Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1465944pxb; Thu, 4 Mar 2021 12:03:10 -0800 (PST) X-Google-Smtp-Source: ABdhPJz4MZZGnDYuAHZzcwd/WqRaSTO6CODJJBNRAOZiISlso4XJzuYAXSuyStCb3h76EvYRiUOd X-Received: by 2002:a05:6402:1c86:: with SMTP id cy6mr6222120edb.276.1614888190283; Thu, 04 Mar 2021 12:03:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614888190; cv=none; d=google.com; s=arc-20160816; b=o5HdGjVTDcVnp0DrTreXRFJ4cTlA38bibXeEgoAMxq3YYKSL5qc39hCghBds9mJ8oj Wbjirh6QYtvJ0vtnisjuIQx8NIr8484xzzVsXUJATsK4buk7CHvZi+KNNTU8ugGB4+Br Q7vNjyXMOy3hRVaDAIoJnIBwwpOJ76YQllBkPVlKYJwIzKb0yMudOkmbVunobLH4ihhT I9ern9w8D4Rwc0KRvJuXeYMSwk39BplF3n9Nr8iXX+cvzErs+fHRhCvY534YLSOGQQG5 l5ZOCjDKCIZDSQoRmZ6KUZkZOpfJoZ2bcU9n4akGIOOURIsjBOScU5WOpSaeQ7mjYNBD CAbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:message-id:in-reply-to :date:references:subject:cc:to:from:ironport-sdr:ironport-sdr; bh=sw3kP/L2wEwl/uWR8XnvIXWDXovlIz25ezk0KRQ8J58=; b=RTw7fKEZaiaBFV575By/ROzYwWa55LZZYhd5/96LwQvDFl0bQ99oNm7kKTUma1/ISi WzHlOjiAwFvk6zP8b58EgzrCagdhIGPlB62IbO+6NpLpi2xB61TdEhdX/mprRYCeNGE+ nCnUaO4EeZ40OJlBF/OsUtc0zlU3C4fXjEslUxIhQZz8W89kN0CLaQfgTBtAXzhnQYyt BS79GVG3kjdGGrGIsh+SgejkAqwiddLWVMrhIK20E6NSeYSFadj1AZkubNQHphILVMDQ hdHNlRZgUujyPWc/BUKiGXMnNOmXjFn3e1s8FJYdYpEMmDV+/Uzbv7KHqjYDpDDQh/ZE agUg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jg13si125832ejc.126.2021.03.04.12.02.47; Thu, 04 Mar 2021 12:03:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237307AbhCDUBX (ORCPT + 99 others); Thu, 4 Mar 2021 15:01:23 -0500 Received: from mga18.intel.com ([134.134.136.126]:5002 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236436AbhCDUAw (ORCPT ); Thu, 4 Mar 2021 15:00:52 -0500 IronPort-SDR: FFtnBEmkJbgWTP6Qlm6SOH00t0xe4p/wgGnXgEJVqp9EQyHReVmULEtRwsGV3hWL21ZgPepURb k+k81HNUGklg== X-IronPort-AV: E=McAfee;i="6000,8403,9913"; a="175125353" X-IronPort-AV: E=Sophos;i="5.81,223,1610438400"; d="scan'208";a="175125353" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Mar 2021 11:59:06 -0800 IronPort-SDR: D3DTZrbThlWBnXNSvA3kUTKRJ4GZ7ZoI1FThV+majRRy54gGnc32w/Zs/23DnxNdKFnV593bgw xq+5vG7zjhIQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,223,1610438400"; d="scan'208";a="428792917" Received: from tassilo.jf.intel.com (HELO tassilo.localdomain) ([10.54.74.11]) by fmsmga004.fm.intel.com with ESMTP; 04 Mar 2021 11:59:05 -0800 Received: by tassilo.localdomain (Postfix, from userid 1000) id 25CAD302859; Thu, 4 Mar 2021 11:59:05 -0800 (PST) From: Andi Kleen To: Sai Prakash Ranjan Cc: Mathieu Poirier , Suzuki K Poulose , Mike Leach , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Leo Yan , Jiri Olsa , Namhyung Kim , coresight@lists.linaro.org, Stephen Boyd , Denis Nikitin , Mattias Nissler , Al Grant , linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Douglas Anderson Subject: Re: [PATCHv2 0/4] perf/core: Add support to exclude kernel mode PMU tracing References: Date: Thu, 04 Mar 2021 11:59:05 -0800 In-Reply-To: (Sai Prakash Ranjan's message of "Tue, 2 Mar 2021 00:34:14 +0530") Message-ID: <871rcuvgfq.fsf@linux.intel.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sai Prakash Ranjan writes: > > "Consider a system where disk contents are encrypted and the encryption > key is set up by the user when mounting the file system. From that point > on the encryption key resides in the kernel. It seems reasonable to > expect that the disk encryption key be protected from exfiltration even > if the system later suffers a root compromise (or even against insiders > that have root access), at least as long as the attacker doesn't > manage to compromise the kernel." Normally disk encryption is in specialized work queues. It's total overkill to restrict all of the kernel if you just want to restrict those work queues. I would suggest some more analysis where secrets are actually stored and handled first. -Andi