[RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's
Alison Schofield
alison.schofield at intel.com
Wed Dec 5 05:30:20 UTC 2018
On Tue, Dec 04, 2018 at 10:10:44AM +0100, Peter Zijlstra wrote:
> > + * Encrypted mprotect is only supported on anonymous mappings.
> > + * All VMA's in the requested range must be anonymous. If this
> > + * test fails on any single VMA, the entire mprotect request fails.
> > + */
> > +bool mem_supports_encryption(struct vm_area_struct *vma, unsigned long end)
>
> That's a 'weird' interface and cannot do what the comment says it should
> do.
More please? With MKTME, only anonymous memory supports encryption.
Is it the naming that's weird, or you don't see it doing what it says?
> > + struct vm_area_struct *test_vma = vma;
>
> That variable is utterly pointless.
Got it. Will fix.
Thanks
More information about the Linux-security-module-archive
mailing list