Re: [PATCH RFC v15 12/21] security: add security_bdev_setintegrity() hook

From: Jarkko Sakkinen
Date: Thu Mar 21 2024 - 13:25:43 EST


On Wed Mar 20, 2024 at 10:31 PM EET, Fan Wu wrote:
>
>
> On 3/20/2024 1:31 AM, Jarkko Sakkinen wrote:
> > On Wed Mar 20, 2024 at 10:28 AM EET, Jarkko Sakkinen wrote:
> >> On Wed Mar 20, 2024 at 1:00 AM EET, Paul Moore wrote:
> >>> On Mar 15, 2024 Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx> wrote:
> >>>>
> >>>> This patch introduces a new hook to save block device's integrity
> >>>> data. For example, for dm-verity, LSMs can use this hook to save
> >>>> the roothash signature of a dm-verity into the security blob,
> >>>> and LSMs can make access decisions based on the data inside
> >>>> the signature, like the signer certificate.
> >>>>
> >>>> Signed-off-by: Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx>
> >>>>
> >>>> --
> >>>> v1-v14:
> >>>> + Not present
> >>>>
> >>>> v15:
> >>>> + Introduced
> >>>>
> >>>> ---
> >>>> include/linux/lsm_hook_defs.h | 2 ++
> >>>> include/linux/security.h | 14 ++++++++++++++
> >>>> security/security.c | 28 ++++++++++++++++++++++++++++
> >>>> 3 files changed, 44 insertions(+)
> >>>
> >>> I'm not sure why you made this a separate patch, help? If there is
> >>> no significant reason why this is separate, please squash it together
> >>> with patch 11/21.
> >>
> >> Off-topic: it is weird to have *RFC* patch set at v15.
> >>
> >> RFC by de-facto is something that can be safely ignored if you don't
> >> have bandwidth. 15 versions of anything that can be safely ignored
> >> is by definition spamming :-) I mean just conceptually.
> >>
> >> So does the RFC still hold or what the heck is going on with this one?
> >>
> >> Haven't followed for some time now...
> >
> > I mean if this RFC trend continues I'll just put auto-filter for this
> > thread to put straight to the bin. There's enough non-RFC patch sets
> > to review.
> >
> > BR, Jarkko
>
> Sorry about the confusion with the RFC tag – I wasn't fully aware of its
> conventional meaning and how it's perceived in terms of importance and
> urgency. Point taken, and I'll make sure to remove the RFC tag for
> future submissions. Definitely not my intention to clog up the workflow
> or seem like I'm spamming.

OK cool! Just wanted to point this out also because it already looks
good enough not to be considered as RFC in my eyes :-) If you keep RFC
it is by definition "look into if you have the bandwidth but please
do not take this to mainline". No means to nitpick here...

BR, Jarkko