On Thu 11-02-21 13:20:08, Mike Rapoport wrote: [...]
Sealing is anyway controlled via fcntl() and I don't think MFD_ALLOW_SEALING makes much sense for the secretmem because it is there to prevent rogue file sealing in tmpfs/hugetlbfs.
This doesn't really match my understanding. The primary usecase for the sealing is to safely and predictably coordinate over shared memory. I absolutely do not see why this would be incompatible with an additional requirement to unmap the memory from the kernel to prevent additional interference from the kernel side. Quite contrary it looks like a very nice extension to this model.
As for the huge pages, I'm not sure at all that supporting huge pages in secretmem will involve hugetlbfs.
Have a look how hugetlb proliferates through our MM APIs. I strongly suspect this is strong signal that this won't be any different.
And even if yes, adding SECRETMEM_HUGE flag seems to me less confusing than saying "from kernel x.y you can use MFD_CREATE | MFD_SECRET | MFD_HUGE" etc for all possible combinations.
I really fail to see your point. This is a standard model we have. It is quite natural that flags are added. Moreover adding a new syscall will not make it any less of a problem.
I by no means do not insist one way or the other but from what I have seen so far I have a feeling that the interface hasn't been thought through enough.
It has been, but we have different thoughts about it ;-)
Then you must be carrying a lot of implicit knowledge which I want you to document.