|
|
Log in / Subscribe / Register

memfd_secret() in 5.14

memfd_secret() in 5.14

Posted Aug 9, 2021 16:06 UTC (Mon) by jhoblitt (subscriber, #77733)
In reply to: memfd_secret() in 5.14 by khim
Parent article: memfd_secret() in 5.14

In the case of a guest kernel, it isn't surprising if the host kernel provided protection features, but I think it is likely theoretically impossible to protect processes within a guest against the compromise of the host kernel without special hardware support that protects the guest kernel memory itself against the host kernel.

to post comments

memfd_secret() in 5.14

Posted Aug 9, 2021 20:57 UTC (Mon) by khim (subscriber, #9252) [Link]

That special hardware, though, may be yet another hypervisor. Although not sure how feasible that would be, but the idea sounds interesting: essentially a microkernel which is basically does MMU and IOMMU — and that's it.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds