On Mon 08-02-21 11:53:58, David Hildenbrand wrote: > On 08.02.21 11:51, Michal Hocko wrote: > > On Mon 08-02-21 11:32:11, David Hildenbrand wrote: > > > On 08.02.21 11:18, Michal Hocko wrote: > > > > On Mon 08-02-21 10:49:18, Mike Rapoport wrote: > > > > > From: Mike Rapoport <rppt@xxxxxxxxxxxxx> > > > > > > > > > > It is unsafe to allow saving of secretmem areas to the hibernation > > > > > snapshot as they would be visible after the resume and this essentially > > > > > will defeat the purpose of secret memory mappings. > > > > > > > > > > Prevent hibernation whenever there are active secret memory users. > > > > > > > > Does this feature need any special handling? As it is effectivelly > > > > unevictable memory then it should behave the same as other mlock, ramfs > > > > which should already disable hibernation as those cannot be swapped out, > > > > no? > > > > > > > > > > Why should unevictable memory not go to swap when hibernating? We're merely > > > dumping all of our system RAM (including any unmovable allocations) to swap > > > storage and the system is essentially completely halted. > > > > > My understanding is that mlock is never really made visible via swap > > storage. > > "Using swap storage for hibernation" and "swapping at runtime" are two > different things. I might be wrong, though. Well, mlock is certainly used to keep sensitive information, not only to protect from major/minor faults. -- Michal Hocko SUSE Labs
