Re: [PATCH v17 08/10] PM: hibernate: disable when there are active secretmem users

From: David Hildenbrand
Date: Mon Feb 08 2021 - 06:32:00 EST


On 08.02.21 11:57, Michal Hocko wrote:
On Mon 08-02-21 11:53:58, David Hildenbrand wrote:
On 08.02.21 11:51, Michal Hocko wrote:
On Mon 08-02-21 11:32:11, David Hildenbrand wrote:
On 08.02.21 11:18, Michal Hocko wrote:
On Mon 08-02-21 10:49:18, Mike Rapoport wrote:
From: Mike Rapoport <rppt@xxxxxxxxxxxxx>

It is unsafe to allow saving of secretmem areas to the hibernation
snapshot as they would be visible after the resume and this essentially
will defeat the purpose of secret memory mappings.

Prevent hibernation whenever there are active secret memory users.

Does this feature need any special handling? As it is effectivelly
unevictable memory then it should behave the same as other mlock, ramfs
which should already disable hibernation as those cannot be swapped out,
no?


Why should unevictable memory not go to swap when hibernating? We're merely
dumping all of our system RAM (including any unmovable allocations) to swap
storage and the system is essentially completely halted.

My understanding is that mlock is never really made visible via swap
storage.

"Using swap storage for hibernation" and "swapping at runtime" are two
different things. I might be wrong, though.

Well, mlock is certainly used to keep sensitive information, not only to
protect from major/minor faults.


I think you're right in theory, the man page mentions "Cryptographic security software often handles critical bytes like passwords or secret keys as data structures" ...

however, I am not aware of any such swap handling and wasn't able to spot it quickly. Let me take a closer look.


--
Thanks,

David / dhildenb