On Wed, May 27, 2026 at 11:15:49AM -0700, Borislav Petkov wrote:
> On Wed, May 27, 2026 at 01:07:16PM -0300, Jason Gunthorpe wrote:
> > > Setting memory decrypted is a dangerous operations and should only
> > > be available to core code. We should have various allocators for
> > > decrypted code, but not export the functionality to random code.
> >
> > At the very least an EXPORT_SYMBOL_NS.
> >
> > Looks like there are about 3 modules using it already..
>
> Looks like more to me...
>
> In any case, we exported them back then for some framebuffer things:
>
> 95cf9264d5f3 ("x86, drm, fbdev: Do not specify encrypted memory for video
> mappings")
Which is exactly one of these things that should not happen - mapping
random I/O memory without the proper helpers..
