From: Feng Yang <yangfeng59949@163.com>
To: casey@schaufler-ca.com
Cc: jmorris@namei.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, paul@paul-moore.com,
serge@hallyn.com, yangfeng59949@163.com
Subject: Re: [PATCH] lsm: Fix the crash issue in xfrm_decode_session
Date: Thu, 19 Mar 2026 10:22:08 +0800 [thread overview]
Message-ID: <20260319022208.69924-1-yangfeng59949@163.com> (raw)
In-Reply-To: <df35542e-d58f-47db-8a4f-92698281a69a@schaufler-ca.com>
On Wed, 18 Mar 2026 10:09:47 -0700, Casey Schaufler wrote:
> On 3/17/2026 11:19 PM, Feng Yang wrote:
> > From: Feng Yang <yangfeng@kylinos.cn>
> >
> > After hooking the following BPF program:
> > SEC("lsm/xfrm_decode_session")
> > int BPF_PROG(lsm_hook_xfrm_decode_session, struct sk_buff *skb, u32 *secid, int ckall)
> > {
> > return 1; // Any non-zero value
> > }
> > Subsequent packet transmission triggers will cause a kernel panic:
> LSM hooks that use or provide secids cannot be stacked. That is,
> you can't provide a BPF LSM hook and an SELinux LSM hook and expect
> correct behavior. Your proposed "fix" removes a legitimate check.
I'm very sorry, I didn't quite understand what you meant.
Maybe my commit message wasn't clear. I only used a BPF LSM hook without SELinux stacking enabled.
Therefore, is it the expected behavior that simply using
SEC("lsm/xfrm_decode_session")
int BPF_PROG(lsm_hook_xfrm_decode_session, struct sk_buff *skb, u32 *secid, int ckall) {
return -1;
}
would cause a kernel panic? If not, and if the BUG_ON check is still necessary,
then does it mean we need to modify the return value validation logic in the BPF
verifier to ensure that only BPF programs returning 0 are accepted for this hook?
Thanks.
next prev parent reply other threads:[~2026-03-19 2:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-18 6:19 [PATCH] lsm: Fix the crash issue in xfrm_decode_session Feng Yang
2026-03-18 8:37 ` Feng Yang
2026-03-18 17:09 ` Casey Schaufler
2026-03-19 2:22 ` Feng Yang [this message]
2026-03-19 17:51 ` Casey Schaufler
2026-03-19 18:22 ` Stephen Smalley
2026-03-20 3:20 ` Feng Yang
2026-03-20 3:24 ` [PATCH RESEND] " Feng Yang
2026-03-20 3:03 ` [PATCH] " Feng Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260319022208.69924-1-yangfeng59949@163.com \
--to=yangfeng59949@163.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox