* [PATCH] security: remove BUG_ON in security_skb_classify_flow
@ 2026-04-08 11:42 Jiayuan Chen
0 siblings, 0 replies; only message in thread
From: Jiayuan Chen @ 2026-04-08 11:42 UTC (permalink / raw)
To: linux-security-module, paul
Cc: jmorris, serge, linux-kernel, Jiayuan Chen, Kaiyan Mei, Yinhao Hu,
Dongliang Mu
A BPF program attached to the xfrm_decode_session hook can return a
non-zero value, which causes BUG_ON(rc) in security_skb_classify_flow()
to trigger a kernel panic.
Remove the BUG_ON and change the return type from void to int, so that
callers can optionally handle the error.
Reported-by: Kaiyan Mei <M202472210@hust.edu.cn>
Reported-by: Yinhao Hu <dddddd@hust.edu.cn>
Reported-by: Dongliang Mu <dzm91@hust.edu.cn>
Closes: https://lore.kernel.org/bpf/4c4d04ba.6c12b.19c039b69e6.Coremail.kaiyanm@hust.edu.cn/
Signed-off-by: Jiayuan Chen <jiayuan.chen@linux.dev>
---
include/linux/security.h | 7 ++++---
security/security.c | 16 +++++++++++-----
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index ee88dd2d2d1f..6d210dc4c649 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1975,7 +1975,7 @@ int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp,
const struct flowi_common *flic);
int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
-void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic);
+int security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic);
#else /* CONFIG_SECURITY_NETWORK_XFRM */
@@ -2038,9 +2038,10 @@ static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
return 0;
}
-static inline void security_skb_classify_flow(struct sk_buff *skb,
- struct flowi_common *flic)
+static inline int security_skb_classify_flow(struct sk_buff *skb,
+ struct flowi_common *flic)
{
+ return 0;
}
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
diff --git a/security/security.c b/security/security.c
index a26c1474e2e4..26a34eb363c2 100644
--- a/security/security.c
+++ b/security/security.c
@@ -4990,12 +4990,18 @@ int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
return call_int_hook(xfrm_decode_session, skb, secid, 1);
}
-void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic)
+/**
+ * security_skb_classify_flow() - Set the flow's secid from the security label
+ * @skb: packet
+ * @flic: flow common structure to set
+ *
+ * Decode the packet in @skb and set the flow's secid in @flic.
+ *
+ * Return: Return 0 if successful.
+ */
+int security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic)
{
- int rc = call_int_hook(xfrm_decode_session, skb, &flic->flowic_secid,
- 0);
-
- BUG_ON(rc);
+ return call_int_hook(xfrm_decode_session, skb, &flic->flowic_secid, 0);
}
EXPORT_SYMBOL(security_skb_classify_flow);
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
--
2.43.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-08 11:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-08 11:42 [PATCH] security: remove BUG_ON in security_skb_classify_flow Jiayuan Chen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox