From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_MUTT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D724C28D18 for ; Wed, 5 Jun 2019 15:06:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3243A206B8 for ; Wed, 5 Jun 2019 15:06:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728589AbfFEPGy (ORCPT ); Wed, 5 Jun 2019 11:06:54 -0400 Received: from mga06.intel.com ([134.134.136.31]:26266 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728467AbfFEPGy (ORCPT ); Wed, 5 Jun 2019 11:06:54 -0400 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Jun 2019 08:06:53 -0700 X-ExtLoop1: 1 Received: from araresx-wtg1.ger.corp.intel.com (HELO localhost) ([10.252.46.102]) by orsmga007.jf.intel.com with ESMTP; 05 Jun 2019 08:06:40 -0700 Date: Wed, 5 Jun 2019 18:06:34 +0300 From: Jarkko Sakkinen To: Sean Christopherson Cc: Andy Lutomirski , Cedric Xing , Stephen Smalley , James Morris , "Serge E . Hallyn" , LSM List , Paul Moore , Eric Paris , selinux@vger.kernel.org, Jethro Beekman , Dave Hansen , Thomas Gleixner , Linus Torvalds , LKML , X86 ML , linux-sgx@vger.kernel.org, Andrew Morton , nhorman@redhat.com, npmccallum@redhat.com, Serge Ayoun , Shay Katz-zamir , Haitao Huang , Andy Shevchenko , Kai Svahn , Borislav Petkov , Josh Triplett , Kai Huang , David Rientjes , William Roberts , Philip Tricca Subject: Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES Message-ID: <20190605150634.GH11331@linux.intel.com> References: <20190531233159.30992-1-sean.j.christopherson@intel.com> <20190531233159.30992-7-sean.j.christopherson@intel.com> <20190604162306.GB3811@linux.intel.com> <20190604164514.GB32350@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190604164514.GB32350@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 04, 2019 at 09:45:14AM -0700, Sean Christopherson wrote: > Heh, yeah, it's not duplicating LSM functionality. What I was trying to > say is that this patch allows LSMs to implement policies that are > equivalent to their existing functionality, e.g. paves the way to add > security_enclave_load() as an equivalent to security_file_mprotect(). I would suggest describing explicitly in the commit message what you want to do, which you said here e.g. "I do this because I want to add LSM hooks". This also relevant information for the LKM discussion. Lets see how the next version looks like now that you have some feedback. In the whole scope of the patch set, in order to make it more readable, I'll give following suggestions on how it is organized: 1. Leave out anything that is not strictly necessary (cosmetic fix, batch operation if possible). Better to focus one thing at a time. 2. Try to organize it so that each function is fully defined in the scope of one patch even if it would mean larger patches. 3. Do not add one call site helpers unless there is a good reason to do so. A good reason would be something like needing to extensive work in error rollback, which would make the caller a mess. /Jarkko