Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2214029yba;
        Fri, 19 Apr 2019 14:39:58 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzoVfbYY14KeRFiY7ZfD5BLZKbl5eeimGsuZ5TD4BkJDeyGr3tHZ9bp+9OPZmJL3EhQY3md
X-Received: by 2002:aa7:91d5:: with SMTP id z21mr6305487pfa.222.1555709997928;
        Fri, 19 Apr 2019 14:39:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1555709997; cv=none;
        d=google.com; s=arc-20160816;
        b=jlNHezHLPbuJx83qGqlusYcnNUzARqoB5l1ri58oWk6CcK/E+J6m1Ud6SFvCv6E/B3
         bMuafUVCBstzW9an2MGqfMJ4jJ7TbJQWhRuZM3//5WNXqVkyxxloVXB7HMc3/rXxWt9E
         1ieFk6EC7Mv5hiwI2XZhYdZxAl+N4FBE2lqldgGN7ON0E2GzJzsHCN7EUvCnBS1I485H
         fIG2n+hAP1t2NdPcCVu3Lpv/qW1fXrWYnGhHoSk7c3uVGH5yTbyBINNFoxqT/V1p4OTX
         99W8LLriRk1WiVGL1V2a//pGC2iBG6+vStyXibP8bOxLrVRtMXr3QbCE+FfNTrAYqJao
         cjgg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=iD9YgTkSHyopNdf+0zrfBo+x+J7chAJFuml8vAndzkA=;
        b=j2yGkN/GirOxXbyPrW71O7aJIZ8cBGToYKlOxxZQemLAhPyauPmOSXDBvPZVPaFOZJ
         Ws/CHQTjOV9SUxsbaToTaNvrRqL7DpU83203gFackCXwQWEHyXUHC/FWPjRW6wNG2gBZ
         6+dKRBYSwoXl3yuT0hq3WKlpUkGctfYIQC1eKo9I81C0lEsIgYwjQ3vIjXYxmQRIeoF8
         jENwo9o7VyTZtdipqHdecCK5nHbbfG7MVdf3ig+i3j3Y4GDFQ/n1UuRB+uBU63Gi/eqW
         XFoWFjTniwW5HkngQfSb1bIIVs3HNJsfHwAqcXOi6BATcYZbQdy4mvHE3fnJxu37W+DW
         jd/g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 64si6176012plk.399.2019.04.19.14.39.42;
        Fri, 19 Apr 2019 14:39:57 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727474AbfDSVio (ORCPT <rfc822;brice.berna@gmail.com>
        + 99 others); Fri, 19 Apr 2019 17:38:44 -0400
Received: from Galois.linutronix.de ([146.0.238.70]:42560 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726599AbfDSVin (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 Apr 2019 17:38:43 -0400
Received: from pd9ef12d2.dip0.t-ipconnect.de ([217.239.18.210] helo=nanos)
        by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.80)
        (envelope-from <tglx@linutronix.de>)
        id 1hHbDS-0001rd-5E; Fri, 19 Apr 2019 23:38:38 +0200
Date:   Fri, 19 Apr 2019 23:38:36 +0200 (CEST)
From:   Thomas Gleixner <tglx@linutronix.de>
To:     Jethro Beekman <jethro@fortanix.com>
cc:     Andy Lutomirski <luto@amacapital.net>,
        Andy Lutomirski <luto@kernel.org>,
        "Dr. Greg" <greg@enjellic.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
        "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        "Christopherson, Sean J" <sean.j.christopherson@intel.com>,
        "nhorman@redhat.com" <nhorman@redhat.com>,
        "npmccallum@redhat.com" <npmccallum@redhat.com>,
        "Ayoun, Serge" <serge.ayoun@intel.com>,
        "Katz-zamir, Shay" <shay.katz-zamir@intel.com>,
        "Huang, Haitao" <haitao.huang@intel.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        "Svahn, Kai" <kai.svahn@intel.com>, Borislav Petkov <bp@alien8.de>,
        Josh Triplett <josh@joshtriplett.org>,
        "Huang, Kai" <kai.huang@intel.com>,
        David Rientjes <rientjes@google.com>
Subject: Re: [PATCH v20 00/28] Intel SGX1 support
In-Reply-To: <f9d93291-9b59-7b66-de9f-af92246f1c9c@fortanix.com>
Message-ID: <alpine.DEB.2.21.1904192337160.3174@nanos.tec.linutronix.de>
References: <20190417103938.7762-1-jarkko.sakkinen@linux.intel.com> <20190418171059.GA20819@wind.enjellic.com> <09ebfa1d-c03d-c1fe-ff0f-d99287b6ec3c@intel.com> <20190419141732.GA2269@wind.enjellic.com> <CALCETrV=wAsyWxtxQJ7y0xNrzkE863hTfU6Ysej48Gk9yPFJZw@mail.gmail.com>
 <43aa8fdd-e777-74cb-e3f0-d36805ffa18b@fortanix.com> <alpine.DEB.2.21.1904192233390.3174@nanos.tec.linutronix.de> <8c5133bc-1301-24ca-418d-7151a6eac0e2@fortanix.com> <alpine.DEB.2.21.1904192248550.3174@nanos.tec.linutronix.de> <e1478f70-7e44-6e3e-2aaf-1b12a96328ed@fortanix.com>
 <2AE80EA3-799E-4808-BBE4-3872F425BCF8@amacapital.net> <49b28ca1-6e66-87d9-2202-84c58f13fb99@fortanix.com> <444537E3-4156-41FB-83CA-57C5B660523F@amacapital.net> <f9d93291-9b59-7b66-de9f-af92246f1c9c@fortanix.com>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="8323329-821550267-1555709918=:3174"
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required,  ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--8323329-821550267-1555709918=:3174
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8BIT

On Fri, 19 Apr 2019, Jethro Beekman wrote:
> On 2019-04-19 14:31, Andy Lutomirski wrote:
> > I do think we need to follow LSM rules.  But my bigger point is that
> > there are policies that don’t allow JIT at all. I think we should
> > arrange the SGX API so it’s still usable when such a policy is in
> > effect.

> I don't think we need to arrange that right now. This patch set needs to
> be merged after more than 2 years of development. I'd like to avoid

We merge stuff when it is ready and not when someone declares that it needs
to be merged.

> introducing any more big changes. Let's just do what I described to make
> LSM not broken, which is a minimal change to the current approach. We
> can adjust the API later to support the use case you describe.

You are working around LSM nothing else and that's just not going to fly.

Thanks,

	tglx

--8323329-821550267-1555709918=:3174--