lsm,bpf: fix security_bpf_prog_load() error handling by kernel-patches-daemon-bpf[bot] · Pull Request #12169 · kernel-patches/bpf

kernel-patches-daemon-bpf · 2026-05-23T16:13:18Z

Pull request for series with
subject: lsm,bpf: fix security_bpf_prog_load() error handling
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1099848

kernel-patches-daemon-bpf · 2026-05-23T16:13:20Z

Upstream branch: b1fcdf9
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1099848
version: 1

kernel-patches-review-bot · 2026-05-23T17:32:06Z

commit a03af62bb4a3613aadacc8cb75f0007d761e785a
Author: Paul Moore <paul@paul-moore.com>

lsm,bpf: fix security_bpf_prog_load() error handling

This commit fixes the error handling in bpf_prog_load() to avoid calling
security_bpf_prog_free() when security_bpf_prog_load() fails. The LSM
handles cleanup of partial state before returning with an error.

Cc: bpf@vger.kernel.org
Cc: linux-security-module@vger.kernel.org

> commit a03af62bb4a3613aadacc8cb75f0007d761e785a
> Author: Paul Moore <paul@paul-moore.com>
> Date:   Sat May 23 12:00:26 2026 -0400
>
>     lsm,bpf: fix security_bpf_prog_load() error handling
>
>     If security_bpf_prog_load() fails there is no need to call into
>     security_bpf_prog_free() as the LSM will handle the cleanup of any partial
>     LSM state before returning to the caller with an error.  Thankfully this
>     isn't an issue with any of the existing code as the LSMs which currently
>     provide BPF hook callback implementations don't allocate any internal
>     state, but this is something we want to fix for potential future users.
>
>     Cc: bpf@vger.kernel.org
>     Cc: linux-security-module@vger.kernel.org
>     Signed-off-by: Paul Moore <paul@paul-moore.com>

This looks like a bug fix for the error handling logic introduced in
commit b3beebbe6154 which imported the kernel/bpf/syscall.c file with
incorrect error handling for security_bpf_prog_load() failure. Should
this include:

  Fixes: b3beebbe6154 ("adding ci files")

AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

In-Reply-To-Subject: lsm,bpf: fix security_bpf_prog_load() error handling
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/26337503379

kernel-patches-daemon-bpf · 2026-05-23T17:44:35Z

Forwarding comment 4526083059 via email
In-Reply-To: 20260523160025.16363-2-paul@paul-moore.com
Patch: https://patchwork.kernel.org/project/netdevbpf/patch/20260523160025.16363-2-paul@paul-moore.com/

kernel-patches-daemon-bpf · 2026-05-25T13:38:59Z

Upstream branch: eb19eea
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1099848
version: 1

kernel-patches-daemon-bpf · 2026-05-25T15:56:47Z

Upstream branch: 8496d90
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1099848
version: 1

If security_bpf_prog_load() fails there is no need to call into security_bpf_prog_free() as the LSM will handle the cleanup of any partial LSM state before returning to the caller with an error. Thankfully this isn't an issue with any of the existing code as the LSMs which currently provide BPF hook callback implementations don't allocate any internal state, but this is something we want to fix for potential future users. Cc: bpf@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Paul Moore <paul@paul-moore.com>

kernel-patches-daemon-bpf Bot added new bpf-next V1 V1-ci-fail labels May 23, 2026

kernel-patches-review-bot Bot added the ai-review label May 23, 2026

kernel-patches-daemon-bpf Bot removed the ai-review label May 23, 2026

kernel-patches-daemon-bpf Bot force-pushed the bpf-next_base branch from b3beebb to 01a7a7f Compare May 25, 2026 13:37

kernel-patches-daemon-bpf Bot force-pushed the series/1099848=>bpf-next branch from a03af62 to 067515e Compare May 25, 2026 13:39

kernel-patches-daemon-bpf Bot added V1-ci-pass and removed V1-ci-fail labels May 25, 2026

kernel-patches-daemon-bpf Bot force-pushed the bpf-next_base branch from 01a7a7f to f1eeafa Compare May 25, 2026 15:55

kernel-patches-daemon-bpf Bot force-pushed the series/1099848=>bpf-next branch from 067515e to 5740c63 Compare May 25, 2026 15:56

kernel-patches-daemon-bpf Bot added V1-ci-fail and removed V1-ci-pass labels May 25, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lsm,bpf: fix security_bpf_prog_load() error handling#12169

lsm,bpf: fix security_bpf_prog_load() error handling#12169
kernel-patches-daemon-bpf[bot] wants to merge 1 commit into
bpf-next_basefrom
series/1099848=>bpf-next

kernel-patches-daemon-bpf Bot commented May 23, 2026

Uh oh!

kernel-patches-daemon-bpf Bot commented May 23, 2026

Uh oh!

kernel-patches-review-bot Bot commented May 23, 2026

Uh oh!

kernel-patches-daemon-bpf Bot commented May 23, 2026

Uh oh!

kernel-patches-daemon-bpf Bot commented May 25, 2026

Uh oh!

kernel-patches-daemon-bpf Bot commented May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

kernel-patches-daemon-bpf Bot commented May 23, 2026

Uh oh!

kernel-patches-daemon-bpf Bot commented May 23, 2026

Uh oh!

kernel-patches-review-bot Bot commented May 23, 2026

Uh oh!

kernel-patches-daemon-bpf Bot commented May 23, 2026

Uh oh!

kernel-patches-daemon-bpf Bot commented May 25, 2026

Uh oh!

kernel-patches-daemon-bpf Bot commented May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant