KP Singh <kpsingh@xxxxxxxxxx> writes: > LSM hooks are currently invoked from a linked list as indirect calls > which are invoked using retpolines as a mitigation for speculative > attacks (Branch History / Target injection) and add extra overhead which > is especially bad in kernel hot paths: I hate to bug you with a changelog nit, but this is the sort of thing that might save others some work.. [...] > A static key guards whether an LSM static call is enabled or not, > without this static key, for LSM hooks that return an int, the presence > of the hook that returns a default value can create side-effects which > has resulted in bugs [1]. I looked in vain for [1] to see what these bugs were. After sufficient digging, I found that the relevant URL: https://lore.kernel.org/linux-security-module/20220609234601.2026362-1-kpsingh@xxxxxxxxxx/ was evidently dropped in v4 of the patch set last September, and nobody evidently noticed. If there's a v13, I might humbly suggest putting it back :) Thanks, jon
