[RFC v2 04/13] x86/mm: Add helper functions for MKTME memory encryption keys
Sakkinen, Jarkko
jarkko.sakkinen at intel.com
Thu Dec 6 08:31:24 UTC 2018
On Mon, 2018-12-03 at 23:39 -0800, Alison Schofield wrote:
> +extern int mktme_map_alloc(void);
> +extern void mktme_map_free(void);
> +extern void mktme_map_lock(void);
> +extern void mktme_map_unlock(void);
> +extern int mktme_map_mapped_keyids(void);
> +extern void mktme_map_set_keyid(int keyid, void *key);
> +extern void mktme_map_free_keyid(int keyid);
> +extern int mktme_map_keyid_from_key(void *key);
> +extern void *mktme_map_key_from_keyid(int keyid);
> +extern int mktme_map_get_free_keyid(void);
No need for extern keyword for function declarations. It is
only needed for variable declarations.
> +
> DECLARE_STATIC_KEY_FALSE(mktme_enabled_key);
> static inline bool mktme_enabled(void)
> {
> diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c
> index c81727540e7c..34224d4e3f45 100644
> --- a/arch/x86/mm/mktme.c
> +++ b/arch/x86/mm/mktme.c
> @@ -40,6 +40,97 @@ int __vma_keyid(struct vm_area_struct *vma)
> return (prot & mktme_keyid_mask) >> mktme_keyid_shift;
> }
>
> +/*
> + * struct mktme_map and the mktme_map_* functions manage the mapping
> + * of userspace Keys to hardware KeyIDs. These are used by the MKTME Key
What are "userspace Keys" anyway and why Key and not key?
> + * Service API and the encrypt_mprotect() system call.
> + */
> +
> +struct mktme_mapping {
> + struct mutex lock; /* protect this map & HW state */
> + unsigned int mapped_keyids;
> + void *key[];
> +};
Personally, I prefer not to align struct fields (I do align enums
because there it makes more sense) as often you end up realigning
everything.
Documentation would bring more clarity. For example, what does key[]
contain, why there is a lock and what mapped_keyids field contains?
/Jarkko
More information about the Linux-security-module-archive
mailing list