From: Sargun Dhillon <sargun@sargun.me>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: LSM <linux-security-module@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Kees Cook <keescook@chromium.org>,
Igor Stoppa <igor.stoppa@huawei.com>,
James Morris <jmorris@namei.org>
Subject: Re: [PATCH 0/4] security: Split out hook definitions into lsm_hook_types.h
Date: Sun, 1 Apr 2018 13:43:11 -0700 [thread overview]
Message-ID: <CAMp4zn8o0giNY2m=5bmfFA5veKZrux=zYzL0Aaqd2xi0PsZ+bA@mail.gmail.com> (raw)
In-Reply-To: <06c4e61e-399f-a1f8-bd45-a27d0eb4571b@schaufler-ca.com>
On Sun, Apr 1, 2018 at 10:32 AM, Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> On 4/1/2018 3:17 AM, Sargun Dhillon wrote:
> > This moves all of the LSM hooks type information into a separate file,
> > lsm_hook_types.h. This enables us to use this file, along with macros
> > to generate the security_hook_heads struct, as well as the security
> > hooks union without having to duplicate definitions.
> >
> > This will be useful for further datastructures which want to use
> > the set of security hooks in a completely unrolled way, along
> > with the type information there within.
>
> Can you explain what this patch set is trying to accomplish?
> I see no value. I see massive complexity. Why is this better
> than what is there now?
>
1) Reduce the total amount of code
2) In the process of implementing the loadable hooks stuff, I wanted
to add a few more unrolled datastructures, specifically around static
keys, and I realized I would have to write an entirely new
datastructure like the security heads. To me, rather than having to
touch 3 different parts of code in order to change something, it seems
nice to keep it centralized. Same with RCU.
3) Rather than call_int_hook, and call_void_hook, we could generate an
actual function definitions. I think that will be a bit cleaner, esp.
in the context of the 2nd set of hook patches.
prev parent reply other threads:[~2018-04-01 20:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-01 10:17 [PATCH 0/4] security: Split out hook definitions into lsm_hook_types.h Sargun Dhillon
2018-04-01 10:17 ` [PATCH 1/4] security: Move hook definitions from lsm_hooks.h to lsm_hook_types.h Sargun Dhillon
2018-04-01 10:17 ` [PATCH 2/4] security: Refactor security hooks into structured hooks Sargun Dhillon
2018-04-01 10:18 ` [PATCH 3/4] security: Make security_hook_heads use definitions in lsm_hook_types.h Sargun Dhillon
2018-04-01 10:18 ` [PATCH 4/4] security: generated security hook initialization based on lsm_hook_types.h Sargun Dhillon
2018-04-01 17:32 ` [PATCH 0/4] security: Split out hook definitions into lsm_hook_types.h Casey Schaufler
2018-04-01 20:43 ` Sargun Dhillon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMp4zn8o0giNY2m=5bmfFA5veKZrux=zYzL0Aaqd2xi0PsZ+bA@mail.gmail.com' \
--to=sargun@sargun.me \
--cc=casey@schaufler-ca.com \
--cc=igor.stoppa@huawei.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).