On 3/19/2024 12:58 AM, Paul Moore wrote:
On Mon, Mar 18, 2024 at 12:52 PM Stanislav Fomichev <sdf@xxxxxxxxxx> wrote:
On 03/16, Xu Kuohai wrote:
From: Xu Kuohai <xukuohai@xxxxxxxxxx>
A bpf prog returning positive number attached to file_alloc_security hook
will make kernel panic.
I'll leave it up to KP. I remember there was a similar patch series in
the past, but I have no state on why it was not accepted..
I believe this is the patchset you are referring to:
https://lore.kernel.org/linux-security-module/20240207124918.3498756-1-kpsingh@xxxxxxxxxx
Thank you for the reply. IIUC, the above patchset is intended to reduce
the indirect call overhead of bpf lsm. I have tested it, and the panic
issue still exists with this patchset applied.
It wasn't that the patchset was accepted or rejected, it is still in
the review queue as there are higher priority items being kicked
around in the LSM space at the moment. It also wasn't a pure bug-fix
or feature patchset/patch, which muddied things a bit.
