[RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's
Peter Zijlstra
peterz at infradead.org
Tue Dec 4 09:10:44 UTC 2018
On Mon, Dec 03, 2018 at 11:39:56PM -0800, Alison Schofield wrote:
> Memory encryption is only supported for mappings that are ANONYMOUS.
> Test the entire range of VMA's in an encrypt_mprotect() request to
> make sure they all meet that requirement before encrypting any.
>
> The encrypt_mprotect syscall will return -EINVAL and will not encrypt
> any VMA's if this check fails.
>
> Signed-off-by: Alison Schofield <alison.schofield at intel.com>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov at linux.intel.com>
That SoB doesn't make sense; per the From you wrote the patch and signed
off on it, wth is Kirill's SoB doing there?
> diff --git a/mm/mprotect.c b/mm/mprotect.c
> index ad8127dc9aac..f1c009409134 100644
> --- a/mm/mprotect.c
> +++ b/mm/mprotect.c
> @@ -345,6 +345,24 @@ static int prot_none_walk(struct vm_area_struct *vma, unsigned long start,
> return walk_page_range(start, end, &prot_none_walk);
> }
>
> +/*
> + * Encrypted mprotect is only supported on anonymous mappings.
> + * All VMA's in the requested range must be anonymous. If this
> + * test fails on any single VMA, the entire mprotect request fails.
> + */
> +bool mem_supports_encryption(struct vm_area_struct *vma, unsigned long end)
That's a 'weird' interface and cannot do what the comment says it should
do.
> +{
> + struct vm_area_struct *test_vma = vma;
That variable is utterly pointless.
> + do {
> + if (!vma_is_anonymous(test_vma))
> + return false;
> +
> + test_vma = test_vma->vm_next;
> + } while (test_vma && test_vma->vm_start < end);
> + return true;
> +}
More information about the Linux-security-module-archive
mailing list