From: Xu Kuohai <xukuohai@xxxxxxxxxx> The BPF LSM program may cause a kernel panic if it returns an unexpected value, such as a positive value on the hook file_alloc_security. To fix it, series [1] refactored the LSM hook return values and added BPF return value checks. [1] used two methods to refactor hook return values: - converting positive return value to negative error code - adding additional output parameter to store odd return values Based on discussion in [1], only two hooks refactored with the second method may be acceptable. Since the second method requires extra work on BPF side to ensure that the output parameter is set properly, the extra work does not seem worthwhile for just two hooks. So this series includes only the two patches refactored with the first method. Changes to [1]: - Drop unnecessary patches - Rebase - Remove redundant comments in the inode_copy_up_xattr patch [1] https://lore.kernel.org/bpf/20240711111908.3817636-1-xukuohai@xxxxxxxxxxxxxxx https://lore.kernel.org/bpf/20240711113828.3818398-1-xukuohai@xxxxxxxxxxxxxxx Xu Kuohai (2): lsm: Refactor return value of LSM hook vm_enough_memory lsm: Refactor return value of LSM hook inode_copy_up_xattr fs/overlayfs/copy_up.c | 6 +++--- include/linux/lsm_hook_defs.h | 2 +- include/linux/security.h | 2 +- security/commoncap.c | 11 +++-------- security/integrity/evm/evm_main.c | 2 +- security/security.c | 22 ++++++++-------------- security/selinux/hooks.c | 19 ++++++------------- security/smack/smack_lsm.c | 6 +++--- 8 files changed, 26 insertions(+), 44 deletions(-) -- 2.39.2
