On 10/17/2018 04:32 AM, Pavel Machek wrote: >> Well, that depends. Do you care about PROT_NONE attacks as well? If not >> then no-swap would help you. But even then no-swap is rather theoretical >> attack on a physical host unless you allow an arbitrary swapout to a >> malicious user (e.g. allow a user controlled memcg hard limit that would >> cause excessive local swapouts). > PROT_NONE attack.. aha, so kernel stores not only information about > swapped-out pages but also about file-backed pages that are currently > not present? Hmm. That makes it more complex :-(.
There are also migration PTE entries that are "swap-like". They can exist even if you swapoff -a. Can we do better? Sure. I think we'd all be happy to review patches that improve the situation if folks have simple ideas for improvement.
signature.asc
Description: OpenPGP digital signature
