[PATCH bpf-next 0/5] Fix kernel panic caused by bpf lsm return value
Xu Kuohai
xukuohai at huaweicloud.com
Tue Mar 19 07:37:59 UTC 2024
On 3/19/2024 12:58 AM, Paul Moore wrote:
> On Mon, Mar 18, 2024 at 12:52 PM Stanislav Fomichev <sdf at google.com> wrote:
>> On 03/16, Xu Kuohai wrote:
>>> From: Xu Kuohai <xukuohai at huawei.com>
>>>
>>> A bpf prog returning positive number attached to file_alloc_security hook
>>> will make kernel panic.
>>
>> I'll leave it up to KP. I remember there was a similar patch series in
>> the past, but I have no state on why it was not accepted..
>
> I believe this is the patchset you are referring to:
>
> https://lore.kernel.org/linux-security-module/20240207124918.3498756-1-kpsingh@kernel.org
>
Thank you for the reply. IIUC, the above patchset is intended to reduce
the indirect call overhead of bpf lsm. I have tested it, and the panic
issue still exists with this patchset applied.
> It wasn't that the patchset was accepted or rejected, it is still in
> the review queue as there are higher priority items being kicked
> around in the LSM space at the moment. It also wasn't a pure bug-fix
> or feature patchset/patch, which muddied things a bit.
>
More information about the Linux-security-module-archive
mailing list