Re: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's
From: Peter Zijlstra <peterz@infradead.org>
Date: 2018-12-04 09:10:52
Also in:
keyrings, linux-mm
On Mon, Dec 03, 2018 at 11:39:56PM -0800, Alison Schofield wrote:
Memory encryption is only supported for mappings that are ANONYMOUS. Test the entire range of VMA's in an encrypt_mprotect() request to make sure they all meet that requirement before encrypting any. The encrypt_mprotect syscall will return -EINVAL and will not encrypt any VMA's if this check fails. Signed-off-by: Alison Schofield <alison.schofield@intel.com> Signed-off-by: Kirill A. Shutemov <redacted>
That SoB doesn't make sense; per the From you wrote the patch and signed off on it, wth is Kirill's SoB doing there?
quoted hunk ↗ jump to hunk
diff --git a/mm/mprotect.c b/mm/mprotect.c index ad8127dc9aac..f1c009409134 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c@@ -345,6 +345,24 @@ static int prot_none_walk(struct vm_area_struct *vma, unsigned long start, return walk_page_range(start, end, &prot_none_walk); } +/* + * Encrypted mprotect is only supported on anonymous mappings. + * All VMA's in the requested range must be anonymous. If this + * test fails on any single VMA, the entire mprotect request fails. + */ +bool mem_supports_encryption(struct vm_area_struct *vma, unsigned long end)
That's a 'weird' interface and cannot do what the comment says it should do.
+{
+ struct vm_area_struct *test_vma = vma;That variable is utterly pointless.
+ do {
+ if (!vma_is_anonymous(test_vma))
+ return false;
+
+ test_vma = test_vma->vm_next;
+ } while (test_vma && test_vma->vm_start < end);
+ return true;
+}