[kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots
Casey Schaufler
casey at schaufler-ca.com
Mon Apr 15 20:54:28 UTC 2024
On 4/15/2024 1:42 PM, KP Singh wrote:
>
>> On 15 Apr 2024, at 17:47, KP Singh <kpsingh at kernel.org> wrote:
>>
>>
> [...]
>
>>> <penguin-kernel at i-love.sakura.ne.jp> wrote:
>>>> On 2024/04/15 17:26, KP Singh wrote:
>>>>> This seems like an odd config which does not enable STATIC_CALL, I am going to
>>>>> make CONFIG_SECURITY depend on CONFIG_STATIC_CALL and make the dependency explicit.
>>>> If CONFIG_SECURITY depends on CONFIG_STATIC_CALL, architectures which do not
>>>> support CONFIG_STATIC_CALL can no longer use LSM ? That sounds a bad dependency.
>>> Agreed. If the arch doesn't support static calls we need a fallback
>>> solution for the LSM that is no worse than what we have now, and
>>> preferably would still solve the issue of the BPF hooks active even
>>> where this is no BPF program attached.
>> Actually I take it back, when CONFIG_STATIC_CALL is not available, the implementation falls back to an indirect call. This crash is unrelated, I will debug further and post back.
> Apparently, when I smoke tested, I had CONFIG_IMA disabled so did not hit the bug. Well, now IMA is an LSM, so the following fixes it:
You'll want CONFIG_EVM as well, I bet.
More information about the Linux-security-module-archive
mailing list