[PATCH bpf-next v2 1/5] bpf: Verify signed loader metadata at load time
Paul Moore
paul at paul-moore.com
Fri Jun 26 01:38:20 UTC 2026
On Thu, Jun 25, 2026 at 9:16 PM Alexei Starovoitov
<alexei.starovoitov at gmail.com> wrote:
> On Thu Jun 25, 2026 at 5:59 PM PDT, Paul Moore wrote:
> >
> > For all the reasons I gave previously, I can't support moving the
> > existing security_bpf_prog_load() hook at this point in time.
>
> Paul,
> it's not up to you to approve or deny where security_bpf_prog_load()
> is called within bpf subsystem as long as it doesn't affect behavior.
> Daniel's patch doesn't change observable state from LSMs pov.
> It merely moves the call from syscall.c to verifier.c.
Alexei,
It is my responsibility to speak up and voice my opinion about LSM
hook placement; arguably that is one of the LSM maintainer's larger
responsibilities. Non-trivial work, including several allocations
(which can be quite large in some cases), occurs between the current
placement of security_bpf_prog_load() and Daniel's proposed location.
We must preserve the existing security_bpf_prog_load() call site.
> So we're going to proceed.
Oh goodie, will the fun ever stop?
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list