From: Stephen Smalley <sds@tycho.nsa.gov>
To: Paul Moore <paul@paul-moore.com>, Ondrej Mosnacek <omosnace@redhat.com>
Cc: Jeff Vander Stoep <jeffv@google.com>,
SElinux list <selinux@vger.kernel.org>,
Will Deacon <will@kernel.org>,
"Paul E. McKenney" <paulmck@kernel.org>,
rcu@vger.kernel.org, Jovana Knezevic <jovanak@google.com>
Subject: Re: [PATCH v9] selinux: sidtab: reverse lookup hash table
Date: Thu, 5 Dec 2019 13:10:18 -0500 [thread overview]
Message-ID: <8257410c-025a-7250-fa78-944289e378bd@tycho.nsa.gov> (raw)
In-Reply-To: <CAHC9VhR+hYnLoMkAPuRNJygk+dOoNyhooNuz3Ma=F07b9gh=rA@mail.gmail.com>
On 12/5/19 12:41 PM, Paul Moore wrote:
> On Thu, Dec 5, 2019 at 9:08 AM Paul Moore <paul@paul-moore.com> wrote:
>> Thanks for the double check. Unfortunately my kernel build locks my
>> test VM in early boot; it appears to be non-SELinux related and since
>> the test build is based on selinux/next+patches (which is based off
>> v5.4-rc1) I imagine there might be some unrelated problems in the
>> build. I'm going to rebase my test build to Linus' current and try
>> this again.
>
> Hmm. I haven't done any debugging yet, but the BPF tests are failing
> (they pass with kernel-5.5.0-0.rc0.git5.1.2.secnext.fc32.x86_64):
>
> 1..15
> ok 1
> Failed to load BPF prog: Invalid argument
> not ok 2
> # Failed test at ./test line 68.
> Failed to create BPF map: Permission denied
> ok 3
> Failed to create BPF map: Permission denied
> ok 4
> Failed to create BPF map: Permission denied
> ok 5
> Failed to load BPF prog: Permission denied
> ok 6
> Failed to load BPF prog: Invalid argument
> ok 7
> client: Using a BPF map fd
> client: Connected to server via ./test_sock
> server: Accepted a connection, receiving message
> client: Sent descriptor, waiting for reply
> server: Received a descriptor, fd=5, sending back 0
> client: Received reply, code=0
> client: ...This implies the descriptor was received
> ok 8
> Failed to load BPF prog: Invalid argument
> client: Using a BPF prog fd
> client: Connected to server via ./test_sock
> sendmsg: Bad file descriptor
> server: Accepted a connection, receiving message
> server: Received no descriptor, sending back 1
> not ok 9
> # Failed test at ./test line 118.
> Failed to load BPF prog: Invalid argument
> client: Using a BPF prog fd
> connect: Connection refused
> ok 10
> client: Using a BPF map fd
> connect: Connection refused
> ok 11
> ok 12
> Client request_service_provider_fd() failing command BR_FAILED_REPLY, exiting.
> ok 13
> ok 14
> Failed to load BPF prog: Invalid argument
> Client request_service_provider_fd() failing command BR_FAILED_REPLY, exiting.
> ok 15
> # Looks like you failed 2 tests of 15.
They all pass for me (with your next-queue branch, using the
selinux-testsuite defconfig fragment merged with the Fedora config).
The error above doesn't look SELinux-related; it looks like your kernel
is rejecting the trivial bpf program used in the test code as being
invalid for some reason.
next prev parent reply other threads:[~2019-12-05 18:10 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-22 9:33 [PATCH v9] selinux: sidtab: reverse lookup hash table Jeff Vander Stoep
2019-11-22 14:21 ` Stephen Smalley
2019-12-03 0:32 ` Paul Moore
2019-12-04 9:11 ` Ondrej Mosnacek
2019-12-04 15:48 ` Stephen Smalley
2019-12-04 23:52 ` Paul Moore
2019-12-05 11:48 ` Ondrej Mosnacek
2019-12-05 14:08 ` Paul Moore
2019-12-05 17:41 ` Paul Moore
2019-12-05 18:10 ` Stephen Smalley [this message]
2019-12-05 18:14 ` Paul Moore
2019-12-06 0:50 ` Paul Moore
2019-12-06 13:45 ` Stephen Smalley
2019-12-06 15:08 ` Paul Moore
2019-12-09 21:17 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8257410c-025a-7250-fa78-944289e378bd@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=jeffv@google.com \
--cc=jovanak@google.com \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=paulmck@kernel.org \
--cc=rcu@vger.kernel.org \
--cc=selinux@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).