1

init/main.c: Initialize early LSMs after arch code, static keys and calls.

With LSMs using static calls and static keys, early_lsm_init needs to
wait for setup_arch for architecture specific functionality which
includes jump tables and static calls to be initialized.

Since not all architectures call jump_table_init in setup_arch,
explicitly call both jump_table_init and static_call_init before
early_security_init.

This only affects "early LSMs" i.e. only lockdown when
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is set.

Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: KP Singh <kpsingh@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
KP Singh 2024-08-16 17:43:04 +02:00 committed by Paul Moore
parent e4b0b54f95
commit 77b644c39d

View File

@ -922,8 +922,11 @@ void start_kernel(void)
boot_cpu_init();
page_address_init();
pr_notice("%s", linux_banner);
early_security_init();
setup_arch(&command_line);
/* Static keys and static calls are needed by LSMs */
jump_label_init();
static_call_init();
early_security_init();
setup_boot_config();
setup_command_line(command_line);
setup_nr_cpu_ids();
@ -934,7 +937,6 @@ void start_kernel(void)
pr_notice("Kernel command line: %s\n", saved_command_line);
/* parameters may set static keys */
jump_label_init();
parse_early_param();
after_dashes = parse_args("Booting kernel",
static_command_line, __start___param,