[PATCH v8 5/5] security: Add CONFIG_SECURITY_HOOK_LIKELY
Kees Cook
keescook at chromium.org
Fri Dec 8 17:36:05 UTC 2023
On Fri, Nov 10, 2023 at 11:20:37PM +0100, KP Singh wrote:
> [...]
> ---
> security/Kconfig | 11 +++++++++++
> 1 file changed, 11 insertions(+)
Did something go missing from this patch? I don't see anything depending
on CONFIG_SECURITY_HOOK_LIKELY (I think this was working in v7, though?)
Regardless, Paul, please take patches 1-4, they bring us measurable
speed-ups across the board.
-Kees
>
> diff --git a/security/Kconfig b/security/Kconfig
> index 52c9af08ad35..317018dcbc67 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -32,6 +32,17 @@ config SECURITY
>
> If you are unsure how to answer this question, answer N.
>
> +config SECURITY_HOOK_LIKELY
> + bool "LSM hooks are likely to be initialized"
> + depends on SECURITY && EXPERT
> + default SECURITY_SELINUX || SECURITY_SMACK || SECURITY_TOMOYO || SECURITY_APPARMOR
> + help
> + This controls the behaviour of the static keys that guard LSM hooks.
> + If LSM hooks are likely to be initialized by LSMs, then one gets
> + better performance by enabling this option. However, if the system is
> + using an LSM where hooks are much likely to be disabled, one gets
> + better performance by disabling this config.
> +
> config SECURITYFS
> bool "Enable the securityfs filesystem"
> help
> --
> 2.42.0.869.gea05f2083d-goog
>
--
Kees Cook
More information about the Linux-security-module-archive
mailing list