From: "Serge E. Hallyn" <serge@hallyn.com>
To: Jiayuan Chen <jiayuan.chen@linux.dev>
Cc: "Serge E. Hallyn" <serge@hallyn.com>,
Stephen Smalley <sds@epoch.ncsc.mil>,
linux-security-module@vger.kernel.org, paul@paul-moore.com,
jmorris@namei.org, linux-kernel@vger.kernel.org,
Kaiyan Mei <M202472210@hust.edu.cn>,
Yinhao Hu <dddddd@hust.edu.cn>, Dongliang Mu <dzm91@hust.edu.cn>
Subject: Re: [PATCH] security: remove BUG_ON in security_skb_classify_flow
Date: Fri, 10 Apr 2026 18:34:06 -0500 [thread overview]
Message-ID: <admI7uhx8OZ5NzFS@mail.hallyn.com> (raw)
In-Reply-To: <a17199c6-fb52-493b-b76a-505faf27cfa0@linux.dev>
On Fri, Apr 10, 2026 at 09:56:22AM +0800, Jiayuan Chen wrote:
>
> On 4/10/26 8:58 AM, Serge E. Hallyn wrote:
> > On Wed, Apr 08, 2026 at 07:42:57PM +0800, Jiayuan Chen wrote:
> > > A BPF program attached to the xfrm_decode_session hook can return a
> > > non-zero value, which causes BUG_ON(rc) in security_skb_classify_flow()
> > > to trigger a kernel panic.
> > It would seem worth it to have pointed at the previous discussion at
> >
> > https://lore.kernel.org/all/CAEjxPJ5aA01in+Z1yLF1cwe-3uqL_E8SKGK4J294D5eRG5__5Q@mail.gmail.com/
> >
> > Based on that, I guess this is probably ok, but still,
> >
> > > Remove the BUG_ON and change the return type from void to int, so that
> > > callers can optionally handle the error.
> > but you don't have the existing callers handling the error. It's
> > conceivable they won't care, but it's also possible that they were
> > counting on a BUG_ON in that case.
> >
> > What *should* callers (icmp_reply, etc) do if an error code is
> > returned? Should they ignore it? In that case, would it be
> > better to change security_skb_classify_flow() to return void?
> >
> Thanks for your pointer.
>
> So I think Feng's patch is sufficient and can by applied ?
Well, selinux_xfrm_decode_session() calls selinux_xfrm_skb_sid_ingress()
which *can* return -EINVAL.
So I'd like to know, what is supposed to happen in that case?
Stephen, do you know? Is it safe for callers to ignore this?
next prev parent reply other threads:[~2026-04-10 23:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-08 11:42 [PATCH] security: remove BUG_ON in security_skb_classify_flow Jiayuan Chen
2026-04-10 0:58 ` Serge E. Hallyn
2026-04-10 1:56 ` Jiayuan Chen
2026-04-10 23:34 ` Serge E. Hallyn [this message]
2026-04-13 17:37 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=admI7uhx8OZ5NzFS@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=M202472210@hust.edu.cn \
--cc=dddddd@hust.edu.cn \
--cc=dzm91@hust.edu.cn \
--cc=jiayuan.chen@linux.dev \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sds@epoch.ncsc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.