Tue, Feb 10, 2026 at 01:43:57PM +0100, jgg@ziepe.ca wrote:
On Tue, Feb 10, 2026 at 10:14:08AM +0100, Jiri Pirko wrote:
I'd advocate that the right design is for userspace to positively signal via this flag that it wants/accepts shared memory and without the flag shared memory should never be returned.
We can have the same behaviour with the separate heap, can't we? Userpace positively signals it wants/accepts the shared memory by choosing "system_cc_decrypted" heap name.
So what do the other heap names do? Always private? Do you ever get heaps that are unknowably private or shared (eg MMIO backed?)
If I understand the code correctly, you may get something like this: $ ls /dev/dma_heap/ default_cma_region protected,secure-video protected,secure-video-record protected,trusted-ui system
The "protected*" ones are created by tee. I believe they handle memory that is inaccesible to CPU.