From: Mimi Zohar [mailto:zohar@linux.ibm.com] Sent: Friday, July 30, 2021 4:03 PM Hi Roberto,
On Fri, 2021-07-30 at 13:16 +0000, Roberto Sassu wrote:
From: Mimi Zohar [mailto:zohar@linux.ibm.com] Sent: Friday, July 30, 2021 2:40 PM
"critical data", in this context, should probably be used for verifying the in memory file digests and other state information haven't been compromised.
Actually, this is what we are doing currently. To keep the implementation simple, once the file or the buffer are uploaded to the kernel, they will not be modified, just accessed through the indexes.
My main concern about digest lists is their integrity, from loading the digest lists to their being stored in memory. A while back, there was some work on defining a write once memory allocator. I don't recall whatever happened to it. This would be a perfect usecase for that memory allocator.
Adding Igor in CC.
Regarding loading, everything uploaded to the kernel is carefully evaluated. This should not be a concern. Regarding making them read-only, probably if you can subvert digest lists you can also remove the read-only protection (unless you use an hypervisor).
Thanks
Roberto
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Li Jian, Shi Yanli
thanks,
Mimi