Received: by 2002:ab2:69cc:0:b0:1f4:be93:e15a with SMTP id n12csp1706397lqp; Mon, 15 Apr 2024 14:47:38 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV8+bGrep1Boz+nCihHxfTgWNbqx1DsSKyiYs+JPA+KMiendbQ7FBAtwxMtqO3/gNPmrvs0YYaDdOYREpygXIGOLxtzzy+p5aOjb+d/7g== X-Google-Smtp-Source: AGHT+IFUCpOHH5dQ/KrK0+q1vYkmvwO9gsnswzvwphkyliZXknRwfF2gnmTu+KtwXYF0asdgotg6 X-Received: by 2002:a17:903:22cf:b0:1e2:c350:b46a with SMTP id y15-20020a17090322cf00b001e2c350b46amr291788plg.27.1713217658595; Mon, 15 Apr 2024 14:47:38 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713217658; cv=pass; d=google.com; s=arc-20160816; b=MgSEHEM2KwUIXH0pv9ozbzLuobXGTEhaHbVne14NT0pR5YXS2EQui6VuFSHbU48tft 1dsBts39/RbZn2RBGpLwRqJ4w9GRXrxg0lfPbDjffCW3X2kkkuwb5toPU0d9x1DIa5TX VMPw2fNUdbjzIMPX6Ve/QtvoyGEJk7CaS6dVNGErOZ3RwbyOZ204cq2tfj+ghn4tf7iy LU13NcJDZN2rajv1KNBKX5Q1Eq9PffksDT4bc5U/8sUh4GI5yIq95v5iSnJeXfhBGvr1 uOFR8vLLV7gsaLxvSSPX9YQS7CibbD1kCsjoY5SsJVdgku7vhJSPHa26ZdejoZERQfDh ratw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=dokcWjXT+YSYrMC1bdYdQlZL1VQluvIOfoWzumCKhiU=; fh=xNg9hOr4CJ0U9B3oV723FbYR+Iqt0fm5la/AaxlkadU=; b=HcU9ZKnlwVPFgQA22D1+zFWNxAOz1+Ez5of+KH4wTSbRlhZss+optmdyHbEjdZ1za+ PiR11M2JvETdhWNNc1qAevKhZLDyrMXji0yRVbajwBtboT5SebLVAEK68GznOfmtJl/7 hBnn33LMCDSugYUi4evzGHtphIneKuGt+t0aSkVSw4OCHRqRo3j8+9xvbAZgoccKTP4k BeXvfKeYmbRNkpyylPB/HRze+k1ztJN3D7869ihA+GHvi3A4Vz1HOVfcuTKda8TFB6PT Vk4K1vjMp7AnYvSFNNNeQb3cOrO8RZUhhfU0FxP2c5RBb71UWY+L5Qhbs/Dq4f1Bz26+ ODnw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RSjxWS+5; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-145941-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-145941-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id me15-20020a170902fc4f00b001e098ad43d7si8751613plb.216.2024.04.15.14.47.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Apr 2024 14:47:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-145941-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RSjxWS+5; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-145941-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-145941-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B14662864C4 for ; Mon, 15 Apr 2024 21:39:48 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3FD9E15884D; Mon, 15 Apr 2024 21:39:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RSjxWS+5" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64AF2823CE; Mon, 15 Apr 2024 21:39:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713217153; cv=none; b=jPHo7/V7iM1+zUnCyYofMeJyolFdVuiuNTzKCHxBUwKZJ/XzAEA4NO8Cz8IlcKS3g/TU+CAsEIG2Sxzn9GkAkOUMc+JHzRuQZ/UMbZ0NI5aLVLUDVwChwL0zn828Pcldgaofx4kCE9nNN/lNMpiqrQOe2hZVghs0EC8LS21sanQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713217153; c=relaxed/simple; bh=humnfQnPK1rgJcqy6II8SICWwJj6C/MQ8EAQtW605Dg=; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc: