bpf: Fix setting retval to -EPERM for cgroup hooks not returning errno#12430
Open
kernel-patches-daemon-bpf[bot] wants to merge 2 commits into
Open
bpf: Fix setting retval to -EPERM for cgroup hooks not returning errno#12430kernel-patches-daemon-bpf[bot] wants to merge 2 commits into
kernel-patches-daemon-bpf[bot] wants to merge 2 commits into
Conversation
Author
|
Upstream branch: 140fa23 |
kernel-patches-daemon-bpf
Bot
force-pushed
the
bpf-next_base
branch
from
818f7b1 to
d9ed865
Compare
Author
|
Upstream branch: 2e8ad1f |
kernel-patches-daemon-bpf
Bot
force-pushed
the
series/1109253=>bpf-next
branch
from
c17d56d to
aca79a2
Compare
kernel-patches-daemon-bpf
Bot
force-pushed
the
bpf-next_base
branch
from
d9ed865 to
1b36123
Compare
When a cgroup BPF program exits with 0, bpf_prog_run_array_cg() sets the hook return value to -EPERM if it is not a valid errno. This is correct for errno-based hooks, which return 0 on success and negative errno on failure, but wrong for boolean and void LSM hooks. Boolean LSM hooks should only return true or false, and void LSM hooks have no return value at all. Fix it by skipping setting -EPERM for hooks not returning errno. Fixes: 69fd337 ("bpf: per-cgroup lsm flavor") Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
Author
|
Upstream branch: 30dee2c |
Add test to check the return value when a BPF program exits with 0 for a boolean and an errno LSM hook. For each hook, two BPF programs are attached. The first program returns 0 without calling bpf_set_retval() to exercise the return value translation logic, while the second program reads the retval via bpf_get_retval(). Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
kernel-patches-daemon-bpf
Bot
force-pushed
the
series/1109253=>bpf-next
branch
from
aca79a2 to
2cf3cdd
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: Fix setting retval to -EPERM for cgroup hooks not returning errno
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1109253