[PATCH] lsm,bpf: fix security_bpf_prog_load() error handling
Paul Moore
paul at paul-moore.com
Sat May 23 16:06:06 UTC 2026
On Sat, May 23, 2026 at 12:00 PM Paul Moore <paul at paul-moore.com> wrote:
>
> If security_bpf_prog_load() fails there is no need to call into
> security_bpf_prog_free() as the LSM will handle the cleanup of any partial
> LSM state before returning to the caller with an error. Thankfully this
> isn't an issue with any of the existing code as the LSMs which currently
> provide BPF hook callback implementations don't allocate any internal
> state, but this is something we want to fix for potential future users.
>
> Cc: bpf at vger.kernel.org
> Cc: linux-security-module at vger.kernel.org
> Signed-off-by: Paul Moore <paul at paul-moore.com>
> ---
> kernel/bpf/syscall.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
Alexei, I'm assuming you would prefer to take this via the BPF tree?
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list