[PATCH bpf-next v2 1/5] bpf: Verify signed loader metadata at load time
Paul Moore
paul at paul-moore.com
Fri Jun 26 02:01:04 UTC 2026
On June 25, 2026 9:44:54 PM Alexei Starovoitov
<alexei.starovoitov at gmail.com> wrote:
> On Thu, Jun 25, 2026 at 6:38 PM Paul Moore <paul at paul-moore.com> wrote:
>>
>> On Thu, Jun 25, 2026 at 9:16 PM Alexei Starovoitov
>> <alexei.starovoitov at gmail.com> wrote:
>>> On Thu Jun 25, 2026 at 5:59 PM PDT, Paul Moore wrote:
>>>>
>>>> For all the reasons I gave previously, I can't support moving the
>>>> existing security_bpf_prog_load() hook at this point in time.
>>>
>>> Paul,
>>> it's not up to you to approve or deny where security_bpf_prog_load()
>>> is called within bpf subsystem as long as it doesn't affect behavior.
>>> Daniel's patch doesn't change observable state from LSMs pov.
>>> It merely moves the call from syscall.c to verifier.c.
>>
>> Alexei,
>> It is my responsibility to speak up and voice my opinion about LSM
>> hook placement; arguably that is one of the LSM maintainer's larger
>> responsibilities. Non-trivial work, including several allocations
>> (which can be quite large in some cases), occurs between the current
>> placement of security_bpf_prog_load() and Daniel's proposed location.
>> We must preserve the existing security_bpf_prog_load() call site.
>
> I don't think you read the patch because you're saying nonsense.
I've read the patch, as well as the code between the existing and proposed
call sites that is outside the patch's context, that is the basis of my
comment.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list