On Thu, 2026-04-09 at 15:12 +0300, Leon Romanovsky wrote: > On Tue, Mar 31, 2026 at 08:56:32AM +0300, Leon Romanovsky wrote: > > From Chiara: > > > > This patch set introduces a new BPF LSM hook to validate firmware commands > > triggered by userspace before they are submitted to the device. The hook > > runs after the command buffer is constructed, right before it is sent > > to firmware. > > <...> > > > --- > > Chiara Meiohas (4): > > bpf: add firmware command validation hook > > selftests/bpf: add test cases for fw_validate_cmd hook > > RDMA/mlx5: Externally validate FW commands supplied in DEVX interface > > fwctl/mlx5: Externally validate FW commands supplied in fwctl > > Hi, > > Can we get Ack from BPF/LSM side?
+ Paul, linux-security-module ML Hi probably you also want to get an Ack from the LSM maintainer (added in CC with the list). Most likely, he will also ask you to create the security_*() functions counterparts of the BPF hooks. Roberto > Thanks > > > > > drivers/fwctl/mlx5/main.c | 12 +++++- > > drivers/infiniband/hw/mlx5/devx.c | 49 > > ++++++++++++++++++------ > > include/linux/bpf_lsm.h | 41 ++++++++++++++++++++ > > kernel/bpf/bpf_lsm.c | 11 ++++++ > > tools/testing/selftests/bpf/progs/verifier_lsm.c | 23 +++++++++++ > > 5 files changed, 122 insertions(+), 14 deletions(-) > > --- > > base-commit: 11439c4635edd669ae435eec308f4ab8a0804808 > > change-id: 20260309-fw-lsm-hook-7c094f909ffc > > > > Best regards, > > -- > > Leon Romanovsky <[email protected]> > >
