From: sashiko-bot@kernel.org
To: "Blaise Boscaccy" <bboscaccy@linux.microsoft.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH v5 10/10] ipe: Add BPF program load policy enforcement via Hornet integration
Date: Tue, 21 Apr 2026 03:23:16 +0000 [thread overview]
Message-ID: <20260421032317.37923C2BCB3@smtp.kernel.org> (raw)
In-Reply-To: <20260420212653.438685-11-bboscaccy@linux.microsoft.com>
Sashiko AI review found 1 potential issue(s):
- [Low] Compilation failure in `evaluate_property()` when `CONFIG_IPE_PROP_BPF_SIGNATURE` is disabled due to unconditional access to `ctx->bpf_kernel`.
--
commit f674a6cd60a4a820baf0e01920f42c00f9ad8225
Author: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
ipe: Add BPF program load policy enforcement via Hornet integration
Add support for the bpf_prog_load_post_integrity LSM hook, enabling IPE
to make policy decisions about BPF program loading based on integrity
verdicts provided by the Hornet LSM.
> diff --git a/security/ipe/eval.c b/security/ipe/eval.c
> index 21439c5be3364..9a6d583fea125 100644
> --- a/security/ipe/eval.c
> +++ b/security/ipe/eval.c
[ ... ]
> @@ -297,6 +342,32 @@ static bool evaluate_property(const struct ipe_eval_ctx *const ctx,
> return evaluate_fsv_sig_false(ctx);
> case IPE_PROP_FSV_SIG_TRUE:
> return evaluate_fsv_sig_true(ctx);
> + case IPE_PROP_BPF_SIG_NONE:
> + return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_NONE);
> + case IPE_PROP_BPF_SIG_OK:
> + return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_OK);
> + case IPE_PROP_BPF_SIG_UNSIGNED:
> + return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_UNSIGNED);
> + case IPE_PROP_BPF_SIG_PARTIALSIG:
> + return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_PARTIALSIG);
> + case IPE_PROP_BPF_SIG_UNKNOWNKEY:
> + return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_UNKNOWNKEY);
> + case IPE_PROP_BPF_SIG_UNEXPECTED:
> + return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_UNEXPECTED);
> + case IPE_PROP_BPF_SIG_FAULT:
> + return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_FAULT);
> + case IPE_PROP_BPF_SIG_BADSIG:
> + return evaluate_bpf_sig(ctx, LSM_INT_VERDICT_BADSIG);
> + case IPE_PROP_BPF_KEYRING_BUILTIN:
> + return evaluate_bpf_keyring(ctx, 0);
> + case IPE_PROP_BPF_KEYRING_SECONDARY:
> + return evaluate_bpf_keyring(ctx, (s32)(unsigned long)VERIFY_USE_SECONDARY_KEYRING);
> + case IPE_PROP_BPF_KEYRING_PLATFORM:
> + return evaluate_bpf_keyring(ctx, (s32)(unsigned long)VERIFY_USE_PLATFORM_KEYRING);
> + case IPE_PROP_BPF_KERNEL_FALSE:
> + return !ctx->bpf_kernel;
> + case IPE_PROP_BPF_KERNEL_TRUE:
> + return ctx->bpf_kernel;
Will this cause a build failure when CONFIG_IPE_PROP_BPF_SIGNATURE is disabled?
In security/ipe/eval.h, the bpf_kernel field in struct ipe_eval_ctx is
protected by #ifdef CONFIG_IPE_PROP_BPF_SIGNATURE:
struct ipe_eval_ctx {
...
#ifdef CONFIG_IPE_PROP_BPF_SIGNATURE
enum lsm_integrity_verdict bpf_verdict;
s32 bpf_keyring_id;
bool bpf_kernel;
#endif /* CONFIG_IPE_PROP_BPF_SIGNATURE */
};
However, evaluate_property() unconditionally accesses ctx->bpf_kernel for
IPE_PROP_BPF_KERNEL_FALSE and IPE_PROP_BPF_KERNEL_TRUE. If the kernel is
configured without CONFIG_IPE_PROP_BPF_SIGNATURE (for example, if
CONFIG_SECURITY_HORNET is disabled), it appears the build will fail due to
the missing struct member.
> default:
> return false;
> }
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260420212653.438685-1-bboscaccy@linux.microsoft.com?part=10
prev parent reply other threads:[~2026-04-21 3:23 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-20 21:26 [PATCH v5 00/10] Reintroduce Hornet LSM Blaise Boscaccy
2026-04-20 21:26 ` [PATCH v5 01/10] crypto: pkcs7: add flag for validated trust on a signed info block Blaise Boscaccy
2026-04-21 1:17 ` sashiko-bot
2026-04-20 21:26 ` [PATCH v5 02/10] crypto: pkcs7: add ability to extract signed attributes by OID Blaise Boscaccy
2026-04-21 1:49 ` sashiko-bot
2026-04-20 21:26 ` [PATCH v5 03/10] crypto: pkcs7: add tests for pkcs7_get_authattr Blaise Boscaccy
2026-04-21 2:06 ` sashiko-bot
2026-04-20 21:26 ` [PATCH v5 04/10] lsm: framework for BPF integrity verification Blaise Boscaccy
2026-04-20 21:26 ` [PATCH v5 05/10] lsm: security: Add additional enum values for bpf integrity checks Blaise Boscaccy
2026-04-20 21:26 ` [PATCH v5 06/10] security: Hornet LSM Blaise Boscaccy
2026-04-21 0:08 ` Fan Wu
2026-04-21 4:29 ` sashiko-bot
2026-04-20 21:26 ` [PATCH v5 07/10] hornet: Introduce gen_sig Blaise Boscaccy
2026-04-21 0:18 ` Fan Wu
2026-04-21 3:03 ` sashiko-bot
2026-04-20 21:26 ` [PATCH v5 08/10] hornet: Add a light skeleton data extractor scripts Blaise Boscaccy
2026-04-21 3:06 ` sashiko-bot
2026-04-20 21:26 ` [PATCH v5 09/10] selftests/hornet: Add a selftest for the Hornet LSM Blaise Boscaccy
2026-04-21 3:04 ` sashiko-bot
2026-04-20 21:26 ` [PATCH v5 10/10] ipe: Add BPF program load policy enforcement via Hornet integration Blaise Boscaccy
2026-04-21 0:27 ` Fan Wu
2026-04-21 3:23 ` sashiko-bot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260421032317.37923C2BCB3@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bboscaccy@linux.microsoft.com \
--cc=bpf@vger.kernel.org \
--cc=sashiko@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox