Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262385AbTENO77 (ORCPT ); Wed, 14 May 2003 10:59:59 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262393AbTENO77 (ORCPT ); Wed, 14 May 2003 10:59:59 -0400 Received: from corky.net ([212.150.53.130]:36511 "EHLO marcellos.corky.net") by vger.kernel.org with ESMTP id S262385AbTENO75 (ORCPT ); Wed, 14 May 2003 10:59:57 -0400 Date: Wed, 14 May 2003 18:12:39 +0300 (IDT) From: Yoav Weiss X-X-Sender: yoavw@marcellos.corky.net To: Ahmed Masud Cc: Linux Kernel Mailing List Subject: Re: encrypted swap [was: The disappearing sys_call_table export.] In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1147 Lines: 31 On Wed, 14 May 2003, Ahmed Masud wrote: > Well we definitely need a way to timeout keys. The other reason is to be Why ? We keep a key per-process, and wipe it from memory as soon as the process dies. Its not time-related. > able to "change your mind" about it while the key is being used. This may > not be a useful thing for now but think of encrypted swaps on the > infamous: oopsies-i-tripped-over-a-wire-and-disconnected-network-file-system Your swapfile is coming from a remote NFS mount ? If your swap becomes unavailable due to network problems, the swapped-out processes are probably doomed anyway. > > Here we have a situation where we want to not have an expired key with > valid data hanging out there. Data is valid iff the owning process still lives. When do we need to expire a key while its process is still alive (or keep a key valid for pages of a dead process) ? Yoav - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/