Message-Id:References:To; b=pGxhiMn1aW+tnmYpl4gf+SGalCv6L3HJaPYZ4R+IvB5y77qbQKpHt7vYUOh15GB/BzleeZ+jEF+UsknolSZeU9jUY8Rc45qJP9jHHudyQf1aFwCggPURwVmKDI2eefkZGc3I1qwYr0+41/gEduIIM4fR9jA+je0FHIQj6+hbF+0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RSjxWS+5; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id B7DD7C32781; Mon, 15 Apr 2024 21:39:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713217153; bh=humnfQnPK1rgJcqy6II8SICWwJj6C/MQ8EAQtW605Dg=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=RSjxWS+5reZxNnia7nWR2CzOBEb3jwK3ue6UExkY463XUI8u7q8u+BUOmtKBL8LXW 0lW196ngBfwPLQYcUL5pQ+3Bz3HOkiij1wvAzBmv7pmskZyGBwf12j/fGpfKRZs8Rg oJj1LPzMCpuF/cg7febxdf49DcXjn5RYUKYlFnTKJndqq/6OPRvOke/NI8XiOfIFTF OO0tw0vlcpXpXgB8iByqXAXnMO6HxEyN6eeJbHkF9gOvdxTo8u8tj0dG3K4qqiOXZ9 meLJSCxLmgMVBSilETegwUoAfXO7Rid6FdbZfJFpQE+wzNWP4nz0CzksQ+ecis+cBv oePcbnlfT6LkA== Content-Type: text/plain; charset=us-ascii Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\)) Subject: Re: [kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots From: KP Singh In-Reply-To: <0a4ebcd2-7772-4832-885d-221e0c6f6c04@schaufler-ca.com> Date: Mon, 15 Apr 2024 23:39:08 +0200 Cc: Paul Moore , Andrii Nakryiko , Kees Cook , Song Liu , Tetsuo Handa , kernel test robot , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, lkp@intel.com, oe-lkp@lists.linux.dev Content-Transfer-Encoding: quoted-printable Message-Id: <11DA2A00-28F4-44F8-BBA7-012400FE1050@kernel.org> References: <202404151225.ce542e38-lkp@intel.com> <757538DA-07A4-4332-BAFA-B864BFD06A76@kernel.org> <30876b80-c437-4916-b982-97c1a95c0747@I-love.SAKURA.ne.jp> <0a4ebcd2-7772-4832-885d-221e0c6f6c04@schaufler-ca.com> To: Casey Schaufler X-Mailer: Apple Mail (2.3774.500.171.1.1) > On 15 Apr 2024, at 22:54, Casey Schaufler = wrote: >=20 > On 4/15/2024 1:42 PM, KP Singh wrote: >>=20 >>> On 15 Apr 2024, at 17:47, KP Singh wrote: >>>=20 >>>=20 >> [...] >>=20 >>>> wrote: >>>>> On 2024/04/15 17:26, KP Singh wrote: >>>>>> This seems like an odd config which does not enable STATIC_CALL, = I am going to >>>>>> make CONFIG_SECURITY depend on CONFIG_STATIC_CALL and make the = dependency explicit. >>>>> If CONFIG_SECURITY depends on CONFIG_STATIC_CALL, architectures = which do not >>>>> support CONFIG_STATIC_CALL can no longer use LSM ? That sounds a = bad dependency. >>>> Agreed. If the arch doesn't support static calls we need a = fallback >>>> solution for the LSM that is no worse than what we have now, and >>>> preferably would still solve the issue of the BPF hooks active even >>>> where this is no BPF program attached. >>> Actually I take it back, when CONFIG_STATIC_CALL is not available, = the implementation falls back to an indirect call. This crash is = unrelated, I will debug further and post back. >> Apparently, when I smoke tested, I had CONFIG_IMA disabled so did not = hit the bug. Well, now IMA is an LSM, so the following fixes it: >=20 > You'll want CONFIG_EVM as well, I bet. Indeed, thanks Casey!