[PATCH v2 0/4] Firmware LSM hook
Roberto Sassu
roberto.sassu at huaweicloud.com
Thu Apr 9 12:27:43 UTC 2026
On Thu, 2026-04-09 at 15:12 +0300, Leon Romanovsky wrote:
> On Tue, Mar 31, 2026 at 08:56:32AM +0300, Leon Romanovsky wrote:
> > From Chiara:
> >
> > This patch set introduces a new BPF LSM hook to validate firmware commands
> > triggered by userspace before they are submitted to the device. The hook
> > runs after the command buffer is constructed, right before it is sent
> > to firmware.
>
> <...>
>
> > ---
> > Chiara Meiohas (4):
> > bpf: add firmware command validation hook
> > selftests/bpf: add test cases for fw_validate_cmd hook
> > RDMA/mlx5: Externally validate FW commands supplied in DEVX interface
> > fwctl/mlx5: Externally validate FW commands supplied in fwctl
>
> Hi,
>
> Can we get Ack from BPF/LSM side?
+ Paul, linux-security-module ML
Hi
probably you also want to get an Ack from the LSM maintainer (added in
CC with the list). Most likely, he will also ask you to create the
security_*() functions counterparts of the BPF hooks.
Roberto
> Thanks
>
> >
> > drivers/fwctl/mlx5/main.c | 12 +++++-
> > drivers/infiniband/hw/mlx5/devx.c | 49 ++++++++++++++++++------
> > include/linux/bpf_lsm.h | 41 ++++++++++++++++++++
> > kernel/bpf/bpf_lsm.c | 11 ++++++
> > tools/testing/selftests/bpf/progs/verifier_lsm.c | 23 +++++++++++
> > 5 files changed, 122 insertions(+), 14 deletions(-)
> > ---
> > base-commit: 11439c4635edd669ae435eec308f4ab8a0804808
> > change-id: 20260309-fw-lsm-hook-7c094f909ffc
> >
> > Best regards,
> > --
> > Leon Romanovsky <leonro at nvidia.com>
> >
More information about the Linux-security-module-archive
mailing list