[PATCH v4 5/5] security: Add CONFIG_SECURITY_HOOK_LIKELY
Kees Cook
keescook at chromium.org
Fri Sep 22 15:50:50 UTC 2023
On Fri, Sep 22, 2023 at 04:55:05PM +0200, KP Singh wrote:
> This config influences the nature of the static key that guards the
> static call for LSM hooks.
>
> When enabled, it indicates that an LSM static call slot is more likely
> to be initialized. When disabled, it optimizes for the case when static
> call slot is more likely to be not initialized.
>
> When a major LSM like (SELinux, AppArmor, Smack etc) is active on a
> system the system would benefit from enabling the config. However there
> are other cases which would benefit from the config being disabled
> (e.g. a system with a BPF LSM with no hooks enabled by default, or an
> LSM like loadpin / yama). Ultimately, there is no one-size fits all
> solution.
> [...]
> Acked-by: Song Liu <song at kernel.org>
> Signed-off-by: KP Singh <kpsingh at kernel.org>
Looks great!
Reviewed-by: Kees Cook <keescook at chromium.org>
--
Kees Cook
More information about the Linux-security-module-archive
mailing list