> -----Original Message----- > From: Tim Chen [mailto:tim.c.c...@linux.intel.com] > Sent: Tuesday, October 30, 2018 2:31 PM > To: Schaufler, Casey <casey.schauf...@intel.com>; Jiri Kosina > <ji...@kernel.org>; Thomas Gleixner <t...@linutronix.de> > Cc: Tom Lendacky <thomas.lenda...@amd.com>; Ingo Molnar > <mi...@redhat.com>; Peter Zijlstra <pet...@infradead.org>; Josh Poimboeuf > <jpoim...@redhat.com>; Andrea Arcangeli <aarca...@redhat.com>; David > Woodhouse <d...@amazon.co.uk>; Andi Kleen <a...@linux.intel.com>; > Hansen, Dave <dave.han...@intel.com>; Mallick, Asit K > <asit.k.mall...@intel.com>; Arjan van de Ven <ar...@linux.intel.com>; Jon > Masters <j...@redhat.com>; Waiman Long <longman9...@gmail.com>; > linux-kernel@vger.kernel.org; x...@kernel.org; linux-security-module <linux- > security-mod...@vger.kernel.org> > Subject: Re: [Patch v4 13/18] security: Update security level of a process > when > modifying its dumpability > > On 10/30/2018 01:57 PM, Schaufler, Casey wrote: > > > > > This isn't an LSM hook and hence does not belong in this file. > > arch_set_security() isn't descriptive, and is in fact a bad choice > > as task_struct has a field "security". This function has nothing > > to do with the task->security field, which is what I would expect > > based on the name. > > > > What file will be a logical place for this function?
kernel/cpu.c ? You're working with CPU localized mitigations, right? You don't want it under security/ as that's all supposed to be bits of the LSM infrastructure. > >> + > >> +int update_process_security(struct task_struct *task) > > > > Again, this isn't an LSM hook and does not belong in this file. > > Also again, "security" isn't descriptive in the name. > > > > Thanks. > > Tim