Re: [PATCH v12 3/5] security: Replace indirect LSM hook calls with static calls

[PATCH v12 0/5] Reduce overhead of LSMs with static calls · KP Singh <kpsingh@kernel.org> · 2024-05-16
[PATCH v12 1/5] kernel: Add helper macros for loop unrolling · KP Singh <kpsingh@kernel.org> · 2024-05-16
Re: [PATCH v12 1/5] kernel: Add helper macros for loop unrolling · John Johansen <john.johansen@canonical.com> · 2024-05-17
[PATCH v12 2/5] security: Count the LSMs enabled at compile time · KP Singh <kpsingh@kernel.org> · 2024-05-16
Re: [PATCH v12 2/5] security: Count the LSMs enabled at compile time · John Johansen <john.johansen@canonical.com> · 2024-05-17
[PATCH v12 3/5] security: Replace indirect LSM hook calls with static calls · KP Singh <kpsingh@kernel.org> · 2024-05-16
Re: [PATCH v12 3/5] security: Replace indirect LSM hook calls with static calls · Jonathan Corbet <corbet@lwn.net> · 2024-06-27
Re: [PATCH v12 3/5] security: Replace indirect LSM hook calls with static calls · KP Singh <kpsingh@kernel.org> · 2024-06-29
[PATCH v12 4/5] security: Update non standard hooks to use static calls · KP Singh <kpsingh@kernel.org> · 2024-05-16
[PATCH v12 5/5] bpf: Only enable BPF LSM hooks when an LSM program is attached · KP Singh <kpsingh@kernel.org> · 2024-05-16
Re: [PATCH v12 5/5] bpf: Only enable BPF LSM hooks when an LSM program is attached · Paul Moore <paul@paul-moore.com> · 2024-06-11
Re: [PATCH v12 5/5] bpf: Only enable BPF LSM hooks when an LSM program is attached · KP Singh <kpsingh@kernel.org> · 2024-06-29
Re: [PATCH v12 5/5] bpf: Only enable BPF LSM hooks when an LSM program is attached · Paul Moore <paul@paul-moore.com> · 2024-07-01
Re: [PATCH v12 0/5] Reduce overhead of LSMs with static calls · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2024-05-18
Re: [PATCH v12 0/5] Reduce overhead of LSMs with static calls · Kees Cook <kees@kernel.org> · 2024-06-06
Re: [PATCH v12 0/5] Reduce overhead of LSMs with static calls · Paul Moore <paul@paul-moore.com> · 2024-06-06
Re: [PATCH v12 0/5] Reduce overhead of LSMs with static calls · Kees Cook <kees@kernel.org> · 2024-06-06
Re: [PATCH v12 0/5] Reduce overhead of LSMs with static calls · Paul Moore <paul@paul-moore.com> · 2024-06-06

From: KP Singh <kpsingh@kernel.org>
Date: 2024-06-29 08:28:31
Also in: bpf

On Fri, Jun 28, 2024 at 1:58 AM Jonathan Corbet [off-list ref] wrote:

KP Singh [off-list ref] writes:

quoted

LSM hooks are currently invoked from a linked list as indirect calls
which are invoked using retpolines as a mitigation for speculative
attacks (Branch History / Target injection) and add extra overhead which
is especially bad in kernel hot paths:

I hate to bug you with a changelog nit, but this is the sort of thing
that might save others some work..

[...]

quoted

A static key guards whether an LSM static call is enabled or not,
without this static key, for LSM hooks that return an int, the presence
of the hook that returns a default value can create side-effects which
has resulted in bugs [1].

I looked in vain for [1] to see what these bugs were.  After sufficient
digging, I found that the relevant URL:

  https://lore.kernel.org/linux-security-module/20220609234601.2026362-1-kpsingh@kernel.org/ (local)

Thank you so much Jon, appreciate the attention to detail, I have
fixed it in v13.

- KP

was evidently dropped in v4 of the patch set last September, and nobody
evidently noticed.  If there's a v13, I might humbly suggest putting it
back :)

Thanks,

jon

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help