Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp255942pxb; Mon, 13 Sep 2021 18:31:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzU+uAm3KIoPuP7+kcOwjblPnxMhgakC6phmzHHqbjq/6jyhCY8arARC95XGItiZiw8qHHM X-Received: by 2002:a17:906:15cf:: with SMTP id l15mr15837114ejd.568.1631583103433; Mon, 13 Sep 2021 18:31:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631583103; cv=none; d=google.com; s=arc-20160816; b=rvKmRZnJpOZ9228Ye1MPvBpTvzRmTf6nkznhruc5oZQVh4wR43yR6M1Rt9ZSpuP0l3 7emMmyYOMwgQYvwoj12jBJMFBuqn7Ndvbu/FHGw6Y2S541bSdPdylRzcYqtnr2gkLclZ Jt0kpWScVXrjWPmQ6QA3K3aL9X8xFcGbHGMLcpx+IY1lFRhByxEDVJSzi+fe4X+ifvoa c5pdSqKYb+AiMNM506mWMGvcV59851d+GmdX1jNCeL7J/c0z0wqkWYzM6AWlzK4PZyvw K1K9BO6M1qP07Zj+aWWHEF30k5n/smYVl+UFPoNq8gMY8anZyubyQLhq8/Ksp4E/MC/l JmxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=kHteEWVAZLt0OaBtiwLU1pAl1Ek5T6z635cI8YpKSSI=; b=0hdfSrr29fi+Q25Qy/R2MLPza5XAX4nqsnQdU9WFIwIDLPp56fT/LluDIGPC7Avxan CpS0+nzSnxTOeLekoO+0tL5GHcZquDH00LdXddCiIDm+YhXPnY5P1iIVa+SyROFd3xFQ wB8gTfJPsK6bGuQUTcY4O3GLG1dAPq2z3KQlMqddVqFZLbWKk48Lz9HORqQkKfuLZF5I ar3Z7XJxSHXBDvqh4qwvtuy7GG6XERRKt94pePKJn8m80JQ1mzUvVGamZDVRZS9LZagg Htr4CavZsJDHEUxfTqium/bHTb/iSQ34oRFSmUHDx1VaGHAr2B2z84EQ/uv2+l56J4HR DRKw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=YJTK7efG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g8si5583199edr.256.2021.09.13.18.31.18; Mon, 13 Sep 2021 18:31:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=YJTK7efG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236406AbhIMXtX (ORCPT + 99 others); Mon, 13 Sep 2021 19:49:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33578 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229482AbhIMXtW (ORCPT ); Mon, 13 Sep 2021 19:49:22 -0400 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27214C061574 for ; Mon, 13 Sep 2021 16:48:06 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id c22so15486983edn.12 for ; Mon, 13 Sep 2021 16:48:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kHteEWVAZLt0OaBtiwLU1pAl1Ek5T6z635cI8YpKSSI=; b=YJTK7efG4Mtv3PAk/JgStkogskGHLYDKrcfP9BC2F+OS3HdrsyrPXxGn4a7OqCk9xH HJnf3f3PYl0utfAMttI/hepD0cH785+DFRDiyHvVJHcb9hl/s9oUOMlEQO0bx562kYkp gBdHDPvk4mcICm8Rv4dQiWWNWwlME3M7DmsJ4EeKK9KU//OxxPMIbzQtvq5azlwJBlPw jzbOQ2DUawDvWdnkb3KfucY9A7K17bxLOd/IZxnkl91rf1AcLion1a+fBY4H59QHFf7R WsmrYXCCm5XC73QpPJ1uFdT1CK8+8xMssJExjvuD1jPcX/EJuqeJFl+6Y3sCEo32yaHA hUjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kHteEWVAZLt0OaBtiwLU1pAl1Ek5T6z635cI8YpKSSI=; b=yySCUNWTjmTCo4enmuj3NAZ9zrkHqYzfYe9RJDU/VPq+V+ehNydplBR+O08tPa8SOH FKqNRFxZp6egtgGi1UvkLCi4GhVZgJEbIM885kQiniwHu4Pd9KA+myqjzxq8V7sjyrlJ zp5dDtAMbez575TafMVhHU9dsMF/26KcMQBzk7RyOLz/HE2RdaFuZ8y2hFW7kMazW54q PBCqCy+cAlfDOmUvT4tChgV6k03NB8G9VnQ6lKMc0ABlBIDpZxB2wMqF77FZ4EaT7DBy 4irtbnmPYy4OE9dYUKWtrHt/6ovxR1v1vggTiyiHsDh8rv0v4WIzIT56c+i4JZG3/O14 L9tg== X-Gm-Message-State: AOAM533n0idgsTwJfBBrmFW1qAHCeatvRPKxy5v8OKMGNjLFL4GI69Nf QC5w0wv6N9zylJjhsT3yafyjwEMdA4k9HqBDqrM9 X-Received: by 2002:a50:ab18:: with SMTP id s24mr9061810edc.88.1631576884555; Mon, 13 Sep 2021 16:48:04 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Paul Moore Date: Mon, 13 Sep 2021 19:47:53 -0400 Message-ID: Subject: Re: Regression in unix stream sockets with the Smack LSM To: Casey Schaufler Cc: Jiang Wang , Andrii Nakryiko , Jakub Sitnicki , John Fastabend , LKML , Linux Security Module list Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 13, 2021 at 6:53 PM Casey Schaufler wrote: > > Commit 77462de14a43f4d98dbd8de0f5743a4e02450b1d > > af_unix: Add read_sock for stream socket types > > introduced a regression in UDS socket connections for the Smack LSM. > I have not tracked done the details of why the change broke the code, > but this is where bisecting the kernel indicates the problem lies, and > I have verified that reverting this change repairs the problem. > > You can verify the problem with the Smack test suite: > > https://github.com/smack-team/smack-testsuite.git > > The failing test is tests/uds-access.sh. > > I have not looked to see if there's a similar problem with SELinux. > There may be, but if there isn't it doesn't matter, there's still a > bug. FWIW, the selinux-testsuite tests ran clean today with v5.15-rc1 (it looks like this code is only in v5.15) but as Casey said, a regression is a regression. Casey, what actually fails on the Smack system with this commit? -- paul moore www.paul-moore.com