[PATCH v14 3/3] security: Replace indirect LSM hook calls with static calls
Paul Moore
paul at paul-moore.com
Mon Jul 29 21:16:46 UTC 2024
On Thu, Jul 11, 2024 at 4:19 PM Paul Moore <paul at paul-moore.com> wrote:
> On Thu, Jul 11, 2024 at 9:59 AM Paul Moore <paul at paul-moore.com> wrote:
> > On Wed, Jul 10, 2024 at 7:15 PM KP Singh <kpsingh at kernel.org> wrote:
> > > On Wed, Jul 10, 2024 at 10:41 PM Paul Moore <paul at paul-moore.com> wrote:
> > > > On Jul 9, 2024 KP Singh <kpsingh at kernel.org> wrote:
> >
> > ...
> >
> > > > > A static key guards whether an LSM static call is enabled or not,
> > > > > without this static key, for LSM hooks that return an int, the presence
> > > > > of the hook that returns a default value can create side-effects which
> > > > > has resulted in bugs [1].
> > > >
> > > > I don't want to rehash our previous discussions on this topic, but I do
> > > > think we either need to simply delete the paragraph above or update it
> > > > to indicate that all known side effects involving LSM callback return
> > > > values have been addressed. Removal is likely easier if for no other
> > > > reason than we don't have to go back and forth with edits, but I can
> > >
> > > Agreed, we can just delete this paragraph. Thanks!
> >
> > Okay, I'll do that. I'll send another note when it is merged into
> > lsm/dev, but as I said earlier, that is likely a few weeks out. This
> > will likely end up in lsm/dev-staging before that for testing, etc.
>
> Quick follow-up that these patches are now in lsm/dev-staging, I'll
> send another note when they are merged into lsm/{dev,next}.
One last update, these patches are now in lsm/dev and should go up to
Linus during the next merge window.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list