Re: [PATCH bpf-next v4 00/20] Add return value range check for BPF LSM

[PATCH bpf-next v4 00/20] Add return value range check for BPF LSM · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
[PATCH bpf-next v4 02/20] lsm: Refactor return value of LSM hook inode_need_killpriv · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH bpf-next v4 02/20] lsm: Refactor return value of LSM hook inode_need_killpriv · Serge Hallyn <serge@hallyn.com> · 2024-07-11
Re: [PATCH bpf-next v4 02/20] lsm: Refactor return value of LSM hook inode_need_killpriv · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-13
Re: [PATCH v4 2/20] lsm: Refactor return value of LSM hook inode_need_killpriv · Paul Moore <paul@paul-moore.com> · 2024-07-19
Re: [PATCH v4 2/20] lsm: Refactor return value of LSM hook inode_need_killpriv · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-20
[PATCH bpf-next v4 05/20] lsm: Refactor return value of LSM hook inode_copy_up_xattr · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH v4 5/20] lsm: Refactor return value of LSM hook inode_copy_up_xattr · Paul Moore <paul@paul-moore.com> · 2024-07-19
Re: [PATCH v4 5/20] lsm: Refactor return value of LSM hook inode_copy_up_xattr · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-20
[PATCH bpf-next v4 08/20] lsm: Refactor return value of LSM hook getprocattr · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH v4 8/20] lsm: Refactor return value of LSM hook getprocattr · Paul Moore <paul@paul-moore.com> · 2024-07-19
Re: [PATCH v4 8/20] lsm: Refactor return value of LSM hook getprocattr · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-20
[PATCH bpf-next v4 11/20] bpf, lsm: Add disabled BPF LSM hook list · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH bpf-next v4 11/20] bpf, lsm: Add disabled BPF LSM hook list · Alexei Starovoitov <hidden> · 2024-07-12
Re: [PATCH bpf-next v4 11/20] bpf, lsm: Add disabled BPF LSM hook list · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-13
[PATCH bpf-next v4 04/20] lsm: Refactor return value of LSM hook inode_listsecurity · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH v4 4/20] lsm: Refactor return value of LSM hook inode_listsecurity · Paul Moore <paul@paul-moore.com> · 2024-07-19
Re: [PATCH v4 4/20] lsm: Refactor return value of LSM hook inode_listsecurity · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-20
[PATCH bpf-next v4 03/20] lsm: Refactor return value of LSM hook inode_getsecurity · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH bpf-next v4 03/20] lsm: Refactor return value of LSM hook inode_getsecurity · Simon Horman <horms@kernel.org> · 2024-07-12
Re: [PATCH bpf-next v4 03/20] lsm: Refactor return value of LSM hook inode_getsecurity · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-13
Re: [PATCH v4 3/20] lsm: Refactor return value of LSM hook inode_getsecurity · Paul Moore <paul@paul-moore.com> · 2024-07-19
Re: [PATCH v4 3/20] lsm: Refactor return value of LSM hook inode_getsecurity · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-20
[PATCH bpf-next v4 01/20] lsm: Refactor return value of LSM hook vm_enough_memory · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH bpf-next v4 01/20] lsm: Refactor return value of LSM hook vm_enough_memory · Serge Hallyn <serge@hallyn.com> · 2024-07-11
Re: [PATCH v4 1/20] lsm: Refactor return value of LSM hook vm_enough_memory · Paul Moore <paul@paul-moore.com> · 2024-07-19
[PATCH bpf-next v4 07/20] lsm: Refactor return value of LSM hook setprocattr · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH v4 7/20] lsm: Refactor return value of LSM hook setprocattr · Paul Moore <paul@paul-moore.com> · 2024-07-19
Re: [PATCH v4 7/20] lsm: Refactor return value of LSM hook setprocattr · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-20
[PATCH bpf-next v4 06/20] lsm: Refactor return value of LSM hook getselfattr · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH v4 6/20] lsm: Refactor return value of LSM hook getselfattr · Paul Moore <paul@paul-moore.com> · 2024-07-19
Re: [PATCH v4 6/20] lsm: Refactor return value of LSM hook getselfattr · Xu Kuohai <hidden> · 2024-07-20
[PATCH bpf-next v4 09/20] lsm: Refactor return value of LSM hook key_getsecurity · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH v4 9/20] lsm: Refactor return value of LSM hook key_getsecurity · Paul Moore <paul@paul-moore.com> · 2024-07-19
Re: [PATCH v4 9/20] lsm: Refactor return value of LSM hook key_getsecurity · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-20
Re: [PATCH v4 9/20] lsm: Refactor return value of LSM hook key_getsecurity · Paul Moore <paul@paul-moore.com> · 2024-07-22
Re: [PATCH v4 9/20] lsm: Refactor return value of LSM hook key_getsecurity · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-23
Re: [PATCH v4 9/20] lsm: Refactor return value of LSM hook key_getsecurity · Paul Moore <paul@paul-moore.com> · 2024-07-23
[PATCH bpf-next v4 10/20] lsm: Refactor return value of LSM hook audit_rule_match · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH v4 10/20] lsm: Refactor return value of LSM hook audit_rule_match · Paul Moore <paul@paul-moore.com> · 2024-07-19
Re: [PATCH v4 10/20] lsm: Refactor return value of LSM hook audit_rule_match · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-20
[PATCH bpf-next v4 12/20] bpf, lsm: Enable BPF LSM prog to read/write return value parameters · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-11
Re: [PATCH bpf-next v4 00/20] Add return value range check for BPF LSM · Paul Moore <paul@paul-moore.com> · 2024-07-12
Re: [PATCH bpf-next v4 00/20] Add return value range check for BPF LSM · Paul Moore <paul@paul-moore.com> · 2024-07-12
Re: [PATCH bpf-next v4 00/20] Add return value range check for BPF LSM · Paul Moore <paul@paul-moore.com> · 2024-07-12
Re: [PATCH bpf-next v4 00/20] Add return value range check for BPF LSM · Paul Moore <paul@paul-moore.com> · 2024-07-19
Re: [PATCH bpf-next v4 00/20] Add return value range check for BPF LSM · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-19

