On Wed, Sep 20, 2023 at 5:54 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> On Mon, Sep 18, 2023 at 11:24:57PM +0200, KP Singh wrote:
> > LSM hooks are currently invoked from a linked list as indirect calls
> > which are invoked using retpolines as a mitigation for speculative
> > attacks (Branch History / Target injection) and add extra overhead which
> > is especially bad in kernel hot paths:
>
> I feel like the performance details in the cover letter should be
> repeated in this patch, since it's the one doing the heavy lifting.
Good point, added the results to the patch as well.
>
> > [...]
> >
> > Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx>
>
> Regardless, this is a nice improvement on execution time and one of the
> more complex cases for static calls.
>
> > -struct security_hook_heads {
> > - #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME;
> > - #include "lsm_hook_defs.h"
> > +/*
> > + * @key: static call key as defined by STATIC_CALL_KEY
> > + * @trampoline: static call trampoline as defined by STATIC_CALL_TRAMP
> > + * @hl: The security_hook_list as initialized by the owning LSM.
> > + * @active: Enabled when the static call has an LSM hook associated.
> > + */
> > +struct lsm_static_call {
> > + struct static_call_key *key;
> > + void *trampoline;
> > + struct security_hook_list *hl;
> > + /* this needs to be true or false based on what the key defaults to */
> > + struct static_key_false *active;
> > +};
>
> Can this be marked __randomize_layout too?
Yes, done.
>
> Everything else looks good to me. I actually find the result more
> readable that before. But then I do love a good macro. :)
Yay!
>
> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
>
> --
> Kees Cook
