[PATCH] lsm,bpf: fix security_bpf_prog_load() error handling
bot+bpf-ci at kernel.org
bot+bpf-ci at kernel.org
Sat May 23 17:44:36 UTC 2026
> commit a03af62bb4a3613aadacc8cb75f0007d761e785a
> Author: Paul Moore <paul at paul-moore.com>
> Date: Sat May 23 12:00:26 2026 -0400
>
> lsm,bpf: fix security_bpf_prog_load() error handling
>
> If security_bpf_prog_load() fails there is no need to call into
> security_bpf_prog_free() as the LSM will handle the cleanup of any partial
> LSM state before returning to the caller with an error. Thankfully this
> isn't an issue with any of the existing code as the LSMs which currently
> provide BPF hook callback implementations don't allocate any internal
> state, but this is something we want to fix for potential future users.
>
> Cc: bpf at vger.kernel.org
> Cc: linux-security-module at vger.kernel.org
> Signed-off-by: Paul Moore <paul at paul-moore.com>
This looks like a bug fix for the error handling logic introduced in
commit b3beebbe6154 which imported the kernel/bpf/syscall.c file with
incorrect error handling for security_bpf_prog_load() failure. Should
this include:
Fixes: b3beebbe6154 ("adding ci files")
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/26337503379
More information about the Linux-security-module-archive
mailing list