOnaNaw/1egysmZMe2Ljg1Kv5V+Rqc4DuzJ8Yq8BF3w U397RCjTrvkrDGIASgmxlIC2mWH0H+pO88cQPhAcxsue02apT93yfHAWZljlbTIsX/qCuQ YWkkyt5tOtJdN0e199kJAg2EGsP/fe0= Received: by mail-qt1-f181.google.com with SMTP id c11so3099223qtn.11 for ; Fri, 06 Jan 2023 13:11:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6TxHKlwJQCLSbYZxgdJdZSJ5mNfa7xbEinv+9m+b8dU=; b=JkoJF2oW8oodyFdhhEZiE+zCQjJRSe8qbnBn4Ts4FFiwa0sekyPhwMSBKHbEAYUHQ3 r06xF755O1aHQhg/uNyi+N/5KDBJ+uaAZmpigEg23rzOQ2HcFrMDLG9jJMUNcJHfKiAj dE34EO7JXggOKr+Oq4bXZx2m6WRZXthUX8U5I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6TxHKlwJQCLSbYZxgdJdZSJ5mNfa7xbEinv+9m+b8dU=; b=w4dDzKG1HXX890IJAnG9mApPkHusEr+C5DNh74T2ySoASeYnpwmS3JkSm+OSauRysv /rp0diT2VLjJ7aF2oSK3T3Nih/Y7PwhQR53yiAAG+/OUFec3DPWGvuja7FSKtXgVp2xB T1V0FaHsarBhe4p2lrdb9yY9XQfSYZGfuUjtLGACCwO8EvlQLtnOuHNNos0x0DRaQbQ0 q+ZAPN5WHdjtwSy9/tPGKZjaRKtH8pncI/whO+nux44sD1/igkH/t7XVI1XfFLHgudwp W8335M6+V1+8Z6a/amykobm/l1lL9MQaRgTLLedhCISbq3K3W6Uf+BXmtbI921omyvK+ gBFA== X-Gm-Message-State: AFqh2krGKfMZwKRaHG/ioXf/1a+RXCk38ltMn+cgRBjNCNRRZZxbGBRj 5nAilC8wDt8NqHozJ6ZQNmtiooBmTW1/L1LM X-Google-Smtp-Source: AMrXdXuLh+K4fzg5sUaGaC4wwwQ0NaaT3ecygEfUxGt4Jjjqr56VFi2y/3fXaq9vuGnyhSYHgH7Sdg== X-Received: by 2002:ac8:6798:0:b0:3a7:f3c4:dcd1 with SMTP id b24-20020ac86798000000b003a7f3c4dcd1mr76651803qtp.23.1673039463361; Fri, 06 Jan 2023 13:11:03 -0800 (PST) Received: from mail-qk1-f173.google.com (mail-qk1-f173.google.com. [209.85.222.173]) by smtp.gmail.com with ESMTPSA id a19-20020ac81093000000b0039a610a04b1sm1005239qtj.37.2023.01.06.13.11.01 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 06 Jan 2023 13:11:01 -0800 (PST) Received: by mail-qk1-f173.google.com with SMTP id k3so1333740qki.13 for ; Fri, 06 Jan 2023 13:11:01 -0800 (PST) X-Received: by 2002:a05:620a:4720:b0:6ff:cbda:a128 with SMTP id bs32-20020a05620a472000b006ffcbdaa128mr2770302qkb.697.1673039460720; Fri, 06 Jan 2023 13:11:00 -0800 (PST) MIME-Version: 1.0 References: <20230101162910.710293-3-Jason@zx2c4.com> <10302240-51ec-0854-2c86-16752d67a9be@opteya.com> In-Reply-To: From: Linus Torvalds Date: Fri, 6 Jan 2023 13:10:44 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v14 2/7] mm: add VM_DROPPABLE for designating always lazily freeable mappings To: Andy Lutomirski Cc: "Jason A. Donenfeld" , Yann Droneaud , Ingo Molnar , Linux Kernel Mailing List , patches@lists.linux.dev, Thomas Gleixner , Linux Crypto Mailing List , Linux API , "the arch/x86 maintainers" , Greg Kroah-Hartman , Adhemerval Zanella Netto , "Carlos O'Donell" , Florian Weimer , Arnd Bergmann , Jann Horn , Christian Brauner , linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 6B35840012 X-Stat-Signature: yqwiww8nmqxawpcoc1q4g4od6zesgk8f X-HE-Tag: 1673039464-62006 X-HE-Meta: U2FsdGVkX1+Ho6bQnVtGMb9oCHp5DOsrbkdWV2DPmZsRBQ0pRlfkHYoGy9TRkvmXLK6XnFRMeVUMkLuyrns+pABm8RBGfJcW79aRs6iMK8sjdBemtmH/SZdaPNaHcVehvkFoi6MiT3QDbcGOodnVGhnDYUHc4MlPuVhCRE3pFxAw8jWK7/8uaZqL86CA+n4h6hVkRPoCnsQ+TGo3ZSCe9nWKOxvDgaG5cJ2bw3f94j73797vM3NxAgvh8p3EXU1KCMl3YOTTE/hjoX4Y7GaVT/b1aJZ7dQZKjpVozqtQAv4ggRgZS4/N3MS5jWjp255QcQ3s8I+/5g7yonsp/1Ibdi/4yIUr8wulFwgSBzrBLIj5Vs1kJLUvt0Z5rBWO456IkeL8uUZ7HrObb3DgfHbvZUtKGGvyoBMzoGaVH1Xfwipsbz0jTzLCEGYvfprtU78DMnfL2hc60jbiQcJtAC8V5Xe8jeMzaLDTJ1MuaNl0u1y2xyeK9Ld93tVJsbfjD01NrhuHwfYSGjf19aMOq11eaB3kuNv45QwiUNek99OTBldBqVxHEm5W/SXWoRjqr0lymof51oS1aM4Fq3aneAnX4Enm715yzEIVZ8YNUk3S/2VlKWGOXTDgKq3DAM/e2saZzHkSN01wkaKapo2RhtQx5iegkYiS2ykTKVEyp+pAnVAbOJzMKdPGrGxD5GG45gWgh/JysecEJxXVyhWP6uR14g4J41YsNYEHfsOMe+EF4j/insp9Pw47vy61wRyWG3OomC/waOCaCWwDCPKq+SWwjzw8dLtEwopwvEfVNda2DZrcmOa8hrYKiKylq3vRsX64t2t91lQNh9+IAl/pc+o2+qyy2Hvqac7wqUD+yRk5P1wLh0h15EbRWS2W8OhZ4wktNLWL9VOmVDR13jYklFFvkfYfdoitE2PJJ742F+QgY9uqAbJa/b+Ot+bIGeHdQ4NbxGTCkKnsnysBmEcA197 1weJd3mS eaCaDeQ6kwqBtzFa4TNbYklchdIrOD/Rahj00nDhSs+hJTa0mKPj4RljGQzpNJiGLGyGOA3AuWe5FueaDR5b1Fs5wXcMkE402x1fk53fDeNFl0oytCsDktHbFcLo9bmCrJlhoaUNy9zbP8j4q/aAfWK5mtYbvYRKWjtqUHzhz8h1y6RzxmTUzm00jXkzBT67wKfyCLPGpB7ITmuexc3CetUX9S1BzsoJicV36sRTI+VSLNdn9yJGuhKPa8x9uFctooE/KqU2RzqQBDCmiCsiEqtaDsC2eNSLQ7OXr/6nspJuoUKf9wcfr7q3WqlBkegR1O/Zmt6bHvceTdZ1R8g8KE4S0Pw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Jan 6, 2023 at 12:54 PM Andy Lutomirski wrote: > > I'm going to suggest a very very different approach: fix secret > storage in memory for real. That is, don't lock "super secret > sensitive stuff" into memory, and don't wipe it either. *Encrypt* it. I don't think you're wrong, but people will complain about key management, and worry about that part instead. Honestly, this is what SGX and CPU enclaves is _supposed_ to all do for you, but then nobody uses it for various reasons. Linus