Re: [PATCH v9] selinux: sidtab: reverse lookup hash table

From: Stephen Smalley <sds@tycho.nsa.gov>
To: Paul Moore <paul@paul-moore.com>
Cc: Ondrej Mosnacek <omosnace@redhat.com>,
	Jeff Vander Stoep <jeffv@google.com>,
	SElinux list <selinux@vger.kernel.org>,
	Will Deacon <will@kernel.org>,
	"Paul E. McKenney" <paulmck@kernel.org>,
	rcu@vger.kernel.org, Jovana Knezevic <jovanak@google.com>
Subject: Re: [PATCH v9] selinux: sidtab: reverse lookup hash table
Date: Fri, 6 Dec 2019 08:45:07 -0500	[thread overview]
Message-ID: <4257992a-e4d8-eff4-3421-61da3376d930@tycho.nsa.gov> (raw)
In-Reply-To: <CAHC9VhQOb5skqQofnrESFuAqfRE1+xq9OD48JcYzq77v0XJsog@mail.gmail.com>

On 12/5/19 7:50 PM, Paul Moore wrote:
> On Thu, Dec 5, 2019 at 1:14 PM Paul Moore <paul@paul-moore.com> wrote:
>> On Thu, Dec 5, 2019 at 1:10 PM Stephen Smalley <sds@tycho.nsa.gov> wrote:
>>> On 12/5/19 12:41 PM, Paul Moore wrote:
>>>> Hmm.  I haven't done any debugging yet, but the BPF tests are failing
>>>> (they pass with kernel-5.5.0-0.rc0.git5.1.2.secnext.fc32.x86_64):
> 
> ...
> 
>>> They all pass for me (with your next-queue branch, using the
>>> selinux-testsuite defconfig fragment merged with the Fedora config).
>>
>> Oh goodie, I'm special :/
>>
>> FWIW, my current test kernel is the next-queue branch rebased on top
>> of Linus' current tree, using the latest config from the secnext
>> kernel builds (Fedora Rawhide + stuff for the test suite).
>>
>>> The error above doesn't look SELinux-related; it looks like your kernel
>>> is rejecting the trivial bpf program used in the test code as being
>>> invalid for some reason.
>>
>> That's where I'm at as well, I'm building an instrumented kernel right
>> now to try and track down the source.  I'm sure it is something silly
>> like a messed up kernel config or something, but I'd like to
>> understand *why*.
> 
> I traced the "./bpf_test -p" failure down to a BTF check in the BPF
> verifier, there is a comment in that code block which helpfully reads:
> "Either gcc or pahole or kernel are broken.".
> 
>   :/
> 
> The relevant commit is 8580ac9404f6 ("bpf: Process in-kernel BTF"),
> and it appears to be new for v5.5; it isn't present in selinux/next or
> selinux/next-queue.  Recompiling with CONFIG_DEBUG_INFO_BTF disabled
> does allow "./bpf_test -p" to succeed, but I hit other BPF test
> failures further along.  For reasons I don't understand, the secnext
> kernel builds (which should have this code, and have
> CONFIG_DEBUG_INFO_BTF enabled) are not hitting this problem, but that
> may be due to differences in the build tools on the two systems
> (although they *should* be the same).
> 
> Given that we haven't hit -rc1 yet, and everyone else's builds are
> working just fine, I'm going to leave this alone for now.  Whatever
> the problems may be, they definitely don't appear to be SELinux
> related.

I re-based next-queue on top of -linus, enabled CONFIG_DEBUG_INFO_BTF, 
rebuilt and booted new kernel, did a git clean -fdx in the 
selinux-testsuite directory, and built/ran the testsuite; bpf tests 
still passed for me.  This was on F31.