On 7/23/2024 7:06 PM, Xu Kuohai wrote: > From: Xu Kuohai <xukuohai@xxxxxxxxxx> > > The BPF LSM program may cause a kernel panic if it returns an > unexpected value, such as a positive value on the hook > file_alloc_security. > > To fix it, series [1] refactored the LSM hook return values and > added BPF return value checks. > > [1] used two methods to refactor hook return values: > > - converting positive return value to negative error code > > - adding additional output parameter to store odd return values > > Based on discussion in [1], only two hooks refactored with the > second method may be acceptable. Since the second method requires > extra work on BPF side to ensure that the output parameter is > set properly, the extra work does not seem worthwhile for just > two hooks. So this series includes only the two patches refactored > with the first method. > > Changes to [1]: > - Drop unnecessary patches > - Rebase > - Remove redundant comments in the inode_copy_up_xattr patch > > [1] https://lore.kernel.org/bpf/20240711111908.3817636-1-xukuohai@xxxxxxxxxxxxxxx > https://lore.kernel.org/bpf/20240711113828.3818398-1-xukuohai@xxxxxxxxxxxxxxx > > Xu Kuohai (2): > lsm: Refactor return value of LSM hook vm_enough_memory > lsm: Refactor return value of LSM hook inode_copy_up_xattr For the series: Reviewed-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > > fs/overlayfs/copy_up.c | 6 +++--- > include/linux/lsm_hook_defs.h | 2 +- > include/linux/security.h | 2 +- > security/commoncap.c | 11 +++-------- > security/integrity/evm/evm_main.c | 2 +- > security/security.c | 22 ++++++++-------------- > security/selinux/hooks.c | 19 ++++++------------- > security/smack/smack_lsm.c | 6 +++--- > 8 files changed, 26 insertions(+), 44 deletions(-) >
