Re: [PATCH v20 00/28] Intel SGX1 support

From: Thomas Gleixner
Date: Fri Apr 19 2019 - 17:38:45 EST

Next message: David Miller: "Re: [PATCH] selftests/net: correct the return value for run_afpackettests"
Previous message: Leizhen (ThunderTown): "Re: [PATCH v2 0/2] iommu/arm-smmu-v3: make sure the kdump kernel can work well when smmu is enabled"
In reply to: Jethro Beekman: "Re: [PATCH v20 00/28] Intel SGX1 support"
Next in thread: Jethro Beekman: "Re: [PATCH v20 00/28] Intel SGX1 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 19 Apr 2019, Jethro Beekman wrote:
> On 2019-04-19 14:31, Andy Lutomirski wrote:
> > I do think we need to follow LSM rules. But my bigger point is that
> > there are policies that donât allow JIT at all. I think we should
> > arrange the SGX API so itâs still usable when such a policy is in
> > effect.

> I don't think we need to arrange that right now. This patch set needs to
> be merged after more than 2 years of development. I'd like to avoid

We merge stuff when it is ready and not when someone declares that it needs
to be merged.

> introducing any more big changes. Let's just do what I described to make
> LSM not broken, which is a minimal change to the current approach. We
> can adjust the API later to support the use case you describe.

You are working around LSM nothing else and that's just not going to fly.

Thanks,

tglx

Next message: David Miller: "Re: [PATCH] selftests/net: correct the return value for run_afpackettests"
Previous message: Leizhen (ThunderTown): "Re: [PATCH v2 0/2] iommu/arm-smmu-v3: make sure the kdump kernel can work well when smmu is enabled"
In reply to: Jethro Beekman: "Re: [PATCH v20 00/28] Intel SGX1 support"
Next in thread: Jethro Beekman: "Re: [PATCH v20 00/28] Intel SGX1 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]