On 7/3/2019 4:16 PM, Jarkko Sakkinen wrote:
On Thu, Jun 27, 2019 at 11:56:18AM -0700, Cedric Xing wrote:
I think it is fine to have these patch sets as a discussion starters but
it does not make any sense to me to upstream LSM changes with the SGX
foundations.
Guess LSM is a gating factor, because otherwise SGX could be abused to
make executable EPC from pages that are otherwise not allowed to be
executable. Am I missing anything?
This is exactly the same situation as with KVM changes. The patch set is
already way too big to fit to the standards [1].
The eye should be on whether the uapi (e.g. device files, ioctl's) will
work for LSM's in a legit way. Do we need more of these different
flavors of experimental LSM changes or can we make some conclusions with
the real issue we are trying to deal with?
[1] "Do not send more than 15 patches at once to the vger mailing lists!!!"
https://www.kernel.org/doc/html/v4.17/process/submitting-patches.html#select-the-recipients-for-your-patch
/Jarkko
