BPF List
 help / color / mirror / Atom feed
* [PATCH bpf-next] bpf: reject BPF_MAP_TYPE_INODE_STORAGE creation if BPF LSM is uninitialized
@ 2026-06-28 20:11 Matt Bobrowski
  2026-06-29  5:25 ` Emil Tsalapatis
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Matt Bobrowski @ 2026-06-28 20:11 UTC (permalink / raw)
  To: bpf
  Cc: Alexei Starovoitov, Daniel Borkmann, Paul Moore, Andrii Nakryiko,
	Martin KaFai Lau, Eduard Zingerman, Song Liu, Yonghong Song,
	Jiri Olsa, oxsignal, Matt Bobrowski

When CONFIG_BPF_LSM=y is set, BPF inode storage maps
(BPF_MAP_TYPE_INODE_STORAGE) are compiled into the kernel. However,
if the BPF LSM is not explicitly enabled at boot time (e.g. omitted
from the "lsm=" boot parameter), lsm_prepare() is never executed for
the BPF LSM.

Consequently, the BPF inode security blob offset
(bpf_lsm_blob_sizes.lbs_inode) is never initialized and remains at its
default compiled size of 8 bytes instead of being updated to a valid
offset past the reserved struct rcu_head (typically 16 bytes or more).

When a privileged user creates and updates a
BPF_MAP_TYPE_INODE_STORAGE map, bpf_inode() evaluates
inode->i_security + 8. This erroneously aliases the struct
rcu_head.func callback pointer at the beginning of the
inode->i_security blob. During subsequent map element cleanup or inode
destruction, writing NULL to owner_storage clears the queued RCU
callback pointer. When rcu_do_batch() later executes the queued
callback, it attempts an instruction fetch at address 0x0, triggering
an immediate kernel panic.

Fix this by introducing a global bpf_lsm_initialized boolean flag
marked with __ro_after_init. Set this flag to true inside
bpf_lsm_init() when the LSM framework successfully registers the BPF
LSM. Gate map allocation in inode_storage_map_alloc() on this flag,
returning -EOPNOTSUPP if the BPF LSM is in turn uninitialized.

This fail-fast approach prevents userspace from allocating inode
storage maps when the supporting BPF LSM infrastructure is absent,
avoiding zombie map states.

Fixes: 8ea636848aca ("bpf: Implement bpf_local_storage for inodes")
Reported-by: oxsignal <awo@kakao.com>
Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>
---
 include/linux/bpf_lsm.h        | 4 ++++
 kernel/bpf/bpf_inode_storage.c | 9 +++++++++
 security/bpf/hooks.c           | 3 +++
 3 files changed, 16 insertions(+)

diff --git a/include/linux/bpf_lsm.h b/include/linux/bpf_lsm.h
index 143775a27a2a..dda272d78f01 100644
--- a/include/linux/bpf_lsm.h
+++ b/include/linux/bpf_lsm.h
@@ -14,6 +14,8 @@
 
 #ifdef CONFIG_BPF_LSM
 
+extern bool bpf_lsm_initialized __ro_after_init;
+
 #define LSM_HOOK(RET, DEFAULT, NAME, ...) \
 	RET bpf_lsm_##NAME(__VA_ARGS__);
 #include <linux/lsm_hook_defs.h>
@@ -56,6 +58,8 @@ bool bpf_lsm_hook_returns_errno(u32 btf_id);
 
 #else /* !CONFIG_BPF_LSM */
 
+#define bpf_lsm_initialized false
+
 static inline bool bpf_lsm_is_sleepable_hook(u32 btf_id)
 {
 	return false;
diff --git a/kernel/bpf/bpf_inode_storage.c b/kernel/bpf/bpf_inode_storage.c
index 0da8d923e39d..f9e81060c1f4 100644
--- a/kernel/bpf/bpf_inode_storage.c
+++ b/kernel/bpf/bpf_inode_storage.c
@@ -178,6 +178,15 @@ static int notsupp_get_next_key(struct bpf_map *map, void *key,
 
