On Wed, Jul 24, 2024 at 5:55 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > On Wed, Jul 24, 2024 at 4:36 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > On 7/23/2024 7:06 PM, Xu Kuohai wrote: > > > From: Xu Kuohai <xukuohai@xxxxxxxxxx> > > > > > > The BPF LSM program may cause a kernel panic if it returns an > > > unexpected value, such as a positive value on the hook > > > file_alloc_security. > > > > > > To fix it, series [1] refactored the LSM hook return values and > > > added BPF return value checks. > > > > > > [1] used two methods to refactor hook return values: > > > > > > - converting positive return value to negative error code > > > > > > - adding additional output parameter to store odd return values > > > > > > Based on discussion in [1], only two hooks refactored with the > > > second method may be acceptable. Since the second method requires > > > extra work on BPF side to ensure that the output parameter is > > > set properly, the extra work does not seem worthwhile for just > > > two hooks. So this series includes only the two patches refactored > > > with the first method. > > > > > > Changes to [1]: > > > - Drop unnecessary patches > > > - Rebase > > > - Remove redundant comments in the inode_copy_up_xattr patch > > > > > > [1] https://lore.kernel.org/bpf/20240711111908.3817636-1-xukuohai@xxxxxxxxxxxxxxx > > > https://lore.kernel.org/bpf/20240711113828.3818398-1-xukuohai@xxxxxxxxxxxxxxx > > > > > > Xu Kuohai (2): > > > lsm: Refactor return value of LSM hook vm_enough_memory > > > lsm: Refactor return value of LSM hook inode_copy_up_xattr > > > > For the series: > > Reviewed-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > > Looks good to me too. I'm going to merge this into lsm/dev-staging > for testing with the expectation that I'll move them over to lsm/dev > once the merge window closes. These patches are now lsm/dev, thanks again for your help on this patchset. -- paul-moore.com
