From: Kees Cook <keescook@chromium.org>
To: KP Singh <kpsingh@kernel.org>
Cc: linux-security-module@vger.kernel.org, bpf@vger.kernel.org,
paul@paul-moore.com, casey@schaufler-ca.com, song@kernel.org,
daniel@iogearbox.net, ast@kernel.org
Subject: Re: [PATCH v3 5/5] security: Add CONFIG_SECURITY_HOOK_LIKELY
Date: Wed, 20 Sep 2023 08:44:53 -0700 [thread overview]
Message-ID: <202309200840.722352CCB@keescook> (raw)
In-Reply-To: <20230918212459.1937798-6-kpsingh@kernel.org>
On Mon, Sep 18, 2023 at 11:24:59PM +0200, KP Singh wrote:
> This config influences the nature of the static key that guards the
> static call for LSM hooks.
>
> When enabled, it indicates that an LSM static call slot is more likely
> to be initialized. When disabled, it optimizes for the case when static
> call slot is more likely to be not initialized.
>
> When a major LSM like (SELinux, AppArmor, Smack etc) is active on a
> system the system would benefit from enabling the config. However there
> are other cases which would benefit from the config being disabled
> (e.g. a system with a BPF LSM with no hooks enabled by default, or an
> LSM like loadpin / yama). Ultimately, there is no one-size fits all
> solution.
>
> with CONFIG_SECURITY_HOOK_LIKELY enabled, the inactive /
> uninitialized case is penalized with a direct jmp (still better than
> an indirect jmp):
> [...]
> index 52c9af08ad35..bd2a0dff991a 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -32,6 +32,17 @@ config SECURITY
>
> If you are unsure how to answer this question, answer N.
>
> +config SECURITY_HOOK_LIKELY
> + bool "LSM hooks are likely to be initialized"
> + depends on SECURITY
> + default y
> + help
> + This controls the behaviour of the static keys that guard LSM hooks.
> + If LSM hooks are likely to be initialized by LSMs, then one gets
> + better performance by enabling this option. However, if the system is
> + using an LSM where hooks are much likely to be disabled, one gets
> + better performance by disabling this config.
Since you described the situations where it's a net benefit, this could
be captured in the Kconfig too. How about this, which tracks the "major"
LSMs as in the DEFAULT_SECURITY choice:
depends on SECURITY && EXPERT
default BPF_LSM || SECURITY_SELINUX || SECURITY_SMACK || SECURITY_TOMOYO || SECURITY_APPARMOR
--
Kees Cook
next prev parent reply other threads:[~2023-09-20 15:44 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-18 21:24 [PATCH v3 0/5] Reduce overhead of LSMs with static calls KP Singh
2023-09-18 21:24 ` [PATCH v3 1/5] kernel: Add helper macros for loop unrolling KP Singh
2023-09-20 15:46 ` Kees Cook
2023-09-20 18:06 ` Casey Schaufler
2023-09-21 21:00 ` Song Liu
2023-09-18 21:24 ` [PATCH v3 2/5] security: Count the LSMs enabled at compile time KP Singh
2023-09-20 15:48 ` Kees Cook
2023-09-20 18:07 ` Casey Schaufler
2023-09-20 19:24 ` Kees Cook
2023-09-21 8:41 ` KP Singh
2023-09-21 20:59 ` Song Liu
2023-09-21 13:20 ` Tetsuo Handa
2023-09-21 13:58 ` KP Singh
2023-09-22 11:25 ` Tetsuo Handa
2023-09-22 14:45 ` KP Singh
2023-09-23 6:56 ` Tetsuo Handa
2023-09-23 16:06 ` KP Singh
2023-09-25 11:03 ` Tetsuo Handa
2023-09-25 11:22 ` KP Singh
2023-10-01 10:51 ` Tetsuo Handa
2023-10-01 14:26 ` KP Singh
2023-10-01 15:00 ` Casey Schaufler
2023-10-02 10:56 ` Tetsuo Handa
2023-10-02 13:04 ` KP Singh
2023-10-02 14:34 ` Tetsuo Handa
2023-09-25 15:48 ` Casey Schaufler
2023-09-23 18:10 ` Casey Schaufler
2023-09-22 14:57 ` Paul Moore
2023-09-23 16:08 ` KP Singh
2023-09-21 14:13 ` KP Singh
2023-09-18 21:24 ` [PATCH v3 3/5] security: Replace indirect LSM hook calls with static calls KP Singh
2023-09-20 15:54 ` Kees Cook
2023-09-21 9:13 ` KP Singh
2023-09-20 18:10 ` Casey Schaufler
2023-09-21 9:14 ` KP Singh
2023-09-21 21:02 ` Song Liu
2023-09-18 21:24 ` [PATCH v3 4/5] bpf: Only enable BPF LSM hooks when an LSM program is attached KP Singh
2023-09-20 16:00 ` Kees Cook
2023-09-20 18:11 ` Casey Schaufler
2023-09-21 21:04 ` Song Liu
2023-09-18 21:24 ` [PATCH v3 5/5] security: Add CONFIG_SECURITY_HOOK_LIKELY KP Singh
2023-09-20 15:44 ` Kees Cook [this message]
2023-09-21 8:53 ` KP Singh
2023-09-21 23:03 ` Song Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202309200840.722352CCB@keescook \
--to=keescook@chromium.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=casey@schaufler-ca.com \
--cc=daniel@iogearbox.net \
--cc=kpsingh@kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.