 static struct bpf_map *inode_storage_map_alloc(union bpf_attr *attr)
 {
+	/*
+	 * Do not allow allocation of BPF_MAP_TYPE_INODE_STORAGE if the BPF LSM
+	 * was not initialized by the LSM framework at boot. Without proper
+	 * initialization, the BPF inode security blob offset remains unprepared,
+	 * causing bpf_inode() to calculate an invalid memory offset and corrupt
+	 * inode->i_security.
+	 */
+	if (!bpf_lsm_initialized)
+		return ERR_PTR(-EOPNOTSUPP);
 	return bpf_local_storage_map_alloc(attr, &inode_cache);
 }
 
diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c
index 40efde233f3a..7b98f5d1e2be 100644
--- a/security/bpf/hooks.c
+++ b/security/bpf/hooks.c
@@ -7,6 +7,8 @@
 #include <linux/bpf_lsm.h>
 #include <uapi/linux/lsm.h>
 
+bool bpf_lsm_initialized __ro_after_init;
+
 static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = {
 	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
 	LSM_HOOK_INIT(NAME, bpf_lsm_##NAME),
@@ -24,6 +26,7 @@ static int __init bpf_lsm_init(void)
 {
 	security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks),
 			   &bpf_lsmid);
+	bpf_lsm_initialized = true;
 	pr_info("LSM support for eBPF active\n");
 	return 0;
 }
-- 
2.55.0.rc0.799.gd6f94ed593-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH bpf-next] bpf: reject BPF_MAP_TYPE_INODE_STORAGE creation if BPF LSM is uninitialized
  2026-06-28 20:11 [PATCH bpf-next] bpf: reject BPF_MAP_TYPE_INODE_STORAGE creation if BPF LSM is uninitialized Matt Bobrowski
@ 2026-06-29  5:25 ` Emil Tsalapatis
  2026-06-29  6:30 ` Amery Hung
  2026-06-30 15:31 ` Daniel Borkmann
  2 siblings, 0 replies; 5+ messages in thread
From: Emil Tsalapatis @ 2026-06-29  5:25 UTC (permalink / raw)
  To: Matt Bobrowski, bpf
  Cc: Alexei Starovoitov, Daniel Borkmann, Paul Moore, Andrii Nakryiko,
	Martin KaFai Lau, Eduard Zingerman, Song Liu, Yonghong Song,
	Jiri Olsa, oxsignal

On Sun Jun 28, 2026 at 4:11 PM EDT, Matt Bobrowski wrote:
> When CONFIG_BPF_LSM=y is set, BPF inode storage maps
> (BPF_MAP_TYPE_INODE_STORAGE) are compiled into the kernel. However,
> if the BPF LSM is not explicitly enabled at boot time (e.g. omitted
> from the "lsm=" boot parameter), lsm_prepare() is never executed for
> the BPF LSM.
>
> Consequently, the BPF inode security blob offset
> (bpf_lsm_blob_sizes.lbs_inode) is never initialized and remains at its
> default compiled size of 8 bytes instead of being updated to a valid
> offset past the reserved struct rcu_head (typically 16 bytes or more).
>
> When a privileged user creates and updates a
> BPF_MAP_TYPE_INODE_STORAGE map, bpf_inode() evaluates
> inode->i_security + 8. This erroneously aliases the struct
> rcu_head.func callback pointer at the beginning of the
> inode->i_security blob. During subsequent map element cleanup or inode
> destruction, writing NULL to owner_storage clears the queued RCU
> callback pointer. When rcu_do_batch() later executes the queued
> callback, it attempts an instruction fetch at address 0x0, triggering
> an immediate kernel panic.
>
> Fix this by introducing a global bpf_lsm_initialized boolean flag
> marked with __ro_after_init. Set this flag to true inside
> bpf_lsm_init() when the LSM framework successfully registers the BPF
> LSM. Gate map allocation in inode_storage_map_alloc() on this flag,
> returning -EOPNOTSUPP if the BPF LSM is in turn uninitialized.
>
> This fail-fast approach prevents userspace from allocating inode
> storage maps when the supporting BPF LSM infrastructure is absent,
> avoiding zombie map states.
>
> Fixes: 8ea636848aca ("bpf: Implement bpf_local_storage for inodes")
> Reported-by: oxsignal <awo@kakao.com>
> Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>

Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com>

It makes sense for since the only users of inode-local storage are
related to LSM (case in point, this whole bug is due to storing the
storage map in the inode's ->security in the first place).

