Re: [GIT PULL] SELinux patches for v4.17

From: Richard Haines
Date: Sun Apr 08 2018 - 18:44:28 EST

Next message: Theodore Y. Ts'o: "Re: [PATCH] crypto: DRBG - guard uninstantion by lock"
Previous message: Eric Biggers: "Re: WARNING in binder_send_failed_reply"
In reply to: Richard Haines: "Re: [GIT PULL] SELinux patches for v4.17"
Next in thread: Xin Long: "Re: [GIT PULL] SELinux patches for v4.17"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2018-04-08 at 19:59 +0100, Richard Haines via Selinux wrote:
> On Mon, 2018-04-09 at 01:43 +0800, Xin Long wrote:
> > On Sun, Apr 8, 2018 at 10:09 PM, Richard Haines
> > <richard_c_haines@xxxxxxxxxxxxxx> wrote:
> > > On Sun, 2018-04-08 at 08:50 -0400, Paul Moore wrote:
> > > > On April 7, 2018 1:03:57 PM Linus Torvalds <torvalds@linux-foun
> > > > da
> > > > tion
> > > > .org> wrote:
> > > > On Sat, Apr 7, 2018 at 9:54 AM, Richard Haines
> > > > <richard_c_haines@xxxxxxxxxxxxxx> wrote:
> > > >
> > > > So please check my resolution, but also somebody should tell me
> > > > "Linus, you're a cretin, sctp_connect() doesn't want that
> > > > security_sctp_bind_connect() at all because it was already done
> > > > by
> > > > XYZ"
> > > >
> > > > sctp_connect() or __sctp_connect() do not need to call
> > > > security_sctp_bind_connect(). This is because the connect(2)
> > > > call
> > > > will
> > > > handle the checks required via security_socket_connect():
> > > >
> > > > Ok, thanks, that's exactly what I wanted to get.
> > > >
> > > > Anyway, somebody should still verify that it all looks good in
> > > > my
> > > > tree, but I don't actually expect the merge to have had any
> > > > issues
> > > > even if the refactoring made it a bit more complex than most
> > > > merges
> > > > are.
> > > >
> > > > Thanks for the quick response Richard.
> > > >
> > > > Xin Long looked it over and gave it the thumbs up, I'll take a
> > > > look
> > > > too, but to be honest I trust his SCTP understanding much more
> > > > than
> > > > mine. I also do weekly tests of each rcX release at a minimum
> > > > so
> > > > if
> > > > something odd pops up I'll make sure you get a fix.
> > > >
> > > > Thanks again everyone.
> > >
> > > I built the kernel this morning and sorry to spoil the party, but
> > > I've
> > > run into a problem with lksctp-tools when running the func_tests:
> > >
> > > make v6test
> > > ..
> > > ..
> > > ./test_timetolive_v6
> > > test_timetolive.c 0 INFO : Creating fillmsg of size 3087
> > > test_timetolive.c 1 PASS : Send a message with timeout
> > > test_timetolive.c 2 PASS : Send a message with no timeout
> > > test_timetolive.c 3 PASS : Send a fragmented message with
> > > timeout
> > > test_timetolive.c 0 INFO : ** SLEEPING for 3 seconds **
> > > test_timetolive.c 4 BROK : Got a datamsg of unexpected
> > > length:23,
> > > expected length:27
> > > DUMP_CORE sctputil.c: 247
> > > /bin/sh: line 1: 30981 Segmentation fault (core dumped) ./$a
> > > test_timetolive_v6 fails
> > >
> > > make v4 test fails the same way. I'm using lksctp-tools from [1].
> > > I
> > > have not investigated the cause yet as just found this and
> > > thought
> > > I
> > > should flag first just in case someone has the answer !!!
> >
> > test_timetolive(_v6) works for me, In lksctp-tools/src/func_tests,
> > I
> > had
> > another case failed,./test_1_to_1_events, it's caused by:
> > commit 30f6ebf65bc46161c5aaff1db2e6e7c76aa4a06b
> > Author: Xin Long <lucien.xin@xxxxxxxxx>
> > Date: Wed Mar 14 19:05:34 2018 +0800
> >
> > sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT
> >
> > It's not kernel's issue, after that commit, ./test_1_to_1_events
> > should
> > have been improved. or avoid it by 'sysctl -w
> > net.sctp.auth_enable=1'
> >
> > I'm not sure why test_timetolive(_v6) is not working in your env.
>
> It appears to depend on the run sequence of the tests. I rebooted the
> system, ran test_timetolive_v6, it worked okay.
> Ran "sctp-tests run" on a terminal, then ran test_timetolive_v6 at
> various intervals on another terminal. Once sctp-tests started the
> "===
> ndatasched ===" sequence, test_timetolive_v6 failed.

1) When SCTP is initialised /proc/sys/net/sctp/prsctp_enable = 1
2) When sctp-tests/testcase/regression/extoverflow/test.sh is executed,
on exit it sets prsctp_enable = 0. This seems to be causing the issue
I'm seeing. I can now simulate the problem:

Running from fresh boot:
checksctp
cat /proc/sys/net/sctp/prsctp_enable
1
./test_timetolive_v6
passes
echo 0 > /proc/sys/net/sctp/prsctp_enable
./test_timetolive_v6
fails
echo 1 > /proc/sys/net/sctp/prsctp_enable
./test_timetolive_v6
passes

I've no idea why as yet !!!

>
> >
> > >
> > > On the bright side, I've run the sctp-tests from [2] with no
> > > problems
> > > and also the selinux-testsuite with my SCTP patch from [3] using
> > > an
> > > updated Fedora policy from [4] (with sctp support added), all in
> > > enforcing mode.
> > >
> > > Also the LTP test passed:
> > > cd /opt/ltp/
> > > cat runtest/syscalls |grep connect01>runtest/connect-syscall
> > > ./runltp -pq -f connect-syscall
> > > ....
> > >
> > > [1] https://github.com/sctp/lksctp-tools
> > > [2] https://github.com/sctp/sctp-tests
> > > [3] https://marc.info/?l=selinux&m=152156947715709&w=2
> > > [4] https://github.com/fedora-selinux/selinux-policy
> > >
> > >
> > > >
> > > > --
> > > > paul moore
> > > > www.paul-moore.com
> > > >
> > > >
> > > >
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-
> > security-module" in
> > the body of a message to majordomo@xxxxxxxxxxxxxxx
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>

Next message: Theodore Y. Ts'o: "Re: [PATCH] crypto: DRBG - guard uninstantion by lock"
Previous message: Eric Biggers: "Re: WARNING in binder_send_failed_reply"
In reply to: Richard Haines: "Re: [GIT PULL] SELinux patches for v4.17"
Next in thread: Xin Long: "Re: [GIT PULL] SELinux patches for v4.17"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]