Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Sat, Apr 08, 2017 at 05:28:15AM +0200, poma wrote: > On 06.04.2017 22:25, Jiri Kosina wrote: > > On Thu, 6 Apr 2017, Rafael J. Wysocki wrote: > > > > Your swap partition may be located on an NVDIMM or be encrypted. > > An NVDIMM should be considered the same as any other

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Sat, Apr 08, 2017 at 05:28:15AM +0200, poma wrote: > On 06.04.2017 22:25, Jiri Kosina wrote: > > On Thu, 6 Apr 2017, Rafael J. Wysocki wrote: > > > > Your swap partition may be located on an NVDIMM or be encrypted. > > An NVDIMM should be considered the same as any other

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On 06.04.2017 22:25, Jiri Kosina wrote: > On Thu, 6 Apr 2017, Rafael J. Wysocki wrote: > > Your swap partition may be located on an NVDIMM or be encrypted. An NVDIMM should be considered the same as any other persistent storage. It may be encrypted, but where's the key

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On 06.04.2017 22:25, Jiri Kosina wrote: > On Thu, 6 Apr 2017, Rafael J. Wysocki wrote: > > Your swap partition may be located on an NVDIMM or be encrypted. An NVDIMM should be considered the same as any other persistent storage. It may be encrypted, but where's the key

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Thu, 6 Apr 2017, Rafael J. Wysocki wrote: > >>> Your swap partition may be located on an NVDIMM or be encrypted. > >> > >> An NVDIMM should be considered the same as any other persistent storage. > >> > >> It may be encrypted, but where's the key stored, how easy is it to retrieve > >> and

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Thu, 6 Apr 2017, Rafael J. Wysocki wrote: > >>> Your swap partition may be located on an NVDIMM or be encrypted. > >> > >> An NVDIMM should be considered the same as any other persistent storage. > >> > >> It may be encrypted, but where's the key stored, how easy is it to retrieve > >> and

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Thu, Apr 6, 2017 at 10:09 PM, Rafael J. Wysocki wrote: > On Thu, Apr 6, 2017 at 10:41 AM, David Howells wrote: >> Oliver Neukum wrote: >> >>> Your swap partition may be located on an NVDIMM or be encrypted. >> >> An NVDIMM should be

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Thu, Apr 6, 2017 at 10:09 PM, Rafael J. Wysocki wrote: > On Thu, Apr 6, 2017 at 10:41 AM, David Howells wrote: >> Oliver Neukum wrote: >> >>> Your swap partition may be located on an NVDIMM or be encrypted. >> >> An NVDIMM should be considered the same as any other persistent storage. >> >>

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Thu, Apr 6, 2017 at 10:41 AM, David Howells wrote: > Oliver Neukum wrote: > >> Your swap partition may be located on an NVDIMM or be encrypted. > > An NVDIMM should be considered the same as any other persistent storage. > > It may be encrypted, but

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Thu, Apr 6, 2017 at 10:41 AM, David Howells wrote: > Oliver Neukum wrote: > >> Your swap partition may be located on an NVDIMM or be encrypted. > > An NVDIMM should be considered the same as any other persistent storage. > > It may be encrypted, but where's the key stored, how easy is it to

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Thu, Apr 6, 2017 at 8:55 AM, David Howells wrote: > Rafael J. Wysocki wrote: > >> You probably want to disable hibernation altogether in this case. > > See patch 10. Does that mean patch 11 is superfluous? Yes, it does. You can't open /dev/snapshot

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Thu, Apr 6, 2017 at 8:55 AM, David Howells wrote: > Rafael J. Wysocki wrote: > >> You probably want to disable hibernation altogether in this case. > > See patch 10. Does that mean patch 11 is superfluous? Yes, it does. You can't open /dev/snapshot if hibernation_available() returns false.

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

Oliver Neukum wrote: > Your swap partition may be located on an NVDIMM or be encrypted. An NVDIMM should be considered the same as any other persistent storage. It may be encrypted, but where's the key stored, how easy is it to retrieve and does the swapout code know this? >

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

Oliver Neukum wrote: > Your swap partition may be located on an NVDIMM or be encrypted. An NVDIMM should be considered the same as any other persistent storage. It may be encrypted, but where's the key stored, how easy is it to retrieve and does the swapout code know this? > Isn't this a bit

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

Rafael J. Wysocki wrote: > You probably want to disable hibernation altogether in this case. See patch 10. Does that mean patch 11 is superfluous? David

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

Rafael J. Wysocki wrote: > You probably want to disable hibernation altogether in this case. See patch 10. Does that mean patch 11 is superfluous? David

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

Am Donnerstag, den 06.04.2017, 01:38 +0200 schrieb Rafael J. Wysocki: > On Wed, Apr 5, 2017 at 10:16 PM, David Howells wrote: > > > > From: Matthew Garrett > > > > uswsusp allows a user process to dump and then restore kernel state, which > > makes it

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

Am Donnerstag, den 06.04.2017, 01:38 +0200 schrieb Rafael J. Wysocki: > On Wed, Apr 5, 2017 at 10:16 PM, David Howells wrote: > > > > From: Matthew Garrett > > > > uswsusp allows a user process to dump and then restore kernel state, which > > makes it possible to modify the running kernel.

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Wed, Apr 5, 2017 at 10:16 PM, David Howells wrote: > From: Matthew Garrett > > uswsusp allows a user process to dump and then restore kernel state, which > makes it possible to modify the running kernel. Disable this if the kernel > is locked down. >

Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Wed, Apr 5, 2017 at 10:16 PM, David Howells wrote: > From: Matthew Garrett > > uswsusp allows a user process to dump and then restore kernel state, which > makes it possible to modify the running kernel. Disable this if the kernel > is locked down. > > Signed-off-by: Matthew Garrett >

[PATCH 11/24] uswsusp: Disable when the kernel is locked down

From: Matthew Garrett uswsusp allows a user process to dump and then restore kernel state, which makes it possible to modify the running kernel. Disable this if the kernel is locked down. Signed-off-by: Matthew Garrett Signed-off-by: David Howells

[PATCH 11/24] uswsusp: Disable when the kernel is locked down

From: Matthew Garrett uswsusp allows a user process to dump and then restore kernel state, which makes it possible to modify the running kernel. Disable this if the kernel is locked down. Signed-off-by: Matthew Garrett Signed-off-by: David Howells cc: linux...@vger.kernel.org ---

[PATCH 11/24] uswsusp: Disable when the kernel is locked down

From: Matthew Garrett uswsusp allows a user process to dump and then restore kernel state, which makes it possible to modify the running kernel. Disable this if the kernel is locked down. Signed-off-by: Matthew Garrett Signed-off-by: David Howells

[PATCH 11/24] uswsusp: Disable when the kernel is locked down

From: Matthew Garrett uswsusp allows a user process to dump and then restore kernel state, which makes it possible to modify the running kernel. Disable this if the kernel is locked down. Signed-off-by: Matthew Garrett Signed-off-by: David Howells --- kernel/power/user.c |3 +++ 1 file