Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp704653pxb; Thu, 2 Sep 2021 13:05:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyI239Ww+mQmJoYKlzvWRI6BmFQ1qmJPpsoN/YI99cWvikzGIaLTbr4c8wUuFmJdiadAxV6 X-Received: by 2002:a05:6402:550:: with SMTP id i16mr73831edx.129.1630613129885; Thu, 02 Sep 2021 13:05:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630613129; cv=none; d=google.com; s=arc-20160816; b=WFtZmh7szebT5Ioov5avnFtj980a4sr6JFdLJJxLsi2wZMby4wnQ8HebC73KR/IV1f 8bNIhFPpAr8kqIRGCTicIRGFFgz6dIC/xWsFCmFy98r8qilIHtqtrLclsY4SmqZn9M8y KYPkeuJ0y+E93wbqd6mJdjbL90WJYtJFDpAsi7nwNjoAhLSGJu3BvwalXpIHuS+6sUoK 2bG3JJKySmRcz2XhIU8esbCEIsElesyFMwNEVikKOlthefuSCI3LApCsdR9U8MIh0bQ0 OLU4qAN5e4ahp+7ZQgeZs1ceKuRltJcrE4OJ9a0k7cKvmGMFmuH68h+W8r82TgHKJeAW pwdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=mNxkki5MGEDCiTKY8jKHN5u7oVucBHHUTld3dNM93OY=; b=kg7bzns/9DIUMBcJLtPoaRmnKl9AKBHH7ZiFiARkVLh4XyZG9rSRgWIUmuD9TVPNc0 x0xVMwX7jeRRwlw2nQ7Bqk5+kiqrKn+gfrBu15GzSobTpjizMtg757mb5mMxpuV3OZid 2lWtJS3jKm1TlsOqYPNMrKOxPr8j8ZODWkTifWWBwyPETQ7VLxZr/ln51nVJq3VZZZMu U3hgzEYh+vbpuwXWZCgYhWCJxpbdQpMC5r3i3B04M6TU385etrvEz1CKRl4gyXMLdv45 LS50ddc+O/iGFURvY7qdk/FdyORI+tVd8/bKQRt5O+aPjObD1DjWzKpeCm5j1n5NPopH mxwQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dVgab2GX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b15si2650969ejl.715.2021.09.02.13.05.04; Thu, 02 Sep 2021 13:05:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dVgab2GX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345711AbhIBPGv (ORCPT + 99 others); Thu, 2 Sep 2021 11:06:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:49772 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234984AbhIBPGs (ORCPT ); Thu, 2 Sep 2021 11:06:48 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 635D26108B; Thu, 2 Sep 2021 15:05:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1630595150; bh=jPC3kdz5JKgIhlrA2cm66wzQSrTW00eesyq/cJjIgP0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=dVgab2GXk4tPJkxwWhPBtJp2/t1ZBgllgVkDNuC8ZmFKnr3vk++R+EqSX7TxVMv5Q jtmI4RddhxcJY0vxhEHH07zyGoQOpMsKLrZtHs8cV1fmQBm3GzCj3WMouvH+hWpqMr fTGDGj+Jp7elGG+wepOuwH4cjICE7ZzCZs0O0QAM= Date: Thu, 2 Sep 2021 17:05:47 +0200 From: Greg KH To: James Bottomley Cc: Dov Murik , linux-efi@vger.kernel.org, Borislav Petkov , Ashish Kalra , Brijesh Singh , Tom Lendacky , Ard Biesheuvel , James Morris , "Serge E. Hallyn" , Andi Kleen , "Dr. David Alan Gilbert" , Tobin Feldman-Fitzthum , Jim Cadden , linux-coco@lists.linux.dev, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 0/3] Allow access to confidential computing secret area in SEV guests Message-ID: References: <20210809190157.279332-1-dovmurik@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 02, 2021 at 07:35:10AM -0700, James Bottomley wrote: > On Thu, 2021-09-02 at 14:57 +0200, Greg KH wrote: > [...] > > Wait, why are you using securityfs for this? > > > > securityfs is for LSMs to use. > > No it isn't ... at least not exclusively; we use it for non LSM > security purposes as well, like for the TPM BIOS log and for IMA. What > makes you think we should start restricting securityfs to LSMs only? > That's not been the policy up to now. Well that was the original intent of the filesystem when it was created, but I guess it's really up to the LSM maintainers now what they want it for. > > If you want your own filesystem to play around with stuff like this, > > great, write your own, it's only 200 lines or less these days. We > > used to do it all the time until people realized they should just use > > sysfs for driver stuff. > > This is a security purpose (injected key retrieval), so securityfs > seems to be the best choice. It's certainly possible to create a new > filesystem, but I really think things with a security purpose should > use securityfs so people know where to look for them. knowing where to look should not be an issue, as that should be documented in Documentation/ABI/ anyway, right? It's just the overlap / overreach of using an existing filesystem for things that don't seem to be LSM-related that feels odd to me. Why not just make a cocofs if those people want a filesystem interface? It's 200 lines or so these days, if not less, and that way you only mount what you actually need for the system. Why force this into securityfs if it doesn't have to be? thanks, greg k-h