Re: [GIT PULL] lsm/lsm-pr-20240911

From: Tetsuo Handa
Date: Fri Sep 13 2024 - 08:29:14 EST

Next message: Philipp Stanner: "Re: [PATCH v2 1/2] drm/sched: memset() 'job' in drm_sched_job_init()"
Previous message: Dmitry Baryshkov: "Re: [PATCH v2 3/5] phy: qcom: qmp: Add phy register and clk setting for x1e80100 PCIe3"
In reply to: Paul Moore: "[GIT PULL] lsm/lsm-pr-20240911"
Next in thread: Paul Moore: "Re: [GIT PULL] lsm/lsm-pr-20240911"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2024/09/13 10:29, Paul Moore wrote:
> Linus,
>
> We've got a reasonably large pull request for the LSM framework this
> time (at least it's large for us), here are the highlights:
>
> * Move the LSM framework to static calls
>
> Based on some of our exchanges over the summer, it sounds like you
> are already familiar with the effort to convert the LSM callbacks
> from function pointers to static calls. This pull request includes
> that work and transitions the vast majority of the LSM callbacks into
> static calls. Those callbacks which haven't been converted were
> left as-is due to the general ugliness of the changes required to
> support the static call conversion; we can revisit those callbacks
> at a future date.
>
> It is worth mentioning that Tetsuo Handa is opposed to the static call
> patches, some even carry his NACK, as they make it more difficult to
> dynamically load out-of-tree LSMs, or unsupported LSMs on distro kernels.
> Many of us have tried to explain that out-of-tree LSMs are not a
> concern for the upstream LSM framework, or the Linux kernel in general,
> and that decisions around what LSMs are enabled in distro kernels is
> a distro issue, not an upstream issue, but unfortunately Tetsuo
> continues to disregard these arguments.

No, this is not only a distro issue but also an upstream issue!
Because the upstream cannot afford accepting whatever proposed LSMs
( https://lkml.kernel.org/r/8ac2731c-a1db-df7b-3690-dac2b371e431@xxxxxxxxxxxxxxxxxxx ).
That is, out-of-tree LSMs cannot become in-tree and obtain stable LSM ID is
partially due to upstream (e.g. out of resources for review, or failure to
pass patent examination because upstream does not think it adds a new value).
Making out-of-tree (or in-tree but not built-in) LSMs harder to use is a
penalty imposed by "Permanent members are exercising veto".
At least, assigning stable LSM ID to whatever proposed LSM has absolutely
zero cost. Current policy is a clear intention to lock out out-of-tree LSMs.
If you say "I don't have intention to lock out out-of-tree LSMs", please
don't go with just NACK added.

Next message: Philipp Stanner: "Re: [PATCH v2 1/2] drm/sched: memset() 'job' in drm_sched_job_init()"
Previous message: Dmitry Baryshkov: "Re: [PATCH v2 3/5] phy: qcom: qmp: Add phy register and clk setting for x1e80100 PCIe3"
In reply to: Paul Moore: "[GIT PULL] lsm/lsm-pr-20240911"
Next in thread: Paul Moore: "Re: [GIT PULL] lsm/lsm-pr-20240911"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]