Re: encrypted swap [was: The disappearing sys_call_table export.]

Ahmed Masud (masud@googgun.com)
Fri, 16 May 2003 04:19:12 -0400 (EDT)


On Fri, 16 May 2003, Yoav Weiss wrote:

> Hi,
>
> I got the below from some guy, off the list.
> He may has a point, at least when writable pages are shared between
> processes.
>
> What do you think ?
>
> Yoav
>
> My apologies; I was unclear.
>
> I think that you need to associate swap encryption keys with memory
> spaces, not with processes, precisely because you need to be able to
> swap out and swap in from any process using that memory space. And
> correspondingly the key can't die on a per-process basis, it has to
> die if and only if the associated memory space is torn down (which
> may be long after the PID that originally creates it goes away).

Hi Yoav,

After sort of thinking about it at this early friday hour (well late
thursday for me), it occurs to me that we may want to maintain keys
either in the vm_area_struct (vma) or for a vma group.

We want to decrypt mostlikely after a page-fault, which triggers a vma
nopage (code here?), has loaded the page so vma key, and swapping out of
course is still in vma domain.

Since we can always go from process to vma to page and back again i think
it is not going to cause any tracking issues.

Further, we have different vma's for shared and other interesting pages
so various optimizations are also doable on a case to case basis.

Does this make any sense? or am I off the cuckoo train at this hour :)

Please comment.

Cheers,

Ahmed.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/