From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A0DAAC47DB3
	for <linux-mm@archiver.kernel.org>; Tue, 30 Jan 2024 00:13:23 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 1F3C46B0081; Mon, 29 Jan 2024 19:13:23 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 17DA26B0082; Mon, 29 Jan 2024 19:13:23 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 01D716B0083; Mon, 29 Jan 2024 19:13:22 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id DFF846B0081
	for <linux-mm@kvack.org>; Mon, 29 Jan 2024 19:13:22 -0500 (EST)
Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 86386160AB8
	for <linux-mm@kvack.org>; Tue, 30 Jan 2024 00:13:22 +0000 (UTC)
X-FDA: 81734053044.07.4A0CA28
Received: from mail-qv1-f50.google.com (mail-qv1-f50.google.com [209.85.219.50])
	by imf17.hostedemail.com (Postfix) with ESMTP id A26A540006
	for <linux-mm@kvack.org>; Tue, 30 Jan 2024 00:13:20 +0000 (UTC)
Authentication-Results: imf17.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=X4O7Dmlo;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf17.hostedemail.com: domain of adrianvovk@gmail.com designates 209.85.219.50 as permitted sender) smtp.mailfrom=adrianvovk@gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1706573600;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=1cTjgRUa/OuT1Zow9lfJR4BHRyRrTMnOxetbaBI0D7k=;
	b=Ert8dsot+iBd5MIF2pydQiHxwbKdoDZrChiLq89yxWkNsVEDzMOJwDlCnmgKHhQGmWsQR7
	f5cYR4NI34/fnLSYILVbBDsAFvIU5taD4UOsDH9RflSngvg24prR88pNsXM5B4uJqB/6vi
	7Wzg9Jvfe7BW5A0uKqhHHspi9hY19WI=
ARC-Authentication-Results: i=1;
	imf17.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=X4O7Dmlo;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf17.hostedemail.com: domain of adrianvovk@gmail.com designates 209.85.219.50 as permitted sender) smtp.mailfrom=adrianvovk@gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706573600; a=rsa-sha256;
	cv=none;
	b=SVTr+VrWvBGE62Lbv0woPRmBFW0KYqkHGvaHqYKdK99uIoakBW+FTLLO9Axznq0zPVFK9N
	y10IL57ZEcX3HAqADOi41IkQdb73e3JxJ2JjpRdF47PDNprJKRykWfJ9lDM5HxRlEAbtcm
	M1HpBnKIaSSWJwZ1HGh9o/CRwwGBBGk=
Received: by mail-qv1-f50.google.com with SMTP id 6a1803df08f44-6818a9fe380so26238986d6.2
        for <linux-mm@kvack.org>; Mon, 29 Jan 2024 16:13:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1706573600; x=1707178400; darn=kvack.org;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=1cTjgRUa/OuT1Zow9lfJR4BHRyRrTMnOxetbaBI0D7k=;
        b=X4O7DmlouIjh1i0dwfNNXTCor+HUacN9S/YukmQJbYQEOt5ocl4+ISabI1lh6KGF0p
         x+6FrbjSa6rztA938wsICqR38GApOO8X2DL/aVtYN/ZB0G+9hg+eoGBPyWF8UEsL3LCU
         ASaOvxnAnWMt3BS7/e48F36xUry6WF/lFnaRk5PsaRnnvD3TV7TWiLSO0GH0Uykcm+fe
         6wKhWusdCNubs1NAXA4Q7ao202flLWh7c53BQkkctv9rgAZHaYFKJIWI2vAmtudFqZmq
         /CVCKYWhXPxTXpHcOs0OhpKRyhqnFukyLvCy+PfOE2e/3TAOaFzzCJjNdm9Ttg0jFM2v
         YhJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1706573600; x=1707178400;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=1cTjgRUa/OuT1Zow9lfJR4BHRyRrTMnOxetbaBI0D7k=;
        b=w8ATL4Jw6keOZ1zPFla6FdqfHLgzkVcbc8ymkKtstnXCCE0xi0jCHEkSorGGlIa7X+
         GQ5LQoOpmlMjWj9xgzIRepceM2zLmdmlcR9fqSZrixFJgfuyV1QzgofA+GoI2Imwzi6l
         pW7jLJ/JM4d35EAZQJ5V88neckB7sK/QIDTeR53sY+7HGsyPGIGkhdRcxapm04GbAv+V
         3Ur5x4v+4eHY4TL90EWycZc58RRIyEqUSMEjaaWBmlc2Psyo9J5mEy4d0jpwA+ZkOxyJ
         pXzsUdx+3qsmDm3ZcOBovgtSBV8R6PdHalhE5bu88o9xjkGf6HbKl2riXNEI98t1q0rP
         LeSA==
