Received: by 10.213.65.68 with SMTP id h4csp1799230imn;
        Sun, 8 Apr 2018 11:42:46 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+HD6RFR7waN6OKPYdASgYQICOBn9ScelG0jI8A1LJ8K/eQuHfzb/pfPPAwmQsvd50p/gFy
X-Received: by 10.99.113.93 with SMTP id b29mr23136335pgn.243.1523212965959;
        Sun, 08 Apr 2018 11:42:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523212965; cv=none;
        d=google.com; s=arc-20160816;
        b=0p3cxmWFzY6r7j4qNwJZzOZjPS6Dx5huGslR3/iVxxrRnPFFNh2WayG3P8jcp1YLoj
         7h2SYX6yFAiUK5xWk4vLZguNWdw5e0bGQWjEOHz/lHSSSKd10gMoT0HztTJbR1BU5Yiz
         tbYWA1AWL1rRncXK8FPbRraqrMd+o9dxn7Qo8J1rYNAXjk+D2H+C2o+ZyswV5oGw/eaD
         XMH/pR66y/JCJxAsBxbk/rRsaBt/S2VuTuT7rfIERgxjfUp7sFDcRS3DPhayP6s4MaHJ
         oGrtx8itAfqGYRQB84Yqdd3c7dxd9PJufhNjVQfclIvDtpgWMuMDDWXKpp0r0a1MkCgb
         g1FA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=DKNwcsvuPaZ9Oq/60QN58PNDcjTQOfulYq8Gyo4Hgh4=;
        b=veAPyG9LT20O9U/IIzS+WzoffyQIxfWM2BriSOCEm+EkVxTyRXV3bqBCax6n5A4Lg+
         Qyh/UieM/5iHx89w7rn54IG3rfEoWxzFcYfHAYq3s3dhIWl1ci1Gy9eFG2DLTqUJyta3
         udkL67NoKG5YCyLsdw6LpBC21YlaF76Px/wfa14+tqJjSmfT1I+HrYj1ix6wctcXJIzC
         STjCF/O1C7H9qIcoQ7U3h4xGtfnoHlh7bRjL7pcyP762OB8KSQsf79rvvxsYOA5OHkZr
         1qN2kGQd0iWgIJXUe8Bld2pJUNSRl8Jr0CNp54a5jK4sQca5N96nTGPutLDKqKUqOTxG
         a2Aw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=NY3Swd4g;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c1-v6si12437586plz.197.2018.04.08.11.42.08;
        Sun, 08 Apr 2018 11:42:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=NY3Swd4g;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752727AbeDHRnE (ORCPT <rfc822;shettyshivaraj@gmail.com>
        + 99 others); Sun, 8 Apr 2018 13:43:04 -0400
Received: from mail-it0-f47.google.com ([209.85.214.47]:34252 "EHLO
        mail-it0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752081AbeDHRnD (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 8 Apr 2018 13:43:03 -0400
Received: by mail-it0-f47.google.com with SMTP id t192-v6so9627180itc.1;
        Sun, 08 Apr 2018 10:43:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=DKNwcsvuPaZ9Oq/60QN58PNDcjTQOfulYq8Gyo4Hgh4=;
        b=NY3Swd4gzuMGXYvXp5aJw3D75hKnj9gkZbsvHBqr/Fp4CE3uQUM1Sev7ozKIjF6Wmo
         lmo7YcVSOfvePu2JqmP7X4OK05Xul7bTGY90v7/ify33WFA7AIsA3XfxG7YycnzAP5a6
         LpirPdNE6wic1jA3nkeyrZqBA+rCwTliPH9LJnpalSDuGrbuavoCsDTz4gLES8YGSLHU
         zexduoU/8DERQxdl4178iRxH/ay+zVzY6MgzFu3c1VFppIfisVm3ZAzIQnn1e/x5NZKu
         eNBA6TGyHZaj7Jn0qP0oJ9TMO1kotyMAZNGBOX9lJ0AOLdU3VrO39XX6rzOSr5GX981B
         R19g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=DKNwcsvuPaZ9Oq/60QN58PNDcjTQOfulYq8Gyo4Hgh4=;
        b=OPUG8tVjBdDMT55B1la/Dgviia8EPM9htomrkHA3MWH7YEqaTg6On6kF9XRjql0/ku
         zHcpc8GQPoe2WOSnOI2sAeZnxxBr0c1z0nxd2dHx1OwcS74v2lMGxGMfUd6/JZcVgPEp
         jJc7QTrPjGD9Dxg0Fep1RWM0oiEUkJAivT3dvUmxuiwSVE/fYoHFFq9SxNUJqhLEgtwx
         emKwCVcGs1NNIBuoX1NbYlmJpO7W4nhk8upP8bGdE1MkynN6VnWFWw5eD8tv7+oSMguV
         T3pH/qsymfefpwJzMRuZNFhHcWxrbKTgvcbWGqH/ufgWoSnI3aS9z+yO4O4/GGBKr4qs
         aw0Q==
X-Gm-Message-State: AElRT7E9NPQpNIRLs3lPoKLwJ7cb8gl1XZt94/fhUV4C/XRInrEIvgl1
        Zst77S4hcuqXhecw/wNrlRd0z+7nV4qbG3rO8vQ=
X-Received: by 2002:a24:60b:: with SMTP id 11-v6mr27657689itv.45.1523209382194;
 Sun, 08 Apr 2018 10:43:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.192.227.6 with HTTP; Sun, 8 Apr 2018 10:43:01 -0700 (PDT)
In-Reply-To: <1523196560.6192.3.camel@btinternet.com>
References: <CAHC9VhQExmdXutVEhysGzf95CDzO_0sXFWQqndeeuChQ=0xbmA@mail.gmail.com>
 <CA+55aFzzxfAL+Khed9nc-RzB2P3FxrCgr6Whmh_bYondTQvO6A@mail.gmail.com>
 <1523120055.31267.13.camel@btinternet.com> <CA+55aFxo4Z3S7qG66esSL_qxg5jwzcFgZpYR0gRpto4Z_yghTQ@mail.gmail.com>
 <162a54f1470.2781.85c95baa4474aabc7814e68940a78392@paul-moore.com> <1523196560.6192.3.camel@btinternet.com>
