From: Peter Zijlstra <peterz@infradead.org>
To: Paul Moore <paul@paul-moore.com>
Cc: Josh Poimboeuf <jpoimboe@kernel.org>,
Jason Baron <jbaron@akamai.com>, KP Singh <kpsingh@kernel.org>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, bp@alien8.de,
sfr@canb.auug.org.au, guoren@kernel.org,
tsbogend@alpha.franken.de
Subject: Re: [PATCH] init/main.c: Do jump_label_init before early_security_init
Date: Thu, 1 Aug 2024 10:48:03 +0200 [thread overview]
Message-ID: <20240801084803.GY12673@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20240801083441.GL33588@noisy.programming.kicks-ass.net>
On Thu, Aug 01, 2024 at 10:34:41AM +0200, Peter Zijlstra wrote:
> On Wed, Jul 31, 2024 at 09:15:04PM -0400, Paul Moore wrote:
> > On Wed, Jul 31, 2024 at 5:34 PM KP Singh <kpsingh@kernel.org> wrote:
> > >
> > > LSM indirect calls being are now replaced by static calls, this requires
> > > a jumpt_table_init before early_security_init where LSM hooks and their
> > > static calls and keys are initialized.
> > >
> > > Fixes: 2732ad5ecd5b ("lsm: replace indirect LSM hook calls with static calls")
> > > Signed-off-by: KP Singh <kpsingh@kernel.org>
> > > ---
> > > init/main.c | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > Does this look okay, static call folks?
>
> Are we confused between jump_label/static_branch and static_call ?
>
> > > diff --git a/init/main.c b/init/main.c
> > > index 206acdde51f5..5bd45af7a49e 100644
> > > --- a/init/main.c
> > > +++ b/init/main.c
> > > @@ -922,6 +922,8 @@ void start_kernel(void)
> > > boot_cpu_init();
> > > page_address_init();
> > > pr_notice("%s", linux_banner);
> > > + /* LSM and command line parameters use static keys */
> > > + jump_label_init();
> > > early_security_init();
> > > setup_arch(&command_line);
> > > setup_boot_config();
> > > @@ -933,8 +935,6 @@ void start_kernel(void)
> > > boot_cpu_hotplug_init();
> > >
> > > pr_notice("Kernel command line: %s\n", saved_command_line);
> > > - /* parameters may set static keys */
> > > - jump_label_init();
> > > parse_early_param();
> > > after_dashes = parse_args("Booting kernel",
> > > static_command_line, __start___param,
Anyway, the scariest thing jump_label_init() does is
arch_jump_label_transform_static(). Which, IIRC, was used to optimize
NOPs on x86, which we've since removed.
Only csky and mips seem to still implement this hook, and they do
flush_icache() -- as one would expect.
If any of that is affected by the placement you propose, is something
you'd have to ask those architecture maintainers I'm afraid.
Aside from that I don't see a problem :-)
next prev parent reply other threads:[~2024-08-01 8:48 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-31 21:34 [PATCH] init/main.c: Do jump_label_init before early_security_init KP Singh
2024-08-01 1:15 ` Paul Moore
2024-08-01 5:48 ` Nathan Chancellor
2024-08-01 6:14 ` Nathan Chancellor
2024-08-01 11:53 ` KP Singh
2024-08-01 8:34 ` Peter Zijlstra
2024-08-01 8:48 ` Peter Zijlstra [this message]
2024-08-01 11:26 ` KP Singh
2024-08-01 7:34 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240801084803.GY12673@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=bp@alien8.de \
--cc=guoren@kernel.org \
--cc=jbaron@akamai.com \
--cc=jpoimboe@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sfr@canb.auug.org.au \
--cc=tsbogend@alpha.franken.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.