Re: [PATCHv2 0/4] perf/core: Add support to exclude kernel mode PMU tracing

From: Andi Kleen
Date: Thu Mar 04 2021 - 15:01:55 EST

Next message: Will Deacon: "Re: [PATCH v3 26/32] KVM: arm64: Introduce PROT_NONE mappings for stage 2"
Previous message: Heiner Kallweit: "Re: [PATCH] net: mellanox: mlx5: fix error return code in mlx5_fpga_device_start()"
In reply to: Sai Prakash Ranjan: "Re: [PATCHv2 2/4] perf evsel: Print warning for excluding kernel mode instruction tracing"
Next in thread: Andi Kleen: "Re: [PATCHv2 0/4] perf/core: Add support to exclude kernel mode PMU tracing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sai Prakash Ranjan <saiprakash.ranjan@xxxxxxxxxxxxxx> writes:
>
> "Consider a system where disk contents are encrypted and the encryption
> key is set up by the user when mounting the file system. From that point
> on the encryption key resides in the kernel. It seems reasonable to
> expect that the disk encryption key be protected from exfiltration even
> if the system later suffers a root compromise (or even against insiders
> that have root access), at least as long as the attacker doesn't
> manage to compromise the kernel."

Normally disk encryption is in specialized work queues. It's total
overkill to restrict all of the kernel if you just want to restrict
those work queues.

I would suggest some more analysis where secrets are actually stored
and handled first.

-Andi

Next message: Will Deacon: "Re: [PATCH v3 26/32] KVM: arm64: Introduce PROT_NONE mappings for stage 2"
Previous message: Heiner Kallweit: "Re: [PATCH] net: mellanox: mlx5: fix error return code in mlx5_fpga_device_start()"
In reply to: Sai Prakash Ranjan: "Re: [PATCHv2 2/4] perf evsel: Print warning for excluding kernel mode instruction tracing"
Next in thread: Andi Kleen: "Re: [PATCHv2 0/4] perf/core: Add support to exclude kernel mode PMU tracing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]