lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 5 Jun 2019 18:06:34 +0300
From:   Jarkko Sakkinen <>
To:     Sean Christopherson <>
Cc:     Andy Lutomirski <>,
        Cedric Xing <>,
        Stephen Smalley <>,
        James Morris <>,
        "Serge E . Hallyn" <>,
        LSM List <>,
        Paul Moore <>,
        Eric Paris <>,,
        Jethro Beekman <>,
        Dave Hansen <>,
        Thomas Gleixner <>,
        Linus Torvalds <>,
        LKML <>, X86 ML <>,,
        Andrew Morton <>,,, Serge Ayoun <>,
        Shay Katz-zamir <>,
        Haitao Huang <>,
        Andy Shevchenko <>,
        Kai Svahn <>,
        Borislav Petkov <>,
        Josh Triplett <>,
        Kai Huang <>,
        David Rientjes <>,
        William Roberts <>,
        Philip Tricca <>
Subject: Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed
 prots to ADD_PAGES

On Tue, Jun 04, 2019 at 09:45:14AM -0700, Sean Christopherson wrote:
> Heh, yeah, it's not duplicating LSM functionality.  What I was trying to
> say is that this patch allows LSMs to implement policies that are
> equivalent to their existing functionality, e.g. paves the way to add
> security_enclave_load() as an equivalent to security_file_mprotect().

I would suggest describing explicitly in the commit message what you
want to do, which you said here e.g. "I do this because I want to add
LSM hooks". This also relevant information for the LKM discussion.

Lets see how the next version looks like now that you have some

In the whole scope of the patch set, in order to make it more
readable, I'll give following suggestions on how it is organized:

1. Leave out anything that is not strictly necessary (cosmetic
fix, batch operation if possible). Better to focus one thing at
a time.
2. Try to organize it so that each function is fully defined in
the scope of one patch even if it would mean larger patches.
3. Do not add one call site helpers unless there is a good
reason to do so. A good reason would be something like needing
to extensive work in error rollback, which would make the
caller a mess.


Powered by blists - more mailing lists