> ---
>  include/linux/bpf_lsm.h        | 4 ++++
>  kernel/bpf/bpf_inode_storage.c | 9 +++++++++
>  security/bpf/hooks.c           | 3 +++
>  3 files changed, 16 insertions(+)
>
> diff --git a/include/linux/bpf_lsm.h b/include/linux/bpf_lsm.h
> index 143775a27a2a..dda272d78f01 100644
> --- a/include/linux/bpf_lsm.h
> +++ b/include/linux/bpf_lsm.h
> @@ -14,6 +14,8 @@
>  
>  #ifdef CONFIG_BPF_LSM
>  
> +extern bool bpf_lsm_initialized __ro_after_init;
> +
>  #define LSM_HOOK(RET, DEFAULT, NAME, ...) \
>  	RET bpf_lsm_##NAME(__VA_ARGS__);
>  #include <linux/lsm_hook_defs.h>
> @@ -56,6 +58,8 @@ bool bpf_lsm_hook_returns_errno(u32 btf_id);
>  
>  #else /* !CONFIG_BPF_LSM */
>  
> +#define bpf_lsm_initialized false
> +
>  static inline bool bpf_lsm_is_sleepable_hook(u32 btf_id)
>  {
>  	return false;
> diff --git a/kernel/bpf/bpf_inode_storage.c b/kernel/bpf/bpf_inode_storage.c
> index 0da8d923e39d..f9e81060c1f4 100644
> --- a/kernel/bpf/bpf_inode_storage.c
> +++ b/kernel/bpf/bpf_inode_storage.c
> @@ -178,6 +178,15 @@ static int notsupp_get_next_key(struct bpf_map *map, void *key,
>  
>  static struct bpf_map *inode_storage_map_alloc(union bpf_attr *attr)
>  {
> +	/*
> +	 * Do not allow allocation of BPF_MAP_TYPE_INODE_STORAGE if the BPF LSM
> +	 * was not initialized by the LSM framework at boot. Without proper
> +	 * initialization, the BPF inode security blob offset remains unprepared,
> +	 * causing bpf_inode() to calculate an invalid memory offset and corrupt
> +	 * inode->i_security.
> +	 */
> +	if (!bpf_lsm_initialized)
> +		return ERR_PTR(-EOPNOTSUPP);
>  	return bpf_local_storage_map_alloc(attr, &inode_cache);
>  }
>  
> diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c
> index 40efde233f3a..7b98f5d1e2be 100644
> --- a/security/bpf/hooks.c
> +++ b/security/bpf/hooks.c
> @@ -7,6 +7,8 @@
>  #include <linux/bpf_lsm.h>
>  #include <uapi/linux/lsm.h>
>  
> +bool bpf_lsm_initialized __ro_after_init;
> +
>  static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = {
>  	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
>  	LSM_HOOK_INIT(NAME, bpf_lsm_##NAME),
> @@ -24,6 +26,7 @@ static int __init bpf_lsm_init(void)
>  {
>  	security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks),
>  			   &bpf_lsmid);
> +	bpf_lsm_initialized = true;
>  	pr_info("LSM support for eBPF active\n");
>  	return 0;
>  }


