Re: [PATCH v40 10/24] mm: Add 'mprotect' hook to struct vm_operations_struct

From: Matthew Wilcox
Date: Fri Nov 06 2020 - 16:13:21 EST

Next message: pr-tracker-bot: "Re: [GIT PULL] ARC fixes for 5.10-rc3"
Previous message: Jaegeuk Kim: "Re: [f2fs-dev] [PATCH] f2fs: compress: support chksum"
In reply to: Dave Hansen: "Re: [PATCH v40 10/24] mm: Add 'mprotect' hook to struct vm_operations_struct"
Next in thread: Dave Hansen: "Re: [PATCH v40 10/24] mm: Add 'mprotect' hook to struct vm_operations_struct"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 06, 2020 at 11:43:59AM -0600, Dr. Greg wrote:
> The 900 pound primate in the room, that no one is acknowledging, is
> that this technology was designed to not allow the operating system to
> have any control over what it is doing. In the mindset of kernel
> developers, the operating system is the absolute authority on
> security, so we find ourselves in a situation where the kernel needs
> to try and work around this fact so any solutions will be imperfect at
> best.
>
> As I've noted before, this is actually a primary objective of enclave
> authors, since one of the desires for 'Confidential Computing' is to
> hide things like proprietary algorithms from the platform owners. I
> think the driver needs to acknowledge this fact and equip platform
> owners with the simplest and most effective security solutions that
> are available.

Or we need to not merge "technology" that subverts the owner of
the hardware. Remember: root kit authors are inventive buggers.

Next message: pr-tracker-bot: "Re: [GIT PULL] ARC fixes for 5.10-rc3"
Previous message: Jaegeuk Kim: "Re: [f2fs-dev] [PATCH] f2fs: compress: support chksum"
In reply to: Dave Hansen: "Re: [PATCH v40 10/24] mm: Add 'mprotect' hook to struct vm_operations_struct"
Next in thread: Dave Hansen: "Re: [PATCH v40 10/24] mm: Add 'mprotect' hook to struct vm_operations_struct"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]