[RFC] security: replace indirect calls with static calls

Peter Zijlstra peterz at infradead.org
Fri Feb 5 15:40:10 UTC 2021


On Fri, Feb 05, 2021 at 10:09:26AM -0500, Mathieu Desnoyers wrote:
> Then we should be able to generate the following using static keys as a
> jump table and N static calls:
> 
>   jump <static key label target>
> label_N:
>   stack setup
>   call
> label_N-1:
>   stack setup
>   call
> label_N-2:
>   stack setup
>   call
>   ...
> label_0:
>   jump end
> label_fallback:
>   <iteration and indirect calls>
> end:
> 
> So the static keys would be used to jump to the appropriate label (using
> a static branch, which has pretty much 0 overhead). Static calls would
> be used to implement each of the calls.
> 
> Thoughts ?

At some point I tried to extend the static_branch infra to do multiple
targets and while the low level plumbing is trivial, I ran into trouble
trying to get a sane C level API for it.




More information about the Linux-security-module-archive mailing list