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH bpf-next] bpf: reject BPF_MAP_TYPE_INODE_STORAGE creation if BPF LSM is uninitialized
  2026-06-28 20:11 [PATCH bpf-next] bpf: reject BPF_MAP_TYPE_INODE_STORAGE creation if BPF LSM is uninitialized Matt Bobrowski
  2026-06-29  5:25 ` Emil Tsalapatis
@ 2026-06-29  6:30 ` Amery Hung
  2026-06-30 15:31 ` Daniel Borkmann
  2 siblings, 0 replies; 5+ messages in thread
From: Amery Hung @ 2026-06-29  6:30 UTC (permalink / raw)
  To: Matt Bobrowski
  Cc: bpf, Alexei Starovoitov, Daniel Borkmann, Paul Moore,
	Andrii Nakryiko, Martin KaFai Lau, Eduard Zingerman, Song Liu,
	Yonghong Song, Jiri Olsa, oxsignal

On Sun, Jun 28, 2026 at 1:11 PM Matt Bobrowski <mattbobrowski@google.com> wrote:
>
> When CONFIG_BPF_LSM=y is set, BPF inode storage maps
> (BPF_MAP_TYPE_INODE_STORAGE) are compiled into the kernel. However,
> if the BPF LSM is not explicitly enabled at boot time (e.g. omitted
> from the "lsm=" boot parameter), lsm_prepare() is never executed for
> the BPF LSM.
>
> Consequently, the BPF inode security blob offset
> (bpf_lsm_blob_sizes.lbs_inode) is never initialized and remains at its
> default compiled size of 8 bytes instead of being updated to a valid
> offset past the reserved struct rcu_head (typically 16 bytes or more).
>
> When a privileged user creates and updates a
> BPF_MAP_TYPE_INODE_STORAGE map, bpf_inode() evaluates
> inode->i_security + 8. This erroneously aliases the struct
> rcu_head.func callback pointer at the beginning of the
> inode->i_security blob. During subsequent map element cleanup or inode
> destruction, writing NULL to owner_storage clears the queued RCU
> callback pointer. When rcu_do_batch() later executes the queued
> callback, it attempts an instruction fetch at address 0x0, triggering
> an immediate kernel panic.
>
> Fix this by introducing a global bpf_lsm_initialized boolean flag
> marked with __ro_after_init. Set this flag to true inside
> bpf_lsm_init() when the LSM framework successfully registers the BPF
> LSM. Gate map allocation in inode_storage_map_alloc() on this flag,
> returning -EOPNOTSUPP if the BPF LSM is in turn uninitialized.
>
> This fail-fast approach prevents userspace from allocating inode
> storage maps when the supporting BPF LSM infrastructure is absent,
> avoiding zombie map states.
>
> Fixes: 8ea636848aca ("bpf: Implement bpf_local_storage for inodes")
> Reported-by: oxsignal <awo@kakao.com>
> Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>

