Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp285244pxb; Wed, 15 Sep 2021 01:53:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw6+NQB9q8YGFODFO/2rp3tQnGfQJrCIO8GJ9JbwgsAGL1OBRFmbj11B4SSgRMmGTzoP2no X-Received: by 2002:a6b:8f4e:: with SMTP id r75mr17784758iod.172.1631695991530; Wed, 15 Sep 2021 01:53:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631695991; cv=none; d=google.com; s=arc-20160816; b=zS6L333dZ9uQScTMymHbbFxpCDZ6GLfuHt8Ot/ZGaJY5d2wEaI8wfb+NxeTOyAjr9e bLwbTnuWctZNZRjsTeKmdgtUIIjXTRPLgWQBPG2znzyfM4o3istYJvlbPY6P3OTBJwnp ehGHQWYVyd0XgRRHjcWQZk0lPRurF8VMfP3x7kLSs+btBSG4vwmX8QaY1/xTCEbbE93d ArDtN7Wzu64tfGops+n82pDjfV1iO6GQxXi8jou/BNZ8L7nWB6bjvYU1JkdJ0HmK6zur RgRQq8Rid2kzOiNosYFl8v006RZHanwwxUCHYUtBJ6gBN9t97tn1QujBEHzkHZlFDMUy u7+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=rlnwzsi9QVSumT6dd6PvPFjNH/J47GAdR68eaDlXqx8=; b=ydU3fdb9KAFZd+rQwGFq786Jo7k9nbb/CL/oUjOv9nYA9MSBrIT1qXXrvMxDizfAk0 +lqlCHCd55741KL4igQQLCnwas7N6QRMQQ3Jv176PlR3TNTLPv1e24gDu+DgkFSwPgbN o59z8HyWmy8K0McImeH85KEOxjuTQlUjct+lI4/aMhH7NXF6jRFi2ib/HBW1jA/2vhpn 11lhVWp1DF2WECai9NyfqDO68ogVtYALg75cxCoL+pZ12xisGNKHi+SA+1KnqMl77Pyz RtoLKk2fYox5xGyoHph3RdENG+eR78yI3znwFkodEUY+byB5u1PhqgnQ6BvfBZavu8qR tKsQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n16si15950167jan.32.2021.09.15.01.52.59; Wed, 15 Sep 2021 01:53:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232975AbhIOIxQ (ORCPT + 99 others); Wed, 15 Sep 2021 04:53:16 -0400 Received: from a.mx.secunet.com ([62.96.220.36]:53638 "EHLO a.mx.secunet.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229464AbhIOIxQ (ORCPT ); Wed, 15 Sep 2021 04:53:16 -0400 Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 47BED20270; Wed, 15 Sep 2021 10:51:55 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ga3avR8Rp5gE; Wed, 15 Sep 2021 10:51:54 +0200 (CEST) Received: from mailout1.secunet.com (mailout1.secunet.com [62.96.220.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 739D22019C; Wed, 15 Sep 2021 10:51:54 +0200 (CEST) Received: from cas-essen-02.secunet.de (unknown [10.53.40.202]) by mailout1.secunet.com (Postfix) with ESMTP id 6CF8C80004A; Wed, 15 Sep 2021 10:51:54 +0200 (CEST) Received: from mbx-essen-01.secunet.de (10.53.40.197) by cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.14; Wed, 15 Sep 2021 10:51:54 +0200 Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-01.secunet.de (10.53.40.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.14; Wed, 15 Sep 2021 10:51:54 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id B2F94318016B; Wed, 15 Sep 2021 10:51:53 +0200 (CEST) Date: Wed, 15 Sep 2021 10:51:53 +0200 From: Steffen Klassert To: Eugene Syromiatnikov CC: Herbert Xu , "David S. Miller" , Antony Antony , "Christian Langrock" , Nicolas Dichtel , , Paul Moore , Stephen Smalley , "Eric Paris" , , , "Dmitry V. Levin" , Subject: Re: [PATCH v2] include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage Message-ID: <20210915085153.GB36125@gauss3.secunet.de> References: <20210912122234.GA22469@asgard.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20210912122234.GA22469@asgard.redhat.com> X-ClientProxiedBy: cas-essen-01.secunet.de (10.53.40.201) To mbx-essen-01.secunet.de (10.53.40.197) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Sep 12, 2021 at 02:22:34PM +0200, Eugene Syromiatnikov wrote: > Commit 2d151d39073a ("xfrm: Add possibility to set the default to block > if we have no policy") broke ABI by changing the value of the XFRM_MSG_MAPPING > enum item, thus also evading the build-time check > in security/selinux/nlmsgtab.c:selinux_nlmsg_lookup for presence of proper > security permission checks in nlmsg_xfrm_perms. Fix it by placing > XFRM_MSG_SETDEFAULT/XFRM_MSG_GETDEFAULT to the end of the enum, right before > __XFRM_MSG_MAX, and updating the nlmsg_xfrm_perms accordingly. > > Fixes: 2d151d39073a ("xfrm: Add possibility to set the default to block if we have no policy") > References: https://lore.kernel.org/netdev/20210901151402.GA2557@altlinux.org/ > Signed-off-by: Eugene Syromiatnikov Applied, thanks a lot Eugene!