On Fri, Nov 10, 2023 at 11:20:37PM +0100, KP Singh wrote: > [...] > --- > security/Kconfig | 11 +++++++++++ > 1 file changed, 11 insertions(+) Did something go missing from this patch? I don't see anything depending on CONFIG_SECURITY_HOOK_LIKELY (I think this was working in v7, though?) Regardless, Paul, please take patches 1-4, they bring us measurable speed-ups across the board. -Kees > > diff --git a/security/Kconfig b/security/Kconfig > index 52c9af08ad35..317018dcbc67 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -32,6 +32,17 @@ config SECURITY > > If you are unsure how to answer this question, answer N. > > +config SECURITY_HOOK_LIKELY > + bool "LSM hooks are likely to be initialized" > + depends on SECURITY && EXPERT > + default SECURITY_SELINUX || SECURITY_SMACK || SECURITY_TOMOYO || SECURITY_APPARMOR > + help > + This controls the behaviour of the static keys that guard LSM hooks. > + If LSM hooks are likely to be initialized by LSMs, then one gets > + better performance by enabling this option. However, if the system is > + using an LSM where hooks are much likely to be disabled, one gets > + better performance by disabling this config. > + > config SECURITYFS > bool "Enable the securityfs filesystem" > help > -- > 2.42.0.869.gea05f2083d-goog > -- Kees Cook
