On Thu, Apr 10, 2025 at 06:47:12PM -0400, Paul Moore wrote: > On Wed, Apr 9, 2025 at 7:13 PM Kees Cook <k...@kernel.org> wrote: > > Better yet, do this whole thing in a initcall after LSMs are loaded, and > > both can gain __ro_after_init... > > I *really* disliked all the stuff we were having to do during boot, > and all the redundant global state we were keeping around. I'll go > ahead and cache the lsm_read() result local to the function but that's > probably all I'm going to accept at this point in time.
Oh, for sure. I love that all that can get thrown away. I mean literally copy/paste what you have in lsm_read() and stick it immediately before the "lsms are done loading" notifier. Then it only needs to be done once, it's impossible to race, etc. -- Kees Cook
