Merge branch 'add-bpf-lsm-return-value-range-check-bpf-part'
Xu Kuohai says:
====================
Add BPF LSM return value range check, BPF part
From: Xu Kuohai <xukuohai@huawei.com>
LSM BPF prog may make kernel panic when returning an unexpected value,
such as returning positive value on hook file_alloc_security.
To fix it, series [1] refactored LSM hook return values and added
BPF return value check on top of that. Since the refactoring of LSM
hooks and checking BPF prog return value patches is not closely related,
this series separates BPF-related patches from [1].
v2:
- Update Shung-Hsi's patch with [3]
v1: https://lore.kernel.org/bpf/
20240719081749.769748-1-xukuohai@huaweicloud.com/
Changes to [1]:
1. Extend LSM disabled list to include hooks refactored in [1] to avoid
dependency on the hooks return value refactoring patches.
2. Replace the special case patch for bitwise AND on [-1, 0] with Shung-Hsi's
general bitwise AND improvement patch [2].
3. Remove unused patches.
[1] https://lore.kernel.org/bpf/
20240711111908.
3817636-1-xukuohai@huaweicloud.com
https://lore.kernel.org/bpf/
20240711113828.
3818398-1-xukuohai@huaweicloud.com
[2] https://lore.kernel.org/bpf/ykuhustu7vt2ilwhl32kj655xfdgdlm2xkl5rff6tw2ycksovp@ss2n4gpjysnw
[3] https://lore.kernel.org/bpf/
20240719081702.137173-1-shung-hsi.yu@suse.com/
Shung-Hsi Yu (1):
bpf, verifier: improve signed ranges inference for BPF_AND
====================
Link: https://lore.kernel.org/r/20240719110059.797546-1-xukuohai@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
projects / users / dwmw2 / linux.git / commit