linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Colm MacCarthaigh <colmmacc@amazon.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: Michal Hocko <mhocko@kernel.org>, Jann Horn <jannh@google.com>,
	"Catangiu, Adrian Costin" <acatan@amazon.com>,
	<linux-mm@kvack.org>, <linux-pm@vger.kernel.org>,
	<virtualization@lists.linux-foundation.org>,
	<linux-api@vger.kernel.org>, <akpm@linux-foundation.org>,
	<rjw@rjwysocki.net>, <len.brown@intel.com>, <fweimer@redhat.com>,
	<keescook@chromium.org>, <luto@amacapital.net>,
	<wad@chromium.org>, <mingo@kernel.org>, <bonzini@gnu.org>,
	"Graf (AWS), Alexander" <graf@amazon.de>,
	"Singh, Balbir" <sblbir@amazon.com>,
	"Sandu, Andrei" <sandreim@amazon.com>,
	"Brooker, Marc" <mbrooker@amazon.com>,
	"Weiss, Radu" <raduweis@amazon.com>,
	"Manwaring, Derek" <derekmn@amazon.com>
Subject: Re: [RFC]: mm,power: introduce MADV_WIPEONSUSPEND
Date: Tue, 7 Jul 2020 12:00:41 -0700	[thread overview]
Message-ID: <E6B41570-E206-4458-921B-465B9EF74949@amazon.com> (raw)
In-Reply-To: <20200707163758.GA1947@amd>

[-- Attachment #1: Type: text/plain, Size: 1129 bytes --]



On 7 Jul 2020, at 9:37, Pavel Machek wrote:
> Please go through the thread and try to understand it.
>
> You'd need syscalls per get_randomness(), not per migration.

I think one check per get_randomness() is sufficient, though putting it 
at the end of the critical section rather than the beginning helps.

     get_randomness( int len, void *out )
     {
        retry:
        /* Generate random data */
        *out = rng(len);

        if (vm_was_cloned)
            goto retry;
     }

At that point if there is a VM snapshot event .. it happens in the 
callers context and it’s the callers job to mitigate it, and the 
caller can use the same trick if neccessary.

Note though; the security issues arise when a snapshot is being restored 
more than once. For those cases it seems very reasonable for the 
snapshot takers to make the image quiescent prior to snapshotting, to 
further reduce the risk of things like the snapshot occurring in the 
middle of a different critical section. The mechanism here is about 
communicating the snapshot to libraries which are self-contained.




[-- Attachment #2: Type: text/html, Size: 1852 bytes --]

  reply	other threads:[~2020-07-07 19:00 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-03 10:34 Catangiu, Adrian Costin
2020-07-03 11:04 ` Jann Horn
2020-07-04  1:33   ` Colm MacCárthaigh
2020-07-06 12:09   ` Alexander Graf
2020-07-03 11:30 ` Michal Hocko
2020-07-03 12:17   ` Rafael J. Wysocki
2020-07-03 22:39     ` Pavel Machek
2020-07-03 13:29   ` Jann Horn
2020-07-03 22:34     ` Pavel Machek
2020-07-03 22:53       ` Jann Horn
2020-07-07  7:38     ` Michal Hocko
2020-07-07  8:07       ` Pavel Machek
2020-07-07  8:58         ` Michal Hocko
2020-07-07 16:37           ` Pavel Machek
2020-07-07 19:00             ` Colm MacCarthaigh [this message]
2020-07-12  7:22               ` Pavel Machek
2020-07-13  8:02                 ` Michal Hocko
2020-07-04  1:45   ` Colm MacCárthaigh
2020-07-07  7:40     ` Michal Hocko
2020-07-03 22:44 ` Pavel Machek
2020-07-03 22:56   ` Jann Horn
2020-07-04 11:48     ` Pavel Machek
2020-07-06 12:26       ` Alexander Graf
2020-07-06 12:52         ` Jann Horn
2020-07-06 13:14           ` Alexander Graf
2020-07-07  7:44           ` Michal Hocko
2020-07-07  8:01             ` Alexander Graf
2020-07-07  9:14               ` Michal Hocko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=E6B41570-E206-4458-921B-465B9EF74949@amazon.com \
    --to=colmmacc@amazon.com \
    --cc=acatan@amazon.com \
    --cc=akpm@linux-foundation.org \
    --cc=bonzini@gnu.org \
    --cc=derekmn@amazon.com \
    --cc=fweimer@redhat.com \
    --cc=graf@amazon.de \
    --cc=jannh@google.com \
    --cc=keescook@chromium.org \
    --cc=len.brown@intel.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mbrooker@amazon.com \
    --cc=mhocko@kernel.org \
    --cc=mingo@kernel.org \
    --cc=pavel@ucw.cz \
    --cc=raduweis@amazon.com \
    --cc=rjw@rjwysocki.net \
    --cc=sandreim@amazon.com \
    --cc=sblbir@amazon.com \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=wad@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox