Received: by 10.213.65.68 with SMTP id h4csp2213777imn; Sun, 8 Apr 2018 22:41:28 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+OrhM1Rqdbr4wwCaGqBNeIzgpo7BXFDdzZ8KXGdIR4YkHUTR0mJ9S7rVf2lRMyr+arjeb+ X-Received: by 10.99.132.72 with SMTP id k69mr24133947pgd.367.1523252488859; Sun, 08 Apr 2018 22:41:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523252488; cv=none; d=google.com; s=arc-20160816; b=HiZUpNVoOhM6UsKkXXamXTlYInOZ27Fmafqb6RKrvE1xo3tW0e7HVyUr2EK0Tmsudx XDV94D+sJsIQgSRNy3+IWXuG/c1NhPfME34fv7ZhyBsKRdRi4AA8sL0lVpdcb3OTD5gd vxlhLPAngqW/7Mci1JG5J+GyWMUcz6ztdk9M+a5cT0i0pHKFbpPrVy/BgT7VKb+QZBc8 27c0G+rnFZlh8M1mWomv7e+JdYUWtFHud0vQyfHWOmqOy3As5b2ZJDtlSkRKBZ0whkSa rTuEMYsKjGSqX+thxc4Zcux5NbRNrQr4ZnA85BH2w0wyysts3ix/0lG+Sg0rBHTJF2Ts 1yOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=1k2DAQuv53/7NondQSBskZArvEySsEVB+3sAL92w4rU=; b=zDzZ9nB25/NuUQH46iF8qSNfoA+XhBOKzQ960zcWaZb9/43ET1M+X0kWvTXi1qh3hH NWUgi3NfPeZAt4QgT9Cc1vBce5Th0cGmtBEf0YXVSv4+U9RG7fYYY6j9QyZ5g9tslxui 2gfHYq92+24UOssmh+NTHhH2KmGccBFwXrwOYttQKH/+F6uyPZFjJLaIR1PNUqne/mDd TfDk7K18P2sT1nm9he7R72iGK5e3TpBiGmMy+hCr8fnC+l7AzQLhFxKJIXaOrj1gRV8w q8E5uTY5BvhVHPEWIVPt+O1KI11nQA9WgDzLzA2RQUAStu/2dseN6HTORB2B9LdLJxr4 i4dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=na+LChJk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r29si10620529pgn.386.2018.04.08.22.40.51; Sun, 08 Apr 2018 22:41:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=na+LChJk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752486AbeDIFbI (ORCPT + 99 others); Mon, 9 Apr 2018 01:31:08 -0400 Received: from mail-it0-f53.google.com ([209.85.214.53]:54130 "EHLO mail-it0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751549AbeDIFbH (ORCPT ); Mon, 9 Apr 2018 01:31:07 -0400 Received: by mail-it0-f53.google.com with SMTP id m134-v6so9268751itb.3; Sun, 08 Apr 2018 22:31:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1k2DAQuv53/7NondQSBskZArvEySsEVB+3sAL92w4rU=; b=na+LChJkEZQXteUwvRc7Ln7emCLCu21Pak82AL31KuAatVTygkqPn66SicxINwN/wK WYNdq1g7ULi8OthQ+GuIJzbjhiUgWf+eQtVTYOHjGbawvnJwch/o8yIjsZmI81Q1aqRe BbarBC/FAlJ2sK2w62XdgbpFozxn5WTB/qdggFQkLWMMyc4APrHpyUxhkPhRjyZjv4tY MXOv00aU0IdhYFQabtrvqKum/avX/R/ybNGoIwWy3Cjea0cwAlWcTNhNxsW7N3mEUeSr Wd/cmobgwNe/+7/7PXj8yfjvtoqSMKsR3+d3Kv/n0qMp3FwWrKvSFZepF9+Yc0jalhxn Ixyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1k2DAQuv53/7NondQSBskZArvEySsEVB+3sAL92w4rU=; b=ryUPdQPjGy+2f8Kqui7HB74aSdgDtW1WuoF5votfn2vxR5JM5jd6DxfQOtP8oGxv7W 05mvxReDLlbgbxrHybk9AokicgIADacqwELkNYekIfAsu4NpZLIQUezLSqS84u4vNOxk xj4kz1bmLncKe/V9DUuy9izENnx59rDMLkIblbsLNWyM2rafJrOWEbYE+M5AzBymT+Px NwyhIedu9EKGAX6Bmw0FTxPy02xbKXWN28JnFvnvGBFIBqOuxVu3K9GEh+sQIX41z0+n K66VJ8NkBefnGpE2W3cUhKoLMTcoWwU32rGPIsya1pr2BQAPnqyGQsEr73VBjNvVD6zw WNwA== X-Gm-Message-State: AElRT7FQ+ngvkxYOLpqCARPF1kPtwR9BcBuLLxL1wFrRRt8CVfIRWGKT 7ShRDWWiHsq616uDqoi2ZoCewgKchWs1bTRTf14= X-Received: by 2002:a24:4505:: with SMTP id y5-v6mr25819458ita.5.1523251866210; Sun, 08 Apr 2018 22:31:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.192.227.6 with HTTP; Sun, 8 Apr 2018 22:31:05 -0700 (PDT) In-Reply-To: <1523227451.5003.1.camel@btinternet.com> References: <1523120055.31267.13.camel@btinternet.com> <162a54f1470.2781.85c95baa4474aabc7814e68940a78392@paul-moore.com> <1523196560.6192.3.camel@btinternet.com> <1523213955.3552.9.camel@btinternet.com> <1523227451.5003.1.camel@btinternet.com> From: Xin Long Date: Mon, 9 Apr 2018 13:31:05 +0800 Message-ID: Subject: Re: [GIT PULL] SELinux patches for v4.17 To: Richard Haines Cc: LSM List , Linus Torvalds , selinux@tycho.nsa.gov, Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 9, 2018 at 6:44 AM, Richard Haines wrote: > On Sun, 2018-04-08 at 19:59 +0100, Richard Haines via Selinux wrote: >> On Mon, 2018-04-09 at 01:43 +0800, Xin Long wrote: >> > On Sun, Apr 8, 2018 at 10:09 PM, Richard Haines >> > wrote: >> > > On Sun, 2018-04-08 at 08:50 -0400, Paul Moore wrote: >> > > > On April 7, 2018 1:03:57 PM Linus Torvalds > > > > da >> > > > tion >> > > > .org> wrote: >> > > > On Sat, Apr 7, 2018 at 9:54 AM, Richard Haines >> > > > wrote: >> > > > >> > > > So