X-Gm-Message-State: AOJu0YyRwczRdCqYS8UJNTB4rYgSGEMWUlmPWpLix5qgFtCyFT5bLbsV
	CkdaYk4BQh1IF/FoEz6TiUBttdbBxO2Wzl/DM0K7J32qbbiYwdKQ
X-Google-Smtp-Source: AGHT+IHH6hHDKm4nySIae5BxK+drQrnCA8T5/9zdN7Htn1zRhndn0EHzWb/IXqtzANbIwtv738w6VQ==
X-Received: by 2002:a05:6214:2a8b:b0:68c:5e87:7032 with SMTP id jr11-20020a0562142a8b00b0068c5e877032mr387571qvb.40.1706573599739;
        Mon, 29 Jan 2024 16:13:19 -0800 (PST)
Received: from [10.56.180.189] (184-057-057-014.res.spectrum.com. [184.57.57.14])
        by smtp.gmail.com with ESMTPSA id pf1-20020a056214498100b0067f53e25d1esm3931087qvb.14.2024.01.29.16.13.18
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 29 Jan 2024 16:13:19 -0800 (PST)
Message-ID: <3107a023-3173-4b3d-9623-71812b1e7eb6@gmail.com>
Date: Mon, 29 Jan 2024 19:13:17 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [LSF/MM/BPF TOPIC] Dropping page cache of individual fs
Content-Language: en-US
To: Matthew Wilcox <willy@infradead.org>, Jan Kara <jack@suse.cz>
Cc: Christian Brauner <brauner@kernel.org>,
 lsf-pc@lists.linux-foundation.org, linux-fsdevel@vger.kernel.org,
 linux-mm@kvack.org, linux-btrfs@vger.kernel.org,
 linux-block@vger.kernel.org, Christoph Hellwig <hch@infradead.org>
References: <20240116-tagelang-zugnummer-349edd1b5792@brauner>
 <20240116114519.jcktectmk2thgagw@quack3>
 <20240117-tupfen-unqualifiziert-173af9bc68c8@brauner>
 <20240117143528.idmyeadhf4yzs5ck@quack3>
 <ZafpsO3XakIekWXx@casper.infradead.org>
From: Adrian Vovk <adrianvovk@gmail.com>
In-Reply-To: <ZafpsO3XakIekWXx@casper.infradead.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Rspamd-Server: rspam09
X-Rspamd-Queue-Id: A26A540006
X-Stat-Signature: gxwfo3enb9q99pjh8a75pnnngt1geney
X-Rspam-User: 
X-HE-Tag: 1706573600-319401
X-HE-Meta: U2FsdGVkX1+HG4+FKu3DIle6ABWJP3fvqEqCczKvfRPENZm7vvxi4W45J1L0mEGzsJ1/prhfOZjVBmffgeUiG7530jPMX1s/ivD1nKLa5wsrZdrAdYmxGzi3Ab7Ayl0CvTm7aBPAanJOK0aJISzSThn4rynN87jhZcSZVjuIk/3xJ8tGGk1aRjOrH6ukW4bKk0bMhT/rxtuITdzRWU4Uv+lqTW/gv+tHeWqiieMkNBDlXUqn7olZjsCwU97yo5FdmgJWr62Hx2Gl9S5/6mfs36sW7RI99KAqo6qoykJFa8RWH3WBdu71Fho68S0Vj5ziZTSwclrbDSMLIeRD1HqLKKifJYzeTaDa61fRFHtQAuzc4RWVDRuuQd5cADEmhFHKbXCY5I/edGdYYBHQbIAAX9a+zvNEtv6hxYiGqxw9tAg6Q3Bo1Hy2p0Bx7UPvUv6VV43wU2gBT417aO/v3eo6u7mpOU5xi3qIlRSPwZeEgRyaYVHYOq4rfV+QxtevID7Bd1rAV3h2t5jAhNwo0vjpQw7bh2D3y9BHA9x4niRdYLWWmpnAAo/5ibROd5HhGLQ/GOzGvx0GTEZkSdqiRIqAC4SwjLl54uReJCDs2pAXvkR1DfUOhOLkrnG7COuhHIN4/dTJmYUWnx14Rqbgj2B/QQddmCyX5jlQ5rmCJ2vnljDbcMGJuvbGXsCLvZuIj36Zv4TSx3ww3AfpmeBtoL4ZfHNdJy12v96GXh+2P9coC80k2LkLAr4660dDaCfYx0pfPKc6mdtJ4lFt7aswbmeWmQkbegbzSqw55whuXgoAByVXXOSkLiWsIfAYAGowdsXf61UhvnmtVwTQ2JMTkNM9afk70LrvFuxahfmg0j62aZ6KDw44iZasahVDXSdppFDgy3aH/Tn6BIRQLG8epC/Rb7BA5HvGt9rXpanNtIWxCndZ6+S8T33jaMeHz121CVGOq+Dh6FzAYnRrIaj3pwY
 bix4mWSn
 hafpKy+3UcrU/l4bB2SNqd9sHdJ+wWS9IIof/rSM7FIxJwL+jkAZw3CtlrYEgUf1F1oZuPYfey0aD3AzY4sMd2SH/V+gA5VMLOlyyytYE1O73SSS6rXzDpojM4bGQJ5UytOytWh2hh3D3J2zkwSCjdzVUoMUlfK3Gv+MM4gH/VLBJkvQDiImP7FLRF9vXghap+VZX09OzUNaP9NPDekgodeN89gmH8kGhE9I2W4vlDFaaTO7alrxAo9YNYeDFx8DM+73dsla+Ed3FdNNeKcOn9A9fWAfVrLljZ70/HTqPPm+B/BxDvNGMMEllD4uHl3k7JjOlqb+iM8b8m9fTeoMXdjMvFTzfF5KYppL/sUfx5BBjd4xuI3nz3N8faqRHpVGOi+NahraQs7V6eWj4fIwtt8DgTQgFGly1dER412krcw6fqQsTuMA8xVCHGmfIf1T8WC5uWQjksMtcASJdfSBlf2m5gjyKfuWb1yOSBlFPzl+ytl0=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000002, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Hello! I'm the "GNOME people" who Christian is referring to

