[PATCH] xfrm: kill xfrm_dev_{state,policy}_flush_secctx_check()
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Fri Feb 13 13:59:15 UTC 2026
On 2026/02/13 19:19, Steffen Klassert wrote:
On 2026/02/13 19:19, Steffen Klassert wrote:
>> The NETDEV_UNREGISTER path can be triggered by just doing "unshare -n ip addr show"
>> (i.e. implicit cleanup of a network namespace due to termination of init process in
>> that namespace). We are not allowed to reject the cleanup_net() route.
>
> And here we come to the other problem I mentioned. When a LSM policy
> rejects to flush the xfrm states and policies on network namespace
> exit, we leak all the xfrm states and policies in that namespace.
> Here we have no other option, we must flush the xfrm states and
> policies regardless of any LSM policy. This can be fixed with
> something like that:
This something is what I explained at
https://lkml.kernel.org/r/1bb453af-3ef2-4ab6-a909-0705bd07c136@I-love.SAKURA.ne.jp .
The "task_valid" argument does not always reflect whether LSM policy can reject or not.
Anyway, the patch to add xfrm_dev_unregister(dev) seems OK if we do like
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit?h=next-20260123&id=fc0f090e41e652d158f946c616cdd82baed3c8f4 ?
More information about the Linux-security-module-archive
mailing list