On Tue, Mar 12, 2013 at 6:06 AM, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> wrote: > On Mon, Mar 11, 2013 at 04:57:25PM -0700, Luigi Semenzato wrote: >> Greetings linux-mmers, >> >> before we can fully deploy zram, we must ensure it conforms to the >> Chrome OS security requirements. In particular, we do not want to >> allow user space to read/write the swap device---not even root-owned >> processes. >> >> A similar restriction is available for /dev/mem under CONFIG_STRICT_DEVMEM. >> >> There are a few possible approaches to this, but before we go ahead >> I'd like to ask if anything has happened or is planned in this >> direction. >> >> Otherwise, one idea I am playing with is to add a CONFIG_STRICT_SWAP >> option that would do this for any swap device (i.e. not specific to >> zram) and possibly also when swapping to a file. We would add an >> "internal" open flag, O_KERN_SWAP, as well as clean up a little bit >> the FMODE_NONOTIFY confusion by adding the kernel flag O_KERN_NONOTIFY >> and formalizing the sets of external (O_*) and internal (O_KERN_*) >> open flags. >> >> Swapon() and swapoff() would use O_KERN_SWAP internally, and a device >> opened with that flag would reject user-level opens. > > What/who does the swapon/swapoff calls? Is there an kernel level thread > (aka init but in kernel?) that would do this? No, swapon() would be typically called from user level shortly after boot by the swapon program to set up swap. Swapoff() would typically not be called at all. The swapon() syscall internally calls filp_open() and that's where it would pass the O_KERN_SWAP flag. It also needs to pass an extra flag in claim_swapfile(). I should probably just send a patch. >> >> Thank you in advance for any input/suggestion! >> Luigi >> >> -- >> To unsubscribe, send a message with 'unsubscribe linux-mm' in >> the body to majordomo@xxxxxxxxx. For more info on Linux MM, >> see: http://www.linux-mm.org/ . >> Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a> >> -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>