From: "Serge E. Hallyn" <serge@hallyn.com>
To: Jiayuan Chen <jiayuan.chen@linux.dev>
Cc: "Serge E. Hallyn" <serge@hallyn.com>,
Stephen Smalley <sds@epoch.ncsc.mil>,
linux-security-module@vger.kernel.org, paul@paul-moore.com,
jmorris@namei.org, linux-kernel@vger.kernel.org,
Kaiyan Mei <M202472210@hust.edu.cn>,
Yinhao Hu <dddddd@hust.edu.cn>, Dongliang Mu <dzm91@hust.edu.cn>
Subject: Re: [PATCH] security: remove BUG_ON in security_skb_classify_flow
Date: Fri, 10 Apr 2026 18:34:06 -0500 [thread overview]
Message-ID: <admI7uhx8OZ5NzFS@mail.hallyn.com> (raw)
In-Reply-To: <a17199c6-fb52-493b-b76a-505faf27cfa0@linux.dev>
On Fri, Apr 10, 2026 at 09:56:22AM +0800, Jiayuan Chen wrote:
>
> On 4/10/26 8:58 AM, Serge E. Hallyn wrote:
> > On Wed, Apr 08, 2026 at 07:42:57PM +0800, Jiayuan Chen wrote:
> > > A BPF program attached to the xfrm_decode_session hook can return a
> > > non-zero value, which causes BUG_ON(rc) in security_skb_classify_flow()
> > > to trigger a kernel panic.
> > It would seem worth it to have pointed at the previous discussion at
> >
> > https://lore.kernel.org/all/CAEjxPJ5aA01in+Z1yLF1cwe-3uqL_E8SKGK4J294D5eRG5__5Q@mail.gmail.com/
> >
> > Based on that, I guess this is probably ok, but still,
> >
> > > Remove the BUG_ON and change the return type from void to int, so that
> > > callers can optionally handle the error.
> > but you don't have the existing callers handling the error. It's
> > conceivable they won't care, but it's also possible that they were
> > counting on a BUG_ON in that case.
> >
> > What *should* callers (icmp_reply, etc) do if an error code is
> > returned? Should they ignore it? In that case, would it be
> > better to change security_skb_classify_flow() to return void?
> >
> Thanks for your pointer.
>
> So I think Feng's patch is sufficient and can by applied ?
Well, selinux_xfrm_decode_session() calls selinux_xfrm_skb_sid_ingress()
which *can* return -EINVAL.
So I'd like to know, what is supposed to happen in that case?
Stephen, do you know? Is it safe for callers to ignore this?
prev parent reply other threads:[~2026-04-10 23:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-08 11:42 [PATCH] security: remove BUG_ON in security_skb_classify_flow Jiayuan Chen
2026-04-10 0:58 ` Serge E. Hallyn
2026-04-10 1:56 ` Jiayuan Chen
2026-04-10 23:34 ` Serge E. Hallyn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=admI7uhx8OZ5NzFS@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=M202472210@hust.edu.cn \
--cc=dddddd@hust.edu.cn \
--cc=dzm91@hust.edu.cn \
--cc=jiayuan.chen@linux.dev \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sds@epoch.ncsc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox