Re: [PATCH] security: remove BUG_ON in security_skb_classify_flow

Next message: Baoli.Zhang: "[PATCH v1] tpm: restore timeout for key creation commands"
Previous message: Kuninori Morimoto: "Re: [PATCH v4 05/12] ASoC: rsnd: Add audmacpp clock and reset support for RZ/G3E"
In reply to: Serge E. Hallyn: "Re: [PATCH] security: remove BUG_ON in security_skb_classify_flow"
Next in thread: Serge E. Hallyn: "Re: [PATCH] security: remove BUG_ON in security_skb_classify_flow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jiayuan Chen

Date: Thu Apr 09 2026 - 21:56:54 EST

On 4/10/26 8:58 AM, Serge E. Hallyn wrote:

On Wed, Apr 08, 2026 at 07:42:57PM +0800, Jiayuan Chen wrote:

A BPF program attached to the xfrm_decode_session hook can return a
non-zero value, which causes BUG_ON(rc) in security_skb_classify_flow()
to trigger a kernel panic.

It would seem worth it to have pointed at the previous discussion at

https://lore.kernel.org/all/CAEjxPJ5aA01in+Z1yLF1cwe-3uqL_E8SKGK4J294D5eRG5__5Q@xxxxxxxxxxxxxx/

Based on that, I guess this is probably ok, but still,

Remove the BUG_ON and change the return type from void to int, so that
callers can optionally handle the error.

but you don't have the existing callers handling the error. It's
conceivable they won't care, but it's also possible that they were
counting on a BUG_ON in that case.

What *should* callers (icmp_reply, etc) do if an error code is
returned? Should they ignore it? In that case, would it be
better to change security_skb_classify_flow() to return void?

Thanks for your pointer.

So I think Feng's patch is sufficient and can by applied ?