On Sun, 2019-07-07 at 12:08 -0700, Sean Christopherson wrote:
> LGTM but why it isn't like:
> >
> > __u16 mrmask;
> > __u8 prot;
> > __u8 reserved[5];
>
> Because math is hard :-) Though I think we'd want
>
> __u16 mrmask
> __u8 prot
> __u8 pad[5];
>
> with an optional
>
> __u64 reserved[?];
>
> "pad" can be ignored, e.g. doesn't need to be explicitly zeroed by
> userspace, whereas "reserved" requires explicit zeroing and probably an
> associated kernel check.
OK, cool with the change itself. Still need to get a better idea
how these make sense in architectural sense.
Things that would help with overall picture:
1. We have to figure out how this can be useful when LSM's are not used.
That gives at least some evidence that the security model is overally
good if it makes sense with and without LSM. Right now this looks like
dead functionality if not coupled with an LSM.
2. Probably some "user story" type of examples would help with the
discussion overall [1] i.e. how one would use this for
her own good.
[1] Probably many of the folks who work x86 tree have ignored major
part of the discussion. Somehow these should be brought to
nutshell so that anyone can get whatever the model is. Anyone
should get it basically.
/Jarkko
