From: Mimi Zohar [mailto:zohar@linux.ibm.com]
Sent: Friday, July 30, 2021 4:03 PM
Hi Roberto,

On Fri, 2021-07-30 at 13:16 +0000, Roberto Sassu wrote:

quoted

quoted

From: Mimi Zohar [mailto:zohar@linux.ibm.com]
Sent: Friday, July 30, 2021 2:40 PM

quoted

quoted

"critical data", in this context, should probably be used for verifying
the in memory file digests and other state information haven't been
compromised.

Actually, this is what we are doing currently. To keep the
implementation simple, once the file or the buffer are uploaded
to the kernel, they will not be modified, just accessed through
the indexes.

My main concern about digest lists is their integrity, from loading the
digest lists to their being stored in memory.  A while back, there was
some work on defining a write once memory allocator.  I don't recall
whatever happened to it.  This would be a perfect usecase for that
memory allocator.

Adding Igor in CC.

Regarding loading, everything uploaded to the kernel is carefully
evaluated. This should not be a concern. Regarding making them
read-only, probably if you can subvert digest lists you can also
remove the read-only protection (unless you use an hypervisor).

Thanks

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli

thanks,

Mimi