Reviewed-by: Amery Hung <ameryhung@gmail.com>

> ---
>  include/linux/bpf_lsm.h        | 4 ++++
>  kernel/bpf/bpf_inode_storage.c | 9 +++++++++
>  security/bpf/hooks.c           | 3 +++
>  3 files changed, 16 insertions(+)
>
> diff --git a/include/linux/bpf_lsm.h b/include/linux/bpf_lsm.h
> index 143775a27a2a..dda272d78f01 100644
> --- a/include/linux/bpf_lsm.h
> +++ b/include/linux/bpf_lsm.h
> @@ -14,6 +14,8 @@
>
>  #ifdef CONFIG_BPF_LSM
>
> +extern bool bpf_lsm_initialized __ro_after_init;
> +
>  #define LSM_HOOK(RET, DEFAULT, NAME, ...) \
>         RET bpf_lsm_##NAME(__VA_ARGS__);
>  #include <linux/lsm_hook_defs.h>
> @@ -56,6 +58,8 @@ bool bpf_lsm_hook_returns_errno(u32 btf_id);
>
>  #else /* !CONFIG_BPF_LSM */
>
> +#define bpf_lsm_initialized false
> +
>  static inline bool bpf_lsm_is_sleepable_hook(u32 btf_id)
>  {
>         return false;
> diff --git a/kernel/bpf/bpf_inode_storage.c b/kernel/bpf/bpf_inode_storage.c
> index 0da8d923e39d..f9e81060c1f4 100644
> --- a/kernel/bpf/bpf_inode_storage.c
> +++ b/kernel/bpf/bpf_inode_storage.c
> @@ -178,6 +178,15 @@ static int notsupp_get_next_key(struct bpf_map *map, void *key,
>
>  static struct bpf_map *inode_storage_map_alloc(union bpf_attr *attr)
>  {
> +       /*
> +        * Do not allow allocation of BPF_MAP_TYPE_INODE_STORAGE if the BPF LSM
> +        * was not initialized by the LSM framework at boot. Without proper
> +        * initialization, the BPF inode security blob offset remains unprepared,
> +        * causing bpf_inode() to calculate an invalid memory offset and corrupt
> +        * inode->i_security.
> +        */
> +       if (!bpf_lsm_initialized)
> +               return ERR_PTR(-EOPNOTSUPP);
>         return bpf_local_storage_map_alloc(attr, &inode_cache);
>  }
>
> diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c
> index 40efde233f3a..7b98f5d1e2be 100644
> --- a/security/bpf/hooks.c
> +++ b/security/bpf/hooks.c
> @@ -7,6 +7,8 @@
>  #include <linux/bpf_lsm.h>
>  #include <uapi/linux/lsm.h>
>
> +bool bpf_lsm_initialized __ro_after_init;
> +
>  static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = {
>         #define LSM_HOOK(RET, DEFAULT, NAME, ...) \
>         LSM_HOOK_INIT(NAME, bpf_lsm_##NAME),
> @@ -24,6 +26,7 @@ static int __init bpf_lsm_init(void)
>  {
>         security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks),
>                            &bpf_lsmid);
> +       bpf_lsm_initialized = true;
>         pr_info("LSM support for eBPF active\n");
>         return 0;
>  }
> --
> 2.55.0.rc0.799.gd6f94ed593-goog
>
>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH bpf-next] bpf: reject BPF_MAP_TYPE_INODE_STORAGE creation if BPF LSM is uninitialized
  2026-06-28 20:11 [PATCH bpf-next] bpf: reject BPF_MAP_TYPE_INODE_STORAGE creation if BPF LSM is uninitialized Matt Bobrowski
  2026-06-29  5:25 ` Emil Tsalapatis
  2026-06-29  6:30 ` Amery Hung
@ 2026-06-30 15:31 ` Daniel Borkmann
  2026-07-02 20:55   ` Matt Bobrowski
  2 siblings, 1 reply; 5+ messages in thread
From: Daniel Borkmann @ 2026-06-30 15:31 UTC (permalink / raw)
  To: Matt Bobrowski, bpf
  Cc: Alexei Starovoitov, Paul Moore, Andrii Nakryiko, Martin KaFai Lau,
	Eduard Zingerman, Song Liu, Yonghong Song, Jiri Olsa, oxsignal

On 6/28/26 10:11 PM, Matt Bobrowski wrote:
> When CONFIG_BPF_LSM=y is set, BPF inode storage maps
> (BPF_MAP_TYPE_INODE_STORAGE) are compiled into the kernel. However,
> if the BPF LSM is not explicitly enabled at boot time (e.g. omitted
> from the "lsm=" boot parameter), lsm_prepare() is never executed for
> the BPF LSM.
> 
> Consequently, the BPF inode security blob offset
> (bpf_lsm_blob_sizes.lbs_inode) is never initialized and remains at its
> default compiled size of 8 bytes instead of being updated to a valid
> offset past the reserved struct rcu_head (typically 16 bytes or more).
> 
> When a privileged user creates and updates a
> BPF_MAP_TYPE_INODE_STORAGE map, bpf_inode() evaluates
> inode->i_security + 8. This erroneously aliases the struct
> rcu_head.func callback pointer at the beginning of the
> inode->i_security blob. During subsequent map element cleanup or inode
> destruction, writing NULL to owner_storage clears the queued RCU
> callback pointer. When rcu_do_batch() later executes the queued
> callback, it attempts an instruction fetch at address 0x0, triggering
> an immediate kernel panic.
> 
> Fix this by introducing a global bpf_lsm_initialized boolean flag
> marked with __ro_after_init. Set this flag to true inside
> bpf_lsm_init() when the LSM framework successfully registers the BPF
> LSM. Gate map allocation in inode_storage_map_alloc() on this flag,
> returning -EOPNOTSUPP if the BPF LSM is in turn uninitialized.
> 
> This fail-fast approach prevents userspace from allocating inode
> storage maps when the supporting BPF LSM infrastructure is absent,
> avoiding zombie map states.
> 
> Fixes: 8ea636848aca ("bpf: Implement bpf_local_storage for inodes")
> Reported-by: oxsignal <awo@kakao.com>
> Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>

