[RFC] security: replace indirect calls with static calls
Peter Zijlstra
peterz at infradead.org
Fri Feb 5 15:40:10 UTC 2021
On Fri, Feb 05, 2021 at 10:09:26AM -0500, Mathieu Desnoyers wrote:
> Then we should be able to generate the following using static keys as a
> jump table and N static calls:
>
> jump <static key label target>
> label_N:
> stack setup
> call
> label_N-1:
> stack setup
> call
> label_N-2:
> stack setup
> call
> ...
> label_0:
> jump end
> label_fallback:
> <iteration and indirect calls>
> end:
>
> So the static keys would be used to jump to the appropriate label (using
> a static branch, which has pretty much 0 overhead). Static calls would
> be used to implement each of the calls.
>
> Thoughts ?
At some point I tried to extend the static_branch infra to do multiple
targets and while the low level plumbing is trivial, I ran into trouble
trying to get a sane C level API for it.
More information about the Linux-security-module-archive
mailing list