On Mon, Jun 9, 2025 at 10:58 PM Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote: > > On Fri, Jun 6, 2025 at 4:29 PM KP Singh <kpsingh@xxxxxxxxxx> wrote: > > > > Exclusive maps allow maps to only be accessed by a trusted loader > > program with a matching hash. This allows the trusted loader program > > to load the map and verify the integrity. > > > > Both maps of maps (array, hash) cannot be exclusive and exclusive maps > > cannot be added as inner maps. This is because one would need to > > guarantee the exclusivity of the inner maps and would require > > significant changes in the verifier. > > I was back and forth on it early, but after sleeping on it > I think we should think of exclusive maps as a generic concept and > not tied to trusted loader and prog signatures. > So any map type should be allowed to be exclusive and this patch > can handle it fine without adding more complexity. > In map-in-map case the outer map can be created exclusive > to a particular program, but inner maps don't have to be exclusive, > and it's fine. The lskel loader won't be using map-in-map anyway, > so no issues there. So the idea here is that if an outer map has exclusive access, only it can add inner maps. I think this is a valid combination as it would still retain exclusivity over the outer maps elements. - KP > > > Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx> > > --- [...] > >
