Taylor R Campbell wrote: > > Date: Mon, 11 May 2020 21:12:16 +0100 > > From: Alexander Nasonov <[email protected]> > > 1) SWAP_STATS can be modified to return a status of encryption in > > the se_flags member. > > What would the status be? That encryption was once enabled and at > least one page was written out encrypted? > > At any given time, some pages may be encrypted while others are not. > We don't keep track of how many pages are encrypted and how many pages > are not, and it might be tricky to do so. All that is easy to do, > without adding a lot more bookkeeping, is ascertain whether we have > generated an encryption key at all, meaning that at least one page was > swapped out while vm.swap_encrypt=1.
I didn't realise that it can be a mix. > > 2) The encyption bit can be passed to SWAP_ON/SWAP_CTL but they > > currently take an integer agrument and it's reserved for a priority. > > I thought about that but a vm.swap_encrypt sysctl knob was quicker to > implement without needing further thought or ABI compatibility work. Yeah, compatibility can be a pain. > If you find a compelling reason to make it per-swapdev and want to > implement that, fine by me! I have no strong preference but if it was per-swapdev I could use existing KAUTH_SYSTEM_SWAPCTL instead of introducing a new KAUTH_SYSTEM_SWAP_ENCRYPT. -- Alex
