On 7/8/21 3:21 PM, Andy Lutomirski wrote: >> + ret = set_memory_decrypted((unsigned long)file->private_data, >> + 1UL << get_order(QUOTE_SIZE)); >> + if (ret) >> + break; > Now private_data is decrypted. (And this operation is *expensive*. Why > is it done at ioctl time?) Expensive and permanently fractures the direct map. I'm struggling to figure out why the direct map is even touched here. Why not just use a vmalloc area mapping? You really just need *a* decrypted mapping to the page. You don't need to make *every* mapping to the page decrypted.
