Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp797278ybb;
        Sat, 28 Mar 2020 10:19:21 -0700 (PDT)
X-Google-Smtp-Source: ADFU+vtwShSlJ7pcrV41F0mcI7JlqljHB2HMWQJkwlOE7wbZDmIgtWtc+me+YOB41IrkPR0xSU7c
X-Received: by 2002:a05:6830:314e:: with SMTP id c14mr3447446ots.7.1585415961564;
        Sat, 28 Mar 2020 10:19:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1585415961; cv=none;
        d=google.com; s=arc-20160816;
        b=Njrn98bTR5wd3yAkedoifKTJtcVLjIZbUqZYgja5RpSYrcuuschWOc8zPQNgaCJa4j
         WnBfMCEpbXqUHE6C5ygoSatWRDn1h94xVL31I3k1jvY/1SAjRoRF+pQEvIxkneF/IZvk
         W5nlMq2Z2JP4Z8idVaLeaK5uvcH0ZAAmIRJSZbyI2XW0jzp8JwLTESdRX3MU8uf5iV4G
         1mf2n8qXHwQtZi5JEba7wG4rAdtSeGlMpETNEmkyTEQ2Utdki2++imeytaS/Yd96+jXg
         CnIV517DpdZTDU1YWLBCxUcKwLqv4PKUd2WnpXct/PwhkfwZq2940yZkV37rr59Y613b
         cU9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject;
        bh=66t3TsXgWIXa9RouHxGD+MJ2oAZny8ZmM8U4Fjyqe/Y=;
        b=vXjbZ9uMq/JGNYDbwKZgeSda5dDdF+jYvkezN31VvidRiJ71e33nVtKRiKw8aFDyqu
         t1B42GqCrWQ7s+3TxmB3Fubfnt8QndXD3UuyBwvkliSp54NRbqmJbZJOUC5RUe+XNPoB
         GvwiOtKfoedPzrJep9Fx6VElU+iTT7sIKWzvajyfkZe9QyV6pTFh8c5XonR35lR+K6Mw
         UUtE2ZlBawgF8+NJ7GOHDc3Op1wmQ0ja7ll4e+yi2OwUasgaCrIG6o7Xfnj/qVBJcKfK
         7tDA+AmTdvqfV+lkE5SIEPJFxZkFIfUHYvuHXVMIW+T2TnCokrPNzo+LXxQqNamLKyce
         R4Yg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z25si3887336otp.310.2020.03.28.10.19.07;
        Sat, 28 Mar 2020 10:19:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726415AbgC1RSo (ORCPT
        <rfc822;ArcheFireLinuxKernelMain@gmail.com> + 99 others);
        Sat, 28 Mar 2020 13:18:44 -0400
Received: from www62.your-server.de ([213.133.104.62]:59694 "EHLO
        www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725807AbgC1RSo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 28 Mar 2020 13:18:44 -0400
Received: from sslproxy01.your-server.de ([78.46.139.224])
        by www62.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
        (Exim 4.89_1)
        (envelope-from <daniel@iogearbox.net>)
        id 1jIF6V-0003Gg-PG; Sat, 28 Mar 2020 18:18:39 +0100
Received: from [178.195.186.98] (helo=pc-9.home)
        by sslproxy01.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256)
        (Exim 4.92)
        (envelope-from <daniel@iogearbox.net>)
        id 1jIF6V-000AXW-CO; Sat, 28 Mar 2020 18:18:39 +0100
Subject: Re: [PATCH bpf-next v8 0/8] MAC and Audit policy using eBPF (KRSI)
To:     KP Singh <kpsingh@chromium.org>, linux-kernel@vger.kernel.org,
        bpf@vger.kernel.org, linux-security-module@vger.kernel.org
Cc:     Alexei Starovoitov <ast@kernel.org>,
        James Morris <jmorris@namei.org>,
        Kees Cook <keescook@chromium.org>,
        Paul Turner <pjt@google.com>, Jann Horn <jannh@google.com>,
        Florent Revest <revest@chromium.org>,
        Brendan Jackman <jackmanb@chromium.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
References: <20200327192854.31150-1-kpsingh@chromium.org>
From:   Daniel Borkmann <daniel@iogearbox.net>
Message-ID: <4e5a09bb-04c4-39b8-10d4-59496ffb5eee@iogearbox.net>
Date:   Sat, 28 Mar 2020 18:18:38 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <20200327192854.31150-1-kpsingh@chromium.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: daniel@iogearbox.net
X-Virus-Scanned: Clear (ClamAV 0.102.2/25765/Sat Mar 28 14:16:42 2020)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hey KP,

