From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v6P9xgQ3018413 for ; Tue, 25 Jul 2017 05:59:48 -0400 Message-ID: <1500976778.2929.5.camel@redhat.com> From: Paolo Abeni To: Paul Moore Cc: netdev@vger.kernel.org, selinux@tycho.nsa.gov Date: Tue, 25 Jul 2017 11:59:38 +0200 In-Reply-To: References: <1500899117.2458.2.camel@redhat.com> <1500912555.2458.12.camel@redhat.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Subject: Re: SELinux/IP_PASSSEC regression in 4.13-rcX List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On Mon, 2017-07-24 at 22:00 -0400, Paul Moore wrote: > > I'm happy to test this, but if you are curious, you can find the > > selinux-testsuite at the link below; the "inet_socket" tests are the > > ones relevant to this problem. > > > > * https://github.com/SELinuxProject/selinux-testsuite Thanks, I'll have a look. > > However, I believe there is a problem with this patch, see below. [...] > > > -#if BITS_PER_LONG == 64 > > > +#define UDP_SKB_IS_STATELESS 0x80000000 > > > + > > > static void udp_set_dev_scratch(struct sk_buff *skb) > > > { > > > - struct udp_dev_scratch *scratch; > > > + struct udp_dev_scratch *scratch = udp_skb_scratch(skb); > > > > > > BUILD_BUG_ON(sizeof(struct udp_dev_scratch) > sizeof(long)); > > > > The BUILD_BUG_ON() assertion no longer appears to be correct with this patch. > > Nevermind, I just took a closer look at this and realized I made a > mistake when applying your patch (had to apply manually for some > reason). I'm building a test kernel now. Yup, I compile-tested the code, plus some basic sanity checks, so the build breakage felt unexpected. Thanks for testing, Paolo