On Wed, Jul 24, 2024 at 4:36 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 7/23/2024 7:06 PM, Xu Kuohai wrote: > > From: Xu Kuohai <xukuohai@xxxxxxxxxx> > > > > The BPF LSM program may cause a kernel panic if it returns an > > unexpected value, such as a positive value on the hook > > file_alloc_security. > > > > To fix it, series [1] refactored the LSM hook return values and > > added BPF return value checks. > > > > [1] used two methods to refactor hook return values: > > > > - converting positive return value to negative error code > > > > - adding additional output parameter to store odd return values > > > > Based on discussion in [1], only two hooks refactored with the > > second method may be acceptable. Since the second method requires > > extra work on BPF side to ensure that the output parameter is > > set properly, the extra work does not seem worthwhile for just > > two hooks. So this series includes only the two patches refactored > > with the first method. > > > > Changes to [1]: > > - Drop unnecessary patches > > - Rebase > > - Remove redundant comments in the inode_copy_up_xattr patch > > > > [1] https://lore.kernel.org/bpf/20240711111908.3817636-1-xukuohai@xxxxxxxxxxxxxxx > > https://lore.kernel.org/bpf/20240711113828.3818398-1-xukuohai@xxxxxxxxxxxxxxx > > > > Xu Kuohai (2): > > lsm: Refactor return value of LSM hook vm_enough_memory > > lsm: Refactor return value of LSM hook inode_copy_up_xattr > > For the series: > Reviewed-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> Looks good to me too. I'm going to merge this into lsm/dev-staging for testing with the expectation that I'll move them over to lsm/dev once the merge window closes. Thanks! -- paul-moore.com