please check my resolution, but also somebody should tell me >> > > > "Linus, you're a cretin, sctp_connect() doesn't want that >> > > > security_sctp_bind_connect() at all because it was already done >> > > > by >> > > > XYZ" >> > > > >> > > > sctp_connect() or __sctp_connect() do not need to call >> > > > security_sctp_bind_connect(). This is because the connect(2) >> > > > call >> > > > will >> > > > handle the checks required via security_socket_connect(): >> > > > >> > > > Ok, thanks, that's exactly what I wanted to get. >> > > > >> > > > Anyway, somebody should still verify that it all looks good in >> > > > my >> > > > tree, but I don't actually expect the merge to have had any >> > > > issues >> > > > even if the refactoring made it a bit more complex than most >> > > > merges >> > > > are. >> > > > >> > > > Thanks for the quick response Richard. >> > > > >> > > > Xin Long looked it over and gave it the thumbs up, I'll take a >> > > > look >> > > > too, but to be honest I trust his SCTP understanding much more >> > > > than >> > > > mine. I also do weekly tests of each rcX release at a minimum >> > > > so >> > > > if >> > > > something odd pops up I'll make sure you get a fix. >> > > > >> > > > Thanks again everyone. >> > > >> > > I built the kernel this morning and sorry to spoil the party, but >> > > I've >> > > run into a problem with lksctp-tools when running the func_tests: >> > > >> > > make v6test >> > > .. >> > > .. >> > > ./test_timetolive_v6 >> > > test_timetolive.c 0 INFO : Creating fillmsg of size 3087 >> > > test_timetolive.c 1 PASS : Send a message with timeout >> > > test_timetolive.c 2 PASS : Send a message with no timeout >> > > test_timetolive.c 3 PASS : Send a fragmented message with >> > > timeout >> > > test_timetolive.c 0 INFO : ** SLEEPING for 3 seconds ** >> > > test_timetolive.c 4 BROK : Got a datamsg of unexpected >> > > length:23, >> > > expected length:27 >> > > DUMP_CORE sctputil.c: 247 >> > > /bin/sh: line 1: 30981 Segmentation fault (core dumped) ./$a >> > > test_timetolive_v6 fails >> > > >> > > make v4 test fails the same way. I'm using lksctp-tools from [1]. >> > > I >> > > have not investigated the cause yet as just found this and >> > > thought >> > > I >> > > should flag first just in case someone has the answer !!! >> > >> > test_timetolive(_v6) works for me, In lksctp-tools/src/func_tests, >> > I >> > had >> > another case failed,./test_1_to_1_events, it's caused by: >> > commit 30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b >> > Author: Xin Long >> > Date: Wed Mar 14 19:05:34 2018 +0800 >> > >> > sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT >> > >> > It's not kernel's issue, after that commit, ./test_1_to_1_events >> > should >> > have been improved. or avoid it by 'sysctl -w >> > net.sctp.auth_enable=1' >> > >> > I'm not sure why test_timetolive(_v6) is not working in your env. >> >> It appears to depend on the run sequence of the tests. I rebooted the >> system, ran test_timetolive_v6, it worked okay. >> Ran "sctp-tests run" on a terminal, then ran test_timetolive_v6 at >> various intervals on another terminal. Once sctp-tests started the >> "=== >> ndatasched ===" sequence, test_timetolive_v6 failed. > > 1) When SCTP is initialised /proc/sys/net/sctp/prsctp_enable = 1 > 2) When sctp-tests/testcase/regression/extoverflow/test.sh is executed, > on exit it sets prsctp_enable = 0. This seems to be causing the issue > I'm seeing. I can now simulate the problem: > > Running from fresh boot: > checksctp > cat /proc/sys/net/sctp/prsctp_enable > 1 > ./test_timetolive_v6 > passes > echo 0 > /proc/sys/net/sctp/prsctp_enable > ./test_timetolive_v6 > fails > echo 1 > /proc/sys/net/sctp/prsctp_enable > ./test_timetolive_v6 > passes I see ... commit 8ae808eb853e3789b81b8a502cdf22bb01b76880 Author: Xin Long Date: Sat Oct 8 11:40:16 2016 +0800 sctp: remove the old ttl expires policy ttl expire is considered as one of the prsctp policies after this commit, so prsctp_enable is required. I will think to update this test case in lksctp-tools. Thanks for the reproducer.