[PATCH] init/main.c: Initialize early LSMs after arch code

Paul Moore paul at paul-moore.com
Tue Aug 13 18:21:23 UTC 2024


On Tue, Aug 13, 2024 at 11:56 AM KP Singh <kpsingh at kernel.org> wrote:
> On Tue, Aug 13, 2024 at 6:08 AM Guenter Roeck <linux at roeck-us.net> wrote:

...

> > A somewhat primitive alternate fix is:
> >
> > diff --git a/security/security.c b/security/security.c
> > index aa059d0cfc29..dea9736b2014 100644
> > --- a/security/security.c
> > +++ b/security/security.c
> > @@ -156,7 +156,7 @@ static __initdata struct lsm_info *exclusive;
> >    * and a trampoline (STATIC_CALL_TRAMP) which are used to call
> >    * __static_call_update when updating the static call.
> >    */
> > -struct lsm_static_calls_table static_calls_table __ro_after_init = {
> > +struct lsm_static_calls_table static_calls_table __ro_after_init __attribute__((aligned(8))) = {
> >   #define INIT_LSM_STATIC_CALL(NUM, NAME)                                        \
>
> I think it's worth making it aligned at 8 byte, a much simpler fix
> than the arch change.

Agreed, although please make sure it is well commented about why the
alignment is important.  It sounds like that's already your plan, but
I just want to make sure we're clear on this :)

I'd also suggest using the __aligned() macro from
compiler_attributes.h instead of the long form
__attribute__((aligned(x))).

Further, while an alignment value of "8" is generally easy enough to
guess at, especially when Alpha is concerned, it might help to further
hint at the reason by using sizeof(u64), e.g.
`__aligned(sizeof(u64))`.

> Paul, I will rebase my series with these
> patches, better descriptions and post them later today.

Great, thanks.

-- 
paul-moore.com



More information about the Linux-security-module-archive mailing list