From: Paul Moore <paul@paul-moore.com>
Date: 2024-07-12 15:56:37
Also in: bpf, linux-integrity, linux-kselftest, linux-security-module, selinux

On Thu, Jul 11, 2024 at 7:13 AM Xu Kuohai [off-list ref] wrote:

From: Xu Kuohai <redacted>

LSM BPF prog returning a positive number attached to the hook
file_alloc_security makes kernel panic.

...

Xu Kuohai (20):
  lsm: Refactor return value of LSM hook vm_enough_memory
  lsm: Refactor return value of LSM hook inode_need_killpriv
  lsm: Refactor return value of LSM hook inode_getsecurity
  lsm: Refactor return value of LSM hook inode_listsecurity
  lsm: Refactor return value of LSM hook inode_copy_up_xattr
  lsm: Refactor return value of LSM hook getselfattr
  lsm: Refactor return value of LSM hook setprocattr
  lsm: Refactor return value of LSM hook getprocattr
  lsm: Refactor return value of LSM hook key_getsecurity
  lsm: Refactor return value of LSM hook audit_rule_match
  bpf, lsm: Add disabled BPF LSM hook list
  bpf, lsm: Enable BPF LSM prog to read/write return value parameters
  bpf, lsm: Add check for BPF LSM return value
  bpf: Prevent tail call between progs attached to different hooks
  bpf: Fix compare error in function retval_range_within
  bpf: Add a special case for bitwise AND on range [-1, 0]
  selftests/bpf: Avoid load failure for token_lsm.c
  selftests/bpf: Add return value checks for failed tests
  selftests/bpf: Add test for lsm tail call
  selftests/bpf: Add verifier tests for bpf lsm

I'm not quite sure what happened, but it looks like patches 13/20
through 20/20 did not hit the mailing lists, see lore link below; did
you have any mail failures when sending the patchset?  Regardless, can
you sort this out and resend the patchset?

https://lore.kernel.org/all/20240711111908.3817636-1-xukuohai@huaweicloud.com (local)

-- 
paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help