On Fri, Jun 28, 2024 at 1:58 AM Jonathan Corbet <corbet@xxxxxxx> wrote: > > KP Singh <kpsingh@xxxxxxxxxx> writes: > > > LSM hooks are currently invoked from a linked list as indirect calls > > which are invoked using retpolines as a mitigation for speculative > > attacks (Branch History / Target injection) and add extra overhead which > > is especially bad in kernel hot paths: > > I hate to bug you with a changelog nit, but this is the sort of thing > that might save others some work.. > > [...] > > > A static key guards whether an LSM static call is enabled or not, > > without this static key, for LSM hooks that return an int, the presence > > of the hook that returns a default value can create side-effects which > > has resulted in bugs [1]. > > I looked in vain for [1] to see what these bugs were. After sufficient > digging, I found that the relevant URL: > > https://lore.kernel.org/linux-security-module/20220609234601.2026362-1-kpsingh@xxxxxxxxxx/ > Thank you so much Jon, appreciate the attention to detail, I have fixed it in v13. - KP > was evidently dropped in v4 of the patch set last September, and nobody > evidently noticed. If there's a v13, I might humbly suggest putting it > back :) > > Thanks, > > jon
