Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp6904255ybi; Wed, 5 Jun 2019 08:09:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqx4RBcX/2Cv2BlkfPOv3syvpzh0XrPdwN/CBSEzytOv3Pktj9RElBwoNQY7V+d+X/bQrGfd X-Received: by 2002:a62:1c91:: with SMTP id c139mr38849801pfc.25.1559747371566; Wed, 05 Jun 2019 08:09:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559747371; cv=none; d=google.com; s=arc-20160816; b=JWlqaaDY+tAAPJeHG6grKY47sIbMg/2rUhLVRpF/6VVzGOh0SpZ35ahWlAgo8jeN7j CMN8LB6d9HhVxrCcxgwrp+qP4yFpsh/PjxPquGU0NHdxjnn1mFbOB4ORk2hOhF5jaAqy fNzdcaPKRuBMPBOA5dUE34gH91adzAKS7rdMcrrh7E7RKAFBRaaFJPv3ci//sqcP6PLA kDryXpX8SZIBfq0pRjGg80hs78+O7sqW1UGNCnkqyP5fbdb7RWvKfRi0LbvakGWOGebF q7HShSpdVzZDQEDdwVVGFlKun9a8nKyOwcUn8qTO5+2stgJmNI3sMZBb+Tn56lWkOkLK UXsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=0ACQBy5Lg4H0KwnJ91TZ6VuudmYWz4uv9Qst3W+Lgeo=; b=O7GlHpF6Cxe2bd0Zmm5eXYx6EYKB8rHR1/+nx+HS6d6JL3SIqP0aGm67SUYtn8/0QG Z1Eqh0FgsIoGokN1xM6mHpYUxEbbooj0Jx4wJp/l+FwyVk25QLApqBZFPVDlpDGivxD0 FQQCMO9W7Xi98GgcTtUuL9lh1sDaiIBPp4tKxnR3aeKtjywGWhPhvCQgNmwFk0AhAmvZ 30Z5iUdtaaQjCUWjIS++oCKblPN0soWBdvchpkBQTklsw3krMAz8yzGlW003mzM9ks5N iwZBLU0D8ffCBVDn2vxy+q2rZmRGEG3fOmuFl7ZGiRq7/SDEwc41eXF5Dt3xguSCZIfx 0BXA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d11si27876186pgj.238.2019.06.05.08.09.12; Wed, 05 Jun 2019 08:09:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728583AbfFEPGy (ORCPT + 99 others); Wed, 5 Jun 2019 11:06:54 -0400 Received: from mga06.intel.com ([134.134.136.31]:26266 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728467AbfFEPGy (ORCPT ); Wed, 5 Jun 2019 11:06:54 -0400 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Jun 2019 08:06:53 -0700 X-ExtLoop1: 1 Received: from araresx-wtg1.ger.corp.intel.com (HELO localhost) ([10.252.46.102]) by orsmga007.jf.intel.com with ESMTP; 05 Jun 2019 08:06:40 -0700 Date: Wed, 5 Jun 2019 18:06:34 +0300 From: Jarkko Sakkinen To: Sean Christopherson Cc: Andy Lutomirski , Cedric Xing , Stephen Smalley , James Morris , "Serge E . Hallyn" , LSM List , Paul Moore , Eric Paris , selinux@vger.kernel.org, Jethro Beekman , Dave Hansen , Thomas Gleixner , Linus Torvalds , LKML , X86 ML , linux-sgx@vger.kernel.org, Andrew Morton , nhorman@redhat.com, npmccallum@redhat.com, Serge Ayoun , Shay Katz-zamir , Haitao Huang , Andy Shevchenko , Kai Svahn , Borislav Petkov , Josh Triplett , Kai Huang , David Rientjes , William Roberts , Philip Tricca Subject: Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES Message-ID: <20190605150634.GH11331@linux.intel.com> References: <20190531233159.30992-1-sean.j.christopherson@intel.com> <20190531233159.30992-7-sean.j.christopherson@intel.com> <20190604162306.GB3811@linux.intel.com> <20190604164514.GB32350@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190604164514.GB32350@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 04, 2019 at 09:45:14AM -0700, Sean Christopherson wrote: > Heh, yeah, it's not duplicating LSM functionality. What I was trying to > say is that this patch allows LSMs to implement policies that are > equivalent to their existing functionality, e.g. paves the way to add > security_enclave_load() as an equivalent to security_file_mprotect(). I would suggest describing explicitly in the commit message what you want to do, which you said here e.g. "I do this because I want to add LSM hooks". This also relevant information for the LKM discussion. Lets see how the next version looks like now that you have some feedback. In the whole scope of the patch set, in order to make it more readable, I'll give following suggestions on how it is organized: 1. Leave out anything that is not strictly necessary (cosmetic fix, batch operation if possible). Better to focus one thing at a time. 2. Try to organize it so that each function is fully defined in the scope of one patch even if it would mean larger patches. 3. Do not add one call site helpers unless there is a good reason to do so. A good reason would be something like needing to extensive work in error rollback, which would make the caller a mess. /Jarkko