On 1/17/24 09:52, Matthew Wilcox wrote:
> I feel like we're in an XY trap [1].  What Christian actually wants is
> to not be able to access the contents of a file while the device it's
> on is suspended, and we've gone from there to "must drop the page cache".

What we really want is for the plaintext contents of the files to be 
gone from memory while the dm-crypt device backing them is suspended.

Ultimately my goal is to limit the chance that an attacker with access 
to a user's suspended laptop will be able to access the user's encrypted 
data. I need to achieve this without forcing the user to completely log 
out/power off/etc their system; it must be invisible to the user. The 
key word here is limit; if we can remove _most_ files from memory _most_ 
of the time Ithink luksSuspend would be a lot more useful against cold 
boot than it is today.

I understand that perfectly wiping all the files out of memory without 
completely unmounting the filesystem isn't feasible, and that's probably 
OK for our use-case. As long as most files can be removed from memory 
most of the time, anyway...

> We have numerous ways to intercept file reads and make them either
> block or fail.  The obvious one to me is security_file_permission()
> called from rw_verify_area().  Can we do everything we need with an LSM?
>
> [1] https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem

As Christian mentioned: the LSM may be a good addition, but it would 
have to be in addition to wiping the data out of the page cache, not 
instead of. An LSM will not help against a cold boot attack

Adrian