[PATCH bpf-next 0/5] Fix kernel panic caused by bpf lsm return value

Xu Kuohai xukuohai at huaweicloud.com
Tue Mar 19 07:54:56 UTC 2024


On 3/19/2024 1:02 AM, Roberto Sassu wrote:
> On Mon, 2024-03-18 at 09:52 -0700, Stanislav Fomichev wrote:
>> On 03/16, Xu Kuohai wrote:
>>> From: Xu Kuohai <xukuohai at huawei.com>
>>>
>>> A bpf prog returning positive number attached to file_alloc_security hook
>>> will make kernel panic.
>>
>> I'll leave it up to KP. I remember there was a similar patch series in
>> the past, but I have no state on why it was not accepted..
> 
> Yes, this one:
> 
> v1: https://lore.kernel.org/bpf/20221115175652.3836811-1-roberto.sassu@huaweicloud.com/
> v2: https://lore.kernel.org/bpf/20221207172434.435893-1-roberto.sassu@huaweicloud.com/
> 

Hmm, these two series do address the same problem. Now I'm pretty
sure I read your series last year, at least some of the patches,
but I didn't think of it when I ran into this panic issue last
week. Maybe it's because I does not fully understand it.

> The selftests were failing, and I wasn't able to come up with a
> solution on the verifier side. I see patch 5 goes in that direction,
> and I remember there was related work in this area.
>
> (just saw Paul's answer, maybe the new KP's patch set also solves this)
> 
> Roberto
> 
> 




More information about the Linux-security-module-archive mailing list