[PATCH bpf-next v2 0/9] Add BPF LSM return value range check, BPF part

patchwork-bot+netdevbpf at kernel.org patchwork-bot+netdevbpf at kernel.org
Tue Jul 23 00:50:35 UTC 2024


Hello:

This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast at kernel.org>:

On Fri, 19 Jul 2024 19:00:50 +0800 you wrote:
> From: Xu Kuohai <xukuohai at huawei.com>
> 
> LSM BPF prog may make kernel panic when returning an unexpected value,
> such as returning positive value on hook file_alloc_security.
> 
> To fix it, series [1] refactored LSM hook return values and added
> BPF return value check on top of that. Since the refactoring of LSM
> hooks and checking BPF prog return value patches is not closely related,
> this series separates BPF-related patches from [1].
> 
> [...]

Here is the summary with links:
  - [bpf-next,v2,1/9] bpf, lsm: Add disabled BPF LSM hook list
    https://git.kernel.org/bpf/bpf-next/c/afe4588df73f
  - [bpf-next,v2,2/9] bpf, lsm: Add check for BPF LSM return value
    https://git.kernel.org/bpf/bpf-next/c/af980eb89f06
  - [bpf-next,v2,3/9] bpf: Prevent tail call between progs attached to different hooks
    https://git.kernel.org/bpf/bpf-next/c/b39ffa50b415
  - [bpf-next,v2,4/9] bpf: Fix compare error in function retval_range_within
    https://git.kernel.org/bpf/bpf-next/c/9e14de5b9c12
  - [bpf-next,v2,5/9] bpf, verifier: improve signed ranges inference for BPF_AND
    (no matching commit)
  - [bpf-next,v2,6/9] selftests/bpf: Avoid load failure for token_lsm.c
    https://git.kernel.org/bpf/bpf-next/c/f81ad29cdf88
  - [bpf-next,v2,7/9] selftests/bpf: Add return value checks for failed tests
    https://git.kernel.org/bpf/bpf-next/c/fc2baf1730f9
  - [bpf-next,v2,8/9] selftests/bpf: Add test for lsm tail call
    https://git.kernel.org/bpf/bpf-next/c/2f56fae88135
  - [bpf-next,v2,9/9] selftests/bpf: Add verifier tests for bpf lsm
    https://git.kernel.org/bpf/bpf-next/c/cc1bfd52e4ca

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html





More information about the Linux-security-module-archive mailing list