Tue, Feb 10, 2026 at 01:43:57PM +0100, [email protected] wrote: >On Tue, Feb 10, 2026 at 10:14:08AM +0100, Jiri Pirko wrote: > >> >I'd advocate that the right design is for userspace to positively >> >signal via this flag that it wants/accepts shared memory and without >> >the flag shared memory should never be returned. >> >> We can have the same behaviour with the separate heap, can't we? >> Userpace positively signals it wants/accepts the shared memory by >> choosing "system_cc_decrypted" heap name. > >So what do the other heap names do? Always private? Do you ever get >heaps that are unknowably private or shared (eg MMIO backed?)
If I understand the code correctly, you may get something like this: $ ls /dev/dma_heap/ default_cma_region protected,secure-video protected,secure-video-record protected,trusted-ui system The "protected*" ones are created by tee. I believe they handle memory that is inaccesible to CPU.
