On Mon, Sep 18, 2023 at 2:25 PM KP Singh <kpsingh@xxxxxxxxxx> wrote: > [...] > > While this patch uses static_branch_unlikely indicating that an LSM hook > is likely to be not present, a subsequent makes it configurable. In most > cases this is still a better choice as even when an LSM with one hook is > added, empty slots are created for all LSM hooks (especially when many > LSMs that do not initialize most hooks are present on the system). > > There are some hooks that don't use the call_int_hook and > call_void_hook. These hooks are updated to use a new macro called > security_for_each_hook where the lsm_callback is directly invoked as an > indirect call. Currently, there are no performance sensitive hooks that > use the security_for_each_hook macro. However, if, some performance > sensitive hooks are discovered, these can be updated to use static calls > with loop unrolling as well using a custom macro. > > [1] https://lore.kernel.org/linux-security-module/20220609234601.2026362-1-kpsingh@xxxxxxxxxx/ > > Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx> Acked-by: Song Liu <song@xxxxxxxxxx> > --- [...]