From:   Xin Long <lucien.xin@gmail.com>
Date:   Mon, 9 Apr 2018 01:43:01 +0800
Message-ID: <CADvbK_eFNkA5uJ36sBEFxWnWXLOPwKyvgUuTHJG96g0zxOwPLg@mail.gmail.com>
Subject: Re: [GIT PULL] SELinux patches for v4.17
To:     Richard Haines <richard_c_haines@btinternet.com>
Cc:     Paul Moore <paul@paul-moore.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        selinux@tycho.nsa.gov,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Apr 8, 2018 at 10:09 PM, Richard Haines
<richard_c_haines@btinternet.com> wrote:
> On Sun, 2018-04-08 at 08:50 -0400, Paul Moore wrote:
>> On April 7, 2018 1:03:57 PM Linus Torvalds <torvalds@linux-foundation
>> .org> wrote:
>> On Sat, Apr 7, 2018 at 9:54 AM, Richard Haines
>> <richard_c_haines@btinternet.com> wrote:
>>
>> So please check my resolution, but also somebody should tell me
>> "Linus, you're a cretin, sctp_connect() doesn't want that
>> security_sctp_bind_connect() at all because it was already done by
>> XYZ"
>>
>> sctp_connect() or __sctp_connect() do not need to call
>> security_sctp_bind_connect(). This is because the connect(2) call
>> will
>> handle the checks required via security_socket_connect():
>>
>> Ok, thanks, that's exactly what I wanted to get.
>>
>> Anyway, somebody should still verify that it all looks good in my
>> tree, but I don't actually expect the merge to have had any issues
>> even if the refactoring made it a bit more complex than most merges
>> are.
>>
>> Thanks for the quick response Richard.
>>
>> Xin Long looked it over and gave it the thumbs up, I'll take a look
>> too, but to be honest I trust his SCTP understanding much more than
>> mine.  I also do weekly tests of each rcX release at a minimum so if
>> something odd pops up I'll make sure you get a fix.
>>
>> Thanks again everyone.
>
> I built the kernel this morning and sorry to spoil the party, but I've
> run into a problem with lksctp-tools when running the func_tests:
>
> make v6test
> ..
> ..
> ./test_timetolive_v6
> test_timetolive.c  0 INFO : Creating fillmsg of size 3087
> test_timetolive.c  1 PASS : Send a message with timeout
> test_timetolive.c  2 PASS : Send a message with no timeout
> test_timetolive.c  3 PASS : Send a fragmented message with timeout
> test_timetolive.c  0 INFO :  **  SLEEPING for 3 seconds **
> test_timetolive.c  4 BROK : Got a datamsg of unexpected length:23,
> expected length:27
> DUMP_CORE sctputil.c: 247
> /bin/sh: line 1: 30981 Segmentation fault      (core dumped) ./$a
> test_timetolive_v6 fails
>
> make v4 test fails the same way. I'm using lksctp-tools from [1]. I
> have not investigated the cause yet as just found this and thought I
> should flag first just in case someone has the answer !!!
test_timetolive(_v6) works for me, In lksctp-tools/src/func_tests, I had
another case failed,./test_1_to_1_events,  it's caused by:
commit 30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b
Author: Xin Long <lucien.xin@gmail.com>
Date:   Wed Mar 14 19:05:34 2018 +0800

    sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT

It's not kernel's issue, after that commit, ./test_1_to_1_events should
have been improved. or avoid it by 'sysctl -w net.sctp.auth_enable=1'

I'm not sure why test_timetolive(_v6) is not working in your env.

>
> On the bright side, I've run the sctp-tests from [2] with no problems
> and also the selinux-testsuite with my SCTP patch from [3] using an
> updated Fedora policy from [4] (with sctp support added), all in
> enforcing mode.
>
> Also the LTP test passed:
> cd /opt/ltp/
> cat runtest/syscalls |grep connect01>runtest/connect-syscall
> ./runltp -pq -f connect-syscall
> ....
>
> [1] https://github.com/sctp/lksctp-tools
> [2] https://github.com/sctp/sctp-tests
> [3] https://marc.info/?l=selinux&m=152156947715709&w=2
> [4] https://github.com/fedora-selinux/selinux-policy
>
>
>>
>> --
>> paul moore
>> www.paul-moore.com
>>
>>
>>