Re: [PATCH v19 6/8] PM: hibernate: disable when there are active secretmem users

From: David Hildenbrand
Date: Tue May 18 2021 - 06:27:23 EST

Next message: Srinivas Pandruvada: "Re: [PATCH v2] ACPI: DPTF: Add new PCH FIVR methods"
Previous message: Janosch Frank: "Re: [PATCH v1 01/11] KVM: s390: pv: leak the ASCE page when destroy fails"
In reply to: Mark Rutland: "Re: [PATCH v19 6/8] PM: hibernate: disable when there are active secretmem users"
Next in thread: James Bottomley: "Re: [PATCH v19 6/8] PM: hibernate: disable when there are active secretmem users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 18.05.21 12:24, Mark Rutland wrote:

On Thu, May 13, 2021 at 09:47:32PM +0300, Mike Rapoport wrote:

From: Mike Rapoport <rppt@xxxxxxxxxxxxx>

It is unsafe to allow saving of secretmem areas to the hibernation
snapshot as they would be visible after the resume and this essentially
will defeat the purpose of secret memory mappings.

Prevent hibernation whenever there are active secret memory users.

Have we thought about how this is going to work in practice, e.g. on
mobile systems? It seems to me that there are a variety of common
applications which might want to use this which people don't expect to
inhibit hibernate (e.g. authentication agents, web browsers).

Are we happy to say that any userspace application can incidentally
inhibit hibernate?

It's worth noting that secretmem has to be explicitly enabled by the admin to even work.

--
Thanks,

David / dhildenb

Next message: Srinivas Pandruvada: "Re: [PATCH v2] ACPI: DPTF: Add new PCH FIVR methods"
Previous message: Janosch Frank: "Re: [PATCH v1 01/11] KVM: s390: pv: leak the ASCE page when destroy fails"
In reply to: Mark Rutland: "Re: [PATCH v19 6/8] PM: hibernate: disable when there are active secretmem users"
Next in thread: James Bottomley: "Re: [PATCH v19 6/8] PM: hibernate: disable when there are active secretmem users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]