Re: [PATCH RFC v15 12/21] security: add security_bdev_setintegrity() hook

From: Fan Wu
Date: Wed Mar 20 2024 - 16:31:26 EST




On 3/20/2024 1:31 AM, Jarkko Sakkinen wrote:
On Wed Mar 20, 2024 at 10:28 AM EET, Jarkko Sakkinen wrote:
On Wed Mar 20, 2024 at 1:00 AM EET, Paul Moore wrote:
On Mar 15, 2024 Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx> wrote:

This patch introduces a new hook to save block device's integrity
data. For example, for dm-verity, LSMs can use this hook to save
the roothash signature of a dm-verity into the security blob,
and LSMs can make access decisions based on the data inside
the signature, like the signer certificate.

Signed-off-by: Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx>

--
v1-v14:
+ Not present

v15:
+ Introduced

---
include/linux/lsm_hook_defs.h | 2 ++
include/linux/security.h | 14 ++++++++++++++
security/security.c | 28 ++++++++++++++++++++++++++++
3 files changed, 44 insertions(+)

I'm not sure why you made this a separate patch, help? If there is
no significant reason why this is separate, please squash it together
with patch 11/21.

Off-topic: it is weird to have *RFC* patch set at v15.

RFC by de-facto is something that can be safely ignored if you don't
have bandwidth. 15 versions of anything that can be safely ignored
is by definition spamming :-) I mean just conceptually.

So does the RFC still hold or what the heck is going on with this one?

Haven't followed for some time now...

I mean if this RFC trend continues I'll just put auto-filter for this
thread to put straight to the bin. There's enough non-RFC patch sets
to review.

BR, Jarkko

Sorry about the confusion with the RFC tag – I wasn't fully aware of its conventional meaning and how it's perceived in terms of importance and urgency. Point taken, and I'll make sure to remove the RFC tag for future submissions. Definitely not my intention to clog up the workflow or seem like I'm spamming.

-Fan