Re: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for MKTME

From: Dave Hansen
Date: Tue Jun 18 2019 - 10:19:01 EST

Next message: Colin Ian King: "Re: [PATCH][next] netfilter: synproxy: ensure zero is returned on non-error return path"
Previous message: Colin King: "[PATCH][next] netfilter: synproxy: ensure zero is returned on non-error return path"
In reply to: Dave Hansen: "Re: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for MKTME"
Next in thread: Kai Huang: "Re: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for MKTME"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/17/19 5:15 PM, Andy Lutomirski wrote:
>>> But I really expect that the encryption of a DAX device will actually
>>> be a block device setting and won't look like this at all. It'll be
>>> more like dm-crypt except without device mapper.
>> Are you suggesting not to support MKTME for DAX, or adding MKTME support to dm-crypt?
> I'm proposing exposing it by an interface that looks somewhat like
> dm-crypt. Either we could have a way to create a device layered on
> top of the DAX devices that exposes a decrypted view or we add a way
> to tell the DAX device to kindly use MKTME with such-and-such key.

I think this basically implies that we need to settle (or at least
present) on an interface for storage (FS-DAX, Device DAX, page cache)
before we merge one for anonymous memory.

That sounds like a reasonable exercise.

Next message: Colin Ian King: "Re: [PATCH][next] netfilter: synproxy: ensure zero is returned on non-error return path"
Previous message: Colin King: "[PATCH][next] netfilter: synproxy: ensure zero is returned on non-error return path"
In reply to: Dave Hansen: "Re: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for MKTME"
Next in thread: Kai Huang: "Re: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for MKTME"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]