| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <74a70504-8ff8-4d97-b35f-774364779889@I-love.SAKURA.ne.jp>
Date: Wed, 4 Feb 2026 19:15:03 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: Paul Moore <paul@...l-moore.com>, SELinux <selinux@...r.kernel.org>,
linux-security-module <linux-security-module@...r.kernel.org>
Cc: Steffen Klassert <steffen.klassert@...unet.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>,
Network Development <netdev@...r.kernel.org>
Subject: Re: [PATCH] xfrm: kill xfrm_dev_{state,policy}_flush_secctx_check()
On 2026/02/04 7:40, Paul Moore wrote:
> This is not an unusual request for such a proposed change, and
> is something that I would expect a LSM maintainer to do without much
> hesitation. If you are unwilling to investigate this, can you explain
> why?
Because I'm not familiar with how XFRM works; I'm not a user of LSM XFRM hooks.
I can't judge whether the current code is COMPREHENSIVELY GATING;
I can't imagine what the state you call COMPREHENSIVELY GATING is.
P.S. For your investigation, I attach a new report that syzbot found today, and
I'll drop "xfrm: always fail xfrm_dev_{state,policy}_flush_secctx_check()"
because these three reports will be sufficient for people to understand that
we need to kill xfrm_dev_{state,policy}_flush_secctx_check() calls.
View attachment "report-0202-kernfs.txt" of type "text/plain" (90653 bytes)
Powered by blists - more mailing lists