search for: madv_wipeonsuspend

...RFC is foremost aimed at defining a userspace interface to enable > applications and libraries that store or cache sensitive information, > to know that they need to regenerate it after process memory has been > exposed to potential copying. The proposed userspace interface is > a new MADV_WIPEONSUSPEND 'madvise()' flag used to mark pages which > contain such data. This newly added flag would only be available on > 64bit archs, since we've run out of 32bit VMA flags. > > The mechanism through which the kernel marks the application sensitive > data as potentially copied,...

On Fri 03-07-20 10:34:09, Catangiu, Adrian Costin wrote: > This patch adds logic to the kernel power code to zero out contents of > all MADV_WIPEONSUSPEND VMAs present in the system during its transition > to any suspend state equal or greater/deeper than Suspend-to-memory, > known as S3. How does the application learn that its memory got wiped? S2disk is an async operation and it can happen at any time during the task execution. So how does t...

On Fri 03-07-20 10:34:09, Catangiu, Adrian Costin wrote: > This patch adds logic to the kernel power code to zero out contents of > all MADV_WIPEONSUSPEND VMAs present in the system during its transition > to any suspend state equal or greater/deeper than Suspend-to-memory, > known as S3. How does the application learn that its memory got wiped? S2disk is an async operation and it can happen at any time during the task execution. So how does t...

...Fri 2020-07-03 15:29:22, Jann Horn wrote: > On Fri, Jul 3, 2020 at 1:30 PM Michal Hocko <mhocko at kernel.org> wrote: > > On Fri 03-07-20 10:34:09, Catangiu, Adrian Costin wrote: > > > This patch adds logic to the kernel power code to zero out contents of > > > all MADV_WIPEONSUSPEND VMAs present in the system during its transition > > > to any suspend state equal or greater/deeper than Suspend-to-memory, > > > known as S3. > > > > How does the application learn that its memory got wiped? S2disk is an > > async operation and it can happen at...

On Fri 03-07-20 15:29:22, Jann Horn wrote: > On Fri, Jul 3, 2020 at 1:30 PM Michal Hocko <mhocko at kernel.org> wrote: > > On Fri 03-07-20 10:34:09, Catangiu, Adrian Costin wrote: > > > This patch adds logic to the kernel power code to zero out contents of > > > all MADV_WIPEONSUSPEND VMAs present in the system during its transition > > > to any suspend state equal or greater/deeper than Suspend-to-memory, > > > known as S3. > > > > How does the application learn that its memory got wiped? S2disk is an > > async operation and it can happen at...

On Fri 03-07-20 15:29:22, Jann Horn wrote: > On Fri, Jul 3, 2020 at 1:30 PM Michal Hocko <mhocko at kernel.org> wrote: > > On Fri 03-07-20 10:34:09, Catangiu, Adrian Costin wrote: > > > This patch adds logic to the kernel power code to zero out contents of > > > all MADV_WIPEONSUSPEND VMAs present in the system during its transition > > > to any suspend state equal or greater/deeper than Suspend-to-memory, > > > known as S3. > > > > How does the application learn that its memory got wiped? S2disk is an > > async operation and it can happen at...

On Fri, Jul 3, 2020 at 1:30 PM Michal Hocko <mhocko at kernel.org> wrote: > On Fri 03-07-20 10:34:09, Catangiu, Adrian Costin wrote: > > This patch adds logic to the kernel power code to zero out contents of > > all MADV_WIPEONSUSPEND VMAs present in the system during its transition > > to any suspend state equal or greater/deeper than Suspend-to-memory, > > known as S3. > > How does the application learn that its memory got wiped? S2disk is an > async operation and it can happen at any time during the task...

On Fri, Jul 3, 2020 at 1:30 PM Michal Hocko <mhocko at kernel.org> wrote: > > On Fri 03-07-20 10:34:09, Catangiu, Adrian Costin wrote: > > This patch adds logic to the kernel power code to zero out contents of > > all MADV_WIPEONSUSPEND VMAs present in the system during its transition > > to any suspend state equal or greater/deeper than Suspend-to-memory, > > known as S3. > > How does the application learn that its memory got wiped? S2disk is an > async operation and it can happen at any time during the task...

...i 03-07-20 18:45:06, Colm MacC?rthaigh wrote: > > > On 3 Jul 2020, at 4:30, Michal Hocko wrote: > > > On Fri 03-07-20 10:34:09, Catangiu, Adrian Costin wrote: > > > This patch adds logic to the kernel power code to zero out contents > > > of > > > all MADV_WIPEONSUSPEND VMAs present in the system during its > > > transition > > > to any suspend state equal or greater/deeper than Suspend-to-memory, > > > known as S3. > > > > How does the application learn that its memory got wiped? S2disk is an > > async operation and i...

Hi! > > > > This patch adds logic to the kernel power code to zero out contents of > > > > all MADV_WIPEONSUSPEND VMAs present in the system during its transition > > > > to any suspend state equal or greater/deeper than Suspend-to-memory, > > > > known as S3. > > > > > > How does the application learn that its memory got wiped? S2disk is an > > > async operat...

On Tue 07-07-20 10:07:26, Pavel Machek wrote: > Hi! > > > > > > This patch adds logic to the kernel power code to zero out contents of > > > > > all MADV_WIPEONSUSPEND VMAs present in the system during its transition > > > > > to any suspend state equal or greater/deeper than Suspend-to-memory, > > > > > known as S3. > > > > > > > > How does the application learn that its memory got wiped? S2disk is an > &g...

On Tue 07-07-20 10:07:26, Pavel Machek wrote: > Hi! > > > > > > This patch adds logic to the kernel power code to zero out contents of > > > > > all MADV_WIPEONSUSPEND VMAs present in the system during its transition > > > > > to any suspend state equal or greater/deeper than Suspend-to-memory, > > > > > known as S3. > > > > > > > > How does the application learn that its memory got wiped? S2disk is an > &g...

On Sat, Jul 4, 2020 at 12:44 AM Pavel Machek <pavel at ucw.cz> wrote: > > Cryptographic libraries carry pseudo random number generators to > > quickly provide randomness when needed. If such a random pool gets > > cloned, secrets may get revealed, as the same random number may get > > used multiple times. For fork, this was fixed using the WIPEONFORK > > madvise

On Mon, Jul 6, 2020 at 2:27 PM Alexander Graf <graf at amazon.com> wrote: > Unless we create a vsyscall that returns both the PID as well as the > epoch and thus handles fork *and* suspend. I need to think about this a > bit more :). You can't reliably detect forking by checking the PID if it is possible for multiple forks to be chained before the reuse check runs: - pid 1000

On Tue 2020-07-07 12:00:41, Colm MacCarthaigh wrote: > > > On 7 Jul 2020, at 9:37, Pavel Machek wrote: > > Please go through the thread and try to understand it. > > > > You'd need syscalls per get_randomness(), not per migration. > > I think one check per get_randomness() is sufficient, though putting it at > the end of the critical section rather than

On Tue 07-07-20 10:01:23, Alexander Graf wrote: > On 07.07.20 09:44, Michal Hocko wrote: > > On Mon 06-07-20 14:52:07, Jann Horn wrote: > > > On Mon, Jul 6, 2020 at 2:27 PM Alexander Graf <graf at amazon.com> wrote: > > > > Unless we create a vsyscall that returns both the PID as well as the > > > > epoch and thus handles fork *and* suspend. I need

Hi! > Cryptographic libraries carry pseudo random number generators to > quickly provide randomness when needed. If such a random pool gets > cloned, secrets may get revealed, as the same random number may get > used multiple times. For fork, this was fixed using the WIPEONFORK > madvise flag [1]. > Unfortunately, the same problem surfaces when a virtual machine gets >

Hi! > Cryptographic libraries carry pseudo random number generators to > quickly provide randomness when needed. If such a random pool gets > cloned, secrets may get revealed, as the same random number may get > used multiple times. For fork, this was fixed using the WIPEONFORK > madvise flag [1]. > Unfortunately, the same problem surfaces when a virtual machine gets >