On 3/27/20 8:28 PM, KP Singh wrote:
> From: KP Singh <kpsingh@google.com>
> 
> # v7 -> v8
> 
>    https://lore.kernel.org/bpf/20200326142823.26277-1-kpsingh@chromium.org/
> 
> * Removed CAP_MAC_ADMIN check from bpf_lsm_verify_prog. LSMs can add it
>    in their own bpf_prog hook. This can be revisited as a separate patch.
> * Added Andrii and James' Ack/Review tags.
> * Fixed an indentation issue and missing newlines in selftest error
>    a cases.
> * Updated a comment as suggested by Alexei.
> * Updated the documentation to use the newer libbpf API and some other
>    fixes.
> * Rebase
> 
> # v6 -> v7
> 
>    https://lore.kernel.org/bpf/20200325152629.6904-1-kpsingh@chromium.org/
> 
[...]
> KP Singh (8):
>    bpf: Introduce BPF_PROG_TYPE_LSM
>    security: Refactor declaration of LSM hooks
>    bpf: lsm: provide attachment points for BPF LSM programs
>    bpf: lsm: Implement attach, detach and execution
>    bpf: lsm: Initialize the BPF LSM hooks
>    tools/libbpf: Add support for BPF_PROG_TYPE_LSM
>    bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM
>    bpf: lsm: Add Documentation

I was about to apply, but then I'm getting the following selftest issue on
the added LSM one, ptal:

# ./test_progs
[...]
#65/1 test_global_func1.o:OK
#65/2 test_global_func2.o:OK
#65/3 test_global_func3.o:OK
#65/4 test_global_func4.o:OK
#65/5 test_global_func5.o:OK
#65/6 test_global_func6.o:OK
#65/7 test_global_func7.o:OK
#65 test_global_funcs:OK
test_test_lsm:PASS:skel_load 0 nsec
test_test_lsm:PASS:attach 0 nsec
test_test_lsm:PASS:exec_cmd 0 nsec
test_test_lsm:FAIL:bprm_count bprm_count = 0
test_test_lsm:FAIL:heap_mprotect want errno=EPERM, got 22
#66 test_lsm:FAIL
test_test_overhead:PASS:obj_open_file 0 nsec
test_test_overhead:PASS:find_probe 0 nsec
test_test_overhead:PASS:find_probe 0 nsec
test_test_overhead:PASS:find_probe 0 nsec
test_test_overhead:PASS:find_probe 0 nsec
test_test_overhead:PASS:find_probe 0 nsec
Caught signal #11!
Stack trace:
./test_progs(crash_handler+0x31)[0x56100f25eb51]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12890)[0x7f9d8d225890]
/lib/x86_64-linux-gnu/libc.so.6(+0x18ef2d)[0x7f9d8cfb0f2d]
/lib/x86_64-linux-gnu/libc.so.6(__libc_calloc+0x372)[0x7f9d8cebc3a2]
/usr/local/lib/libelf.so.1(+0x33ce)[0x7f9d8d85a3ce]
/usr/local/lib/libelf.so.1(+0x3fb2)[0x7f9d8d85afb2]
./test_progs(btf__parse_elf+0x15d)[0x56100f27a141]
./test_progs(libbpf_find_kernel_btf+0x169)[0x56100f27ee83]
./test_progs(+0x43906)[0x56100f266906]
./test_progs(bpf_object__load_xattr+0xe5)[0x56100f26e93c]
./test_progs(bpf_object__load+0x47)[0x56100f26eafd]
./test_progs(test_test_overhead+0x252)[0x56100f24a922]
./test_progs(main+0x212)[0x56100f22f772]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x7f9d8ce43b97]
./test_progs(_start+0x2a)[0x56100f22f8fa]
Segmentation fault (core dumped)
#

(Before the series, it runs through fine on my side.)

Thanks,
Daniel