From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD275C433E0 for ; Mon, 22 Feb 2021 19:22:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 68C8364E12 for ; Mon, 22 Feb 2021 19:22:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232988AbhBVTVb (ORCPT ); Mon, 22 Feb 2021 14:21:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232994AbhBVTSp (ORCPT ); Mon, 22 Feb 2021 14:18:45 -0500 Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CAD54C06178A for ; Mon, 22 Feb 2021 11:17:52 -0800 (PST) Received: by mail-ej1-x62c.google.com with SMTP id e13so27895127ejl.8 for ; Mon, 22 Feb 2021 11:17:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mL0bjhfITdu5839ghM56EtmuJ0mV3o1IEyaUJSuFMFs=; b=0VKXgI+d4N8/TsZjQE/E5fkYxDFeC7KFxegFQ1tUDUQWXj1P6cXOsiH5slGqxqrmbb dBx4HcRD8Hzu5KRTHX5N1ybYz5yC5e7kYtwfTlsuU2esXKkYljaX8VDDRS1DaE/uHUin QAGppPvDyByXQFp+iE9GKGPwF3A2dB1mFytnHdtGJw+XJLGP5r33xK45enAbysyTaEHa 57tTo6DZyOE+uYzDNdPTZAL71cYVMSUiSI5K7sek4p2eMAFj1YmFFfuyLNvbSLKSE5kW D+y3PQVbEo19hoNoanDSrLywkZqhcPGuG5KVCRRj/oMJKHnyCwkRLTAD6EZO4JnoconN aV4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mL0bjhfITdu5839ghM56EtmuJ0mV3o1IEyaUJSuFMFs=; b=ZNOJoyC/6vLUjYFul3GYdbSO6IkuwHe4NS/+PbftCVi5YlN+vAzzt99uQyPaaS7VU4 hNVnisfyU5pmhLP+B9NPMkKzti7wEk4ANJSdtIOmVUMGJNjyOiyt2b9BarIn59/NpN3V F720fVhyX5x/HTpV7F5RTxeBRW6wtwV6CZ/iy/QQklyEbwZKG4SsefoxQT3Z+jhgT024 ExYHeb+G0hsdGOZHoUSjmJ7k/ZCeewanzMWX2LVegeVGVMy4EfZqpZm0Iucm9gveBHHy X5wMJLuwb0f0yRiDI8TBLDYSwuPxh5UQvURf2gkBSHkMnz4XtDbM6ig5rSqGmdRBWdVG W1jQ== X-Gm-Message-State: AOAM532jO7uc/JI0nXpgyFgerQbAG5f76GVDyY6Xo2ZQhwN6IbkWLPGC a/a81b6gPFZi9lmkfT76rn1sXQzACdFFuBPxVg5WAg== X-Google-Smtp-Source: ABdhPJwkiWshDLTsz8a3A7EzLjYNcKqX6Z1F01E3QE0NjkocZdW4txgaDcjEXqIRRI2IV4obwnL12Zk+rIG7YnuhZ4g= X-Received: by 2002:a17:906:8692:: with SMTP id g18mr22575502ejx.418.1614021471495; Mon, 22 Feb 2021 11:17:51 -0800 (PST) MIME-Version: 1.0 References: <20210208084920.2884-1-rppt@kernel.org> <20210208084920.2884-9-rppt@kernel.org> <20210222073452.GA30403@codon.org.uk> <20210222102359.GE1447004@kernel.org> In-Reply-To: <20210222102359.GE1447004@kernel.org> From: Dan Williams Date: Mon, 22 Feb 2021 11:17:46 -0800 Message-ID: Subject: Re: [PATCH v17 08/10] PM: hibernate: disable when there are active secretmem users To: Mike Rapoport Cc: Matthew Garrett , Andrew Morton , Alexander Viro , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Catalin Marinas , Christopher Lameter , Dave Hansen , David Hildenbrand , Elena Reshetova , "H. Peter Anvin" , Ingo Molnar , James Bottomley , "Kirill A. Shutemov" , Matthew Wilcox , Mark Rutland , Michal Hocko , Mike Rapoport , Michael Kerrisk , Palmer Dabbelt , Paul Walmsley , Peter Zijlstra , Rick Edgecombe , Roman Gushchin , Shakeel Butt , Shuah Khan , Thomas Gleixner , Tycho Andersen , Will Deacon , Linux API , linux-arch , Linux ARM , linux-fsdevel , Linux MM , Linux Kernel Mailing List , linux-kselftest@vger.kernel.org, linux-nvdimm , linux-riscv@lists.infradead.org, X86 ML , Hagen Paul Pfeifer , Palmer Dabbelt Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On Mon, Feb 22, 2021 at 2:24 AM Mike Rapoport wrote: > > On Mon, Feb 22, 2021 at 07:34:52AM +0000, Matthew Garrett wrote: > > On Mon, Feb 08, 2021 at 10:49:18AM +0200, Mike Rapoport wrote: > > > > > It is unsafe to allow saving of secretmem areas to the hibernation > > > snapshot as they would be visible after the resume and this essentially > > > will defeat the purpose of secret memory mappings. > > > > Sorry for being a bit late to this - from the point of view of running > > processes (and even the kernel once resume is complete), hibernation is > > effectively equivalent to suspend to RAM. Why do they need to be handled > > differently here? > > Hibernation leaves a copy of the data on the disk which we want to prevent. Why not document that users should use data at rest protection mechanisms for their hibernation device? Just because secretmem can't assert its disclosure guarantee does not mean the hibernation device is untrustworthy.