Re: [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling

[PATCH] lsm,bpf: fix security_bpf_prog_load() error handling · Paul Moore <paul@paul-moore.com> · 2026-05-23
Re: [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling · Paul Moore <paul@paul-moore.com> · 2026-05-23
Re: [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling · Alexei Starovoitov <hidden> · 2026-05-23
Re: [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling · Paul Moore <paul@paul-moore.com> · 2026-05-23
Re: [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling · Alexei Starovoitov <hidden> · 2026-05-23
Re: [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling · Alexei Starovoitov <hidden> · 2026-06-01
Re: [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling · bot+bpf-ci@kernel.org · 2026-05-23

From: Paul Moore <paul@paul-moore.com>
Date: 2026-05-23 16:06:18
Also in: bpf

On Sat, May 23, 2026 at 12:00 PM Paul Moore [off-list ref] wrote:

If security_bpf_prog_load() fails there is no need to call into
security_bpf_prog_free() as the LSM will handle the cleanup of any partial
LSM state before returning to the caller with an error.  Thankfully this
isn't an issue with any of the existing code as the LSMs which currently
provide BPF hook callback implementations don't allocate any internal
state, but this is something we want to fix for potential future users.

Cc: bpf@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 kernel/bpf/syscall.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

Alexei, I'm assuming you would prefer to take this via the BPF tree?

-- 
paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help