(Looks like pwbot is asleep; applied to bpf.)

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH bpf-next] bpf: reject BPF_MAP_TYPE_INODE_STORAGE creation if BPF LSM is uninitialized
  2026-06-30 15:31 ` Daniel Borkmann
@ 2026-07-02 20:55   ` Matt Bobrowski
  0 siblings, 0 replies; 5+ messages in thread
From: Matt Bobrowski @ 2026-07-02 20:55 UTC (permalink / raw)
  To: Daniel Borkmann
  Cc: bpf, Alexei Starovoitov, Paul Moore, Andrii Nakryiko,
	Martin KaFai Lau, Eduard Zingerman, Song Liu, Yonghong Song,
	Jiri Olsa, oxsignal

On Tue, Jun 30, 2026 at 05:31:13PM +0200, Daniel Borkmann wrote:
> On 6/28/26 10:11 PM, Matt Bobrowski wrote:
> > When CONFIG_BPF_LSM=y is set, BPF inode storage maps
> > (BPF_MAP_TYPE_INODE_STORAGE) are compiled into the kernel. However,
> > if the BPF LSM is not explicitly enabled at boot time (e.g. omitted
> > from the "lsm=" boot parameter), lsm_prepare() is never executed for
> > the BPF LSM.
> > 
> > Consequently, the BPF inode security blob offset
> > (bpf_lsm_blob_sizes.lbs_inode) is never initialized and remains at its
> > default compiled size of 8 bytes instead of being updated to a valid
> > offset past the reserved struct rcu_head (typically 16 bytes or more).
> > 
> > When a privileged user creates and updates a
> > BPF_MAP_TYPE_INODE_STORAGE map, bpf_inode() evaluates
> > inode->i_security + 8. This erroneously aliases the struct
> > rcu_head.func callback pointer at the beginning of the
> > inode->i_security blob. During subsequent map element cleanup or inode
> > destruction, writing NULL to owner_storage clears the queued RCU
> > callback pointer. When rcu_do_batch() later executes the queued
> > callback, it attempts an instruction fetch at address 0x0, triggering
> > an immediate kernel panic.
> > 
> > Fix this by introducing a global bpf_lsm_initialized boolean flag
> > marked with __ro_after_init. Set this flag to true inside
> > bpf_lsm_init() when the LSM framework successfully registers the BPF
> > LSM. Gate map allocation in inode_storage_map_alloc() on this flag,
> > returning -EOPNOTSUPP if the BPF LSM is in turn uninitialized.
> > 
> > This fail-fast approach prevents userspace from allocating inode
> > storage maps when the supporting BPF LSM infrastructure is absent,
> > avoiding zombie map states.
> > 
> > Fixes: 8ea636848aca ("bpf: Implement bpf_local_storage for inodes")
> > Reported-by: oxsignal <awo@kakao.com>
> > Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>
> 
> (Looks like pwbot is asleep; applied to bpf.)

Thank you Daniel!

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-07-02 20:55 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-28 20:11 [PATCH bpf-next] bpf: reject BPF_MAP_TYPE_INODE_STORAGE creation if BPF LSM is uninitialized Matt Bobrowski
2026-06-29  5:25 ` Emil Tsalapatis
2026-06-29  6:30 ` Amery Hung
2026-06-30 15:31 ` Daniel Borkmann
2026-07-02 20:55   ` Matt Bobrowski

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox