From: Florian Weimer <fw@deneb.enyo.de>
To: Andy Lutomirski <luto@kernel.org>
Cc: Dave Hansen <dave.hansen@intel.com>,
Mike Rapoport <rppt@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Alan Cox <alan@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Christopher Lameter <cl@linux.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
James Bottomley <jejb@linux.ibm.com>,
"Kirill A. Shutemov" <kirill@shutemov.name>,
Matthew Wilcox <willy@infradead.org>,
Peter Zijlstra <peterz@infradead.org>, "Reshetova\,
Elena" <elena.reshetova@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Tycho Andersen <tycho@tycho.ws>,
Linux API <linux-api@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>
Subject: Re: [RFC PATCH] mm: extend memfd with ability to create "secret" memory areas
Date: Wed, 26 Aug 2020 21:01:17 +0200 [thread overview]
Message-ID: <87y2m1qlj6.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: <CALCETrUwO_y_b=kazRjen-de50r9b9TVXUXz_WT_hD3d3tTWxQ@mail.gmail.com> (Andy Lutomirski's message of "Wed, 26 Aug 2020 09:54:57 -0700")
* Andy Lutomirski:
>> I _believe_ there are also things like AES-NI that can get strong
>> protection from stuff like this. They load encryption keys into (AVX)
>> registers and then can do encrypt/decrypt operations without the keys
>> leaving the registers. If the key was loaded from a secret memory area
>> right into the registers, I think the protection from cache attacks
>> would be pretty strong.
>
> Except for context switches :)
An rseq sequence could request that the AVX registers should be
cleared on context switch. (I'm mostly kidding.)
I think the main issue is that we do not have a good established
programming model to actually use such features and completely avoid
making copies of secret data.
prev parent reply other threads:[~2020-08-26 19:01 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-30 16:23 [RFC PATCH] mm: extend memfd with ability to create "secret" memory areas Mike Rapoport
2020-02-06 18:51 ` Dave Hansen
2020-02-08 17:39 ` Mike Rapoport
2020-02-10 8:06 ` Reshetova, Elena
2020-02-11 19:52 ` Edgecombe, Rick P
2020-02-12 21:10 ` Jonathan Corbet
2020-02-16 6:46 ` Mike Rapoport
2020-08-14 17:46 ` Andy Lutomirski
2020-08-14 18:09 ` Dave Hansen
2020-08-26 16:54 ` Andy Lutomirski
2020-08-26 19:01 ` Florian Weimer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y2m1qlj6.fsf@mid.deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=akpm@linux-foundation.org \
--cc=alan@linux.intel.com \
--cc=cl@linux.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=elena.reshetova@intel.com \
--cc=jejb@linux.ibm.com \
--cc=kirill@shutemov.name \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=rppt@kernel.org \
--cc=tglx@linutronix.de \
--cc=tycho@tycho.ws \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).