[PATCH v12 3/5] security: Replace indirect LSM hook calls with static calls
Jonathan Corbet
corbet at lwn.net
Thu Jun 27 20:28:03 UTC 2024
KP Singh <kpsingh at kernel.org> writes:
> LSM hooks are currently invoked from a linked list as indirect calls
> which are invoked using retpolines as a mitigation for speculative
> attacks (Branch History / Target injection) and add extra overhead which
> is especially bad in kernel hot paths:
I hate to bug you with a changelog nit, but this is the sort of thing
that might save others some work..
[...]
> A static key guards whether an LSM static call is enabled or not,
> without this static key, for LSM hooks that return an int, the presence
> of the hook that returns a default value can create side-effects which
> has resulted in bugs [1].
I looked in vain for [1] to see what these bugs were. After sufficient
digging, I found that the relevant URL:
https://lore.kernel.org/linux-security-module/20220609234601.2026362-1-kpsingh@kernel.org/
was evidently dropped in v4 of the patch set last September, and nobody
evidently noticed. If there's a v13, I might humbly suggest putting it
back :)
Thanks,
jon
More information about the Linux-security-module-archive
mailing list