[PATCH] init/main.c: Initialize early LSMs after arch code
Paul Moore
paul at paul-moore.com
Tue Aug 6 21:41:56 UTC 2024
On Mon, Aug 5, 2024 at 10:20 PM Nathan Chancellor <nathan at kernel.org> wrote:
> On Tue, Aug 06, 2024 at 01:29:37AM +0200, KP Singh wrote:
> > On Mon, Aug 5, 2024 at 9:58 PM Paul Moore <paul at paul-moore.com> wrote:
> > >
> > > On Thu, Aug 1, 2024 at 1:17 PM KP Singh <kpsingh at kernel.org> wrote:
> > > >
> > > > With LSMs using static calls, early_lsm_init needs to wait for setup_arch
> > > > for architecture specific functionality which includes jump tables and
> > > > static calls to be initialized.
> > > >
> > > > This only affects "early LSMs" i.e. only lockdown when
> > > > CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is set.
> > > >
> > > > Fixes: 2732ad5ecd5b ("lsm: replace indirect LSM hook calls with static calls")
> > > > Signed-off-by: KP Singh <kpsingh at kernel.org>
> > > > ---
> > > > init/main.c | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > Considering the problems we've had, I'd like to hear more about how
> ...
> > I guess it would not harm Boris, Nathan and others to look at it as
> > well and see if it breaks any of their tests.
>
> For what it's worth, I have not noticed any issues in my -next testing
> with this patch applied but I only build architectures that build with
> LLVM due to the nature of my work. If exposure to more architectures is
> desirable, perhaps Guenter Roeck would not mind testing it with his
> matrix?
Thanks Nathan.
I think the additional testing would be great, KP can you please work
with Guenter to set this up?
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list