Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp2231101imn;
        Mon, 1 Aug 2022 16:31:51 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1uSC8vyjA5STHQYVEwU/SrocYnMLS6o8rzlWiePi0FaL09q8/HwT/WpPcgM/B+lxiO1VdjJ
X-Received: by 2002:aa7:cc13:0:b0:43d:4c1:3806 with SMTP id q19-20020aa7cc13000000b0043d04c13806mr17783154edt.129.1659396710874;
        Mon, 01 Aug 2022 16:31:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1659396710; cv=none;
        d=google.com; s=arc-20160816;
        b=pwguZ9FyRD0e9UACms1XaPkB7Ajw6pK07+IA4bQlRct9+YJ/4eSjIYFsRwbZky76zt
         IgYZ6d+uesEmbo55aHYGtyAj92ieskqBcCDUUxgVm30f35UEo6uW2eAqBQs47YyWIyhN
         9ZFLXqeLTfohUTYyCBk/P9nMpEIdSWEXZ+7xEiUCeuvUscAG4g1Ntb1FH0+5P3F0iFKJ
         mbFQrHTKpBKknwK7UNumA5+neNt//5oXtWID9h380OHJStvvsM+oe9q/DXGr3bDIkoZK
         AiO9EKB0MohN/owN0SzKUBQ+MmRw8LB0uWJuTIaz85NXPBbAnA4hlK2IxhGkE8hysX3s
         0dxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=rFaG78hGppqyEaV7sglOcQ+vFBt1MT2K6UHXnsijDug=;
        b=lC0anEkLJX9sXQaMidI3s3riJlovthoP2yRal2URsKbLYhISFFBTORtsFbU/raSI1u
         jZVTJZOtWYQdd6FTwd1CK7pZvZkXjA1hkCCBY+/tWMYcmuw67QDGP5UxDHHF1HHOraaR
         G9tKHsvqqU5lgMOFIsos1xbgmgBwbbQ8tj+/YYoR2eUnpISYkxEvgpXlkPKolXOs8P10
         8gaxf1mGQDSn81a0Cvdwg4d2VXuC7Pjv1dugB58SqZPSoMQmj57ZQUtkSIbVRqd9QF11
         EkxtzSNPP0F0EZH/WEblFK69vPdgrEFN8Lq75VrUmQ3wCeOFFmaDxXYpbYENnKxW/qM8
         vPwg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=0gpOV2jR;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id k10-20020a50c8ca000000b0043acc275debsi7542620edh.296.2022.08.01.16.31.26;
        Mon, 01 Aug 2022 16:31:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=0gpOV2jR;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235333AbiHAXGV (ORCPT <rfc822;alvinliu630@gmail.com>
        + 99 others); Mon, 1 Aug 2022 19:06:21 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34430 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234875AbiHAXGT (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 1 Aug 2022 19:06:19 -0400
Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A190729836
        for <linux-kernel@vger.kernel.org>; Mon,  1 Aug 2022 16:06:17 -0700 (PDT)
Received: by mail-oi1-x22f.google.com with SMTP id u9so14672884oiv.12
        for <linux-kernel@vger.kernel.org>; Mon, 01 Aug 2022 16:06:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20210112.gappssmtp.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc;
        bh=rFaG78hGppqyEaV7sglOcQ+vFBt1MT2K6UHXnsijDug=;
        b=0gpOV2jR9Ldyi7tWjReQ6fHVuZkXi246dTuVekkLE+udpqmfspyyVLV1/zMWAChxc2
         1Ac+d3ITcUQnvPOO7CPt7aVGZa8CfqGOI6sNHCIcsZZnbWq74mAANt7OyqDleRsvdqzL
         YshLVoEhtsghq6x/JkRJvx9rq1ZImRE9esUruyh0fXKTIiSDj0GJLswrLKDp2ersZB8F
         Hu0atpgTHkw0Zi1lKmC2zz5Y4/LG82SL0GX+pwK1VWmiDRPPvrKP1JhVS/xCSLYLwmzy
         909xLAh8M/2hvLyflN9Sq5ICwKhSKT2w2m7GIIJqqQNUukxqnyJ2+ypTBIGq0DJXYWpa
         uUOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc;
        bh=rFaG78hGppqyEaV7sglOcQ+vFBt1MT2K6UHXnsijDug=;
        b=6W1hJ6ZzXNflYyzLpviwiPLg814Cs/dz2KLxTClUXfTa3L8WylrupFjYo11JZYl/Ez
         df5GSqDOgpvYOQEDPZYPobjM7bsIdfT9wno6XuGo4okui6CIS+C53oxHcNdH5XP98HpT
         wYObYcD+aOwYwCjyVLt6veDBa7zR5J5cpLmK1wDV47DNDCwYMlN3Ft6w3DDbsRvDxmKu
         lVm41zKmJaeiCPC61jUyObkawdZjhZApWKJ03jJ6exeZAFeLirsmMjCtC7aiQQ+ygLTG
         Rx3AqZ5W8/uyeRDpYqNbs7ZwtHw/Pra4pORQULgit/7vcF2zSMzls4qvnqGmwB6wHYiP
         rYgg==
X-Gm-Message-State: AJIora8WqD2UZuNc9Yu00M2tu7bwlC5rHNiOA4bNAM9126CwEwEzIk94
        QnLMZDttQdZYZAV+99v3nvkoJupMI74flWLCAaiv
X-Received: by 2002:a05:6808:2389:b0:33a:cbdb:f37a with SMTP id
 bp9-20020a056808238900b0033acbdbf37amr7455375oib.136.1659395176996; Mon, 01
 Aug 2022 16:06:16 -0700 (PDT)
MIME-Version: 1.0
References: <20220801180146.1157914-1-fred@cloudflare.com> <20220801180146.1157914-3-fred@cloudflare.com>
 <20220801230030.w4rgzlncgdrcz7q2@macbook-pro-3.dhcp.thefacebook.com>
In-Reply-To: <20220801230030.w4rgzlncgdrcz7q2@macbook-pro-3.dhcp.thefacebook.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Mon, 1 Aug 2022 19:06:06 -0400
Message-ID: <CAHC9VhQZAdpQuWu7nHtGq2EtSyD=16awQ5p46Wz6Xd2Mwoew4A@mail.gmail.com>
Subject: Re: [PATCH v4 2/4] bpf-lsm: Make bpf_lsm_userns_create() sleepable
To:     Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc:     Frederick Lawler <fred@cloudflare.com>, kpsingh@kernel.org,
        revest@chromium.org, jackmanb@chromium.org, ast@kernel.org,
        daniel@iogearbox.net, andrii@kernel.org, kafai@fb.com,
        songliubraving@fb.com, yhs@fb.com, john.fastabend@gmail.com,
        jmorris@namei.org, serge@hallyn.com,
        stephen.smalley.work@gmail.com, eparis@parisplace.org,
        shuah@kernel.org, brauner@kernel.org, casey@schaufler-ca.com,
        ebiederm@xmission.com, bpf@vger.kernel.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
        linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org, kernel-team@cloudflare.com,
        cgzones@googlemail.com, karl@bigbadwolfsecurity.com
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Aug 1, 2022 at 7:00 PM Alexei Starovoitov
<alexei.starovoitov@gmail.com> wrote:
>
> On Mon, Aug 01, 2022 at 01:01:44PM -0500, Frederick Lawler wrote:
> > Users may want to audit calls to security_create_user_ns() and access
> > user space memory. Also create_user_ns() runs without
> > pagefault_disabled(). Therefore, make bpf_lsm_userns_create() sleepable
> > for mandatory access control policies.
> >
> > Signed-off-by: Frederick Lawler <fred@cloudflare.com>
> > Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>
>
> We can take this set through bpf-next tree if it's easier.

Thanks Alexei, but I'm currently planning to merge it into the LSM
next branch once the merge window closes.

> Or if it goes through other trees:
> Acked-by: Alexei Starovoitov <ast@kernel.org>

I appreciate the review/ACK, would you mind reviewing the tests too (patch 3/4)?

-- 
paul-moore.com