[PATCH] xfrm: kill xfrm_dev_{state,policy}_flush_secctx_check()
Paul Moore
paul at paul-moore.com
Fri Jan 30 21:56:59 UTC 2026
On Wed, Jan 28, 2026 at 5:28 AM Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
> On 2026/01/28 6:59, Paul Moore wrote:
> > It sounds like we either need to confirm that
> > security_xfrm_{policy,state}_delete() is already present in all code
> > paths that result in SPD/SAD deletions (in a place that can safely
> > fail and return an error),
>
> Yes.
To clarify, do you mean "yes, I agree", or "yes, I've already checked
this and can confirm that the LSM hooks are already being called"?
> > or we need to place
> > xfrm_dev_{policy,state}_flush_secctx_check() in a location that can
> > safely fail.
>
> Did you mean xfrm_{policy,state}_flush_secctx_check() ?
They both call into the security_xfrm_policy_delete() LSM hook which
is what I care about as that hook is what authorizes the operation.
> Regarding xfrm_policy_flush() as an example, we can observe that we are
> calling LSM hooks for must-not-fail callers ...
We need to make sure the LSM hooks are being called to authorize the
removal of SPD and SAD entries. If you are going to remove LSM hooks
from the existing code, please document how that code path you are
changing is still subject to authorization by the LSM hooks or explain
in great detail how that authorization is not necessary.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list