[PATCH v11 4/5] security: Update non standard hooks to use static calls

Kees Cook keescook at chromium.org
Mon May 13 19:01:33 UTC 2024


On Thu, May 09, 2024 at 10:14:20PM +0200, KP Singh wrote:
> There are some LSM hooks which do not use the common pattern followed
> by other LSM hooks and thus cannot use call_{int, void}_hook macros and
> instead use lsm_for_each_hook macro which still results in indirect
> call.
> 
> There is one additional generalizable pattern where a hook matching an
> lsmid is called and the indirect calls for these are addressed with the
> newly added call_hook_with_lsmid macro which internally uses an
> implementation similar to call_int_hook but has an additional check that
> matches the lsmid.
> 
> For the generic case the lsm_for_each_hook macro is updated to accept
> logic before and after the invocation of the LSM hook (static call) in
> the unrolled loop.
> 
> Signed-off-by: KP Singh <kpsingh at kernel.org>

I think this will give us the flexibility we need!

Reviewed-by: Kees Cook <keescook at chromium.org>

-- 
Kees Cook



More information about the Linux-security-module-archive mailing list