Re: [PATCH v1 net-next 2/4] net: Retire DCCP.

Re: [PATCH v1 net-next 2/4] net: Retire DCCP.

[Paul Moore]

On Mon, Apr 7, 2025 at 7:19 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
>
> DCCP was orphaned in 2021 by commit 054c4610bd05 ("MAINTAINERS: dccp:
> move Gerrit Renker to CREDITS"), which noted that the last maintainer
> had been inactive for five years.
>
> In recent years, it has become a playground for syzbot, and most changes
> to DCCP have been odd bug fixes triggered by syzbot.  Apart from that,
> the only changes have been driven by treewide or networking API updates
> or adjustments related to TCP.
>
> Thus, in 2023, we announced we would remove DCCP in 2025 via commit
> b144fcaf46d4 ("dccp: Print deprecation notice.").
>
> Since then, only one individual has contacted the netdev mailing list. [0]
>
> There is ongoing research for Multipath DCCP.  The repository is hosted
> on GitHub [1], and development is not taking place through the upstream
> community.  While the repository is published under the GPLv2 license,
> the scheduling part remains proprietary, with a LICENSE file [2] stating:
>
>   "This is not Open Source software."
>
> The researcher mentioned a plan to address the licensing issue, upstream
> the patches, and step up as a maintainer, but there has been no further
> communication since then.
>
> Maintaining DCCP for a decade without any real users has become a burden.
>
> Therefore, it's time to remove it.
>
> Removing DCCP will also provide significant benefits to TCP.  It allows
> us to freely reorganize the layout of struct inet_connection_sock, which
> is currently shared with DCCP, and optimize it to reduce the number of
> cachelines accessed in the TCP fast path.
>
> Note that we leave uAPI headers alone for userspace programs.
>
> Link: https://lore.kernel.org/netdev/20230710182253.81446-1-kuniyu@amazon.com/T/#u #[0]
> Link: https://github.com/telekom/mp-dccp #[1]
> Link: https://github.com/telekom/mp-dccp/blob/mpdccp_v03_k5.10/net/dccp/non_gpl_scheduler/LICENSE #[2]
> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>

Adding the LSM and SELinux lists for obvious reasons, as well as Casey
directly since he maintains Smack and I don't see him on the To/CC
line.

For those that weren't on the original posting, the lore link is below:
https://lore.kernel.org/all/20250407231823.95927-1-kuniyu@amazon.com

> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index 04a9b480885e..5665aa5e7853 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -127,8 +127,6 @@ const struct security_class_mapping secclass_map[] = {
>         { "key",
>           { "view", "read", "write", "search", "link", "setattr", "create",
>             NULL } },
> -       { "dccp_socket",
> -         { COMMON_SOCK_PERMS, "node_bind", "name_connect", NULL } },
>         { "memprotect", { "mmap_zero", NULL } },
>         { "peer", { "recv", NULL } },
>         { "capability2", { COMMON_CAP2_PERMS, NULL } },

A quick question for the rest of the SELinux folks: the DCCP code is
going away, so we won't be performing any of the access checks listed
above, and there will be no way to get a "dccp_socket" object, but do
we want to preserve the class/perms simply to quiet the warning when
loading existing policies?

Personally I'm not too bothered by those warnings, I see them fairly
regularly for a few classes/perms on my test systems, but thought it
was worth having a quick discussion on this one since it is a bit
different.

-- 
paul-moore.com

Re: [PATCH v1 net-next 2/4] net: Retire DCCP.

[Christian Göttsche]

Apr 8, 2025 03:35:15 Paul Moore <paul@paul-moore.com>:

> On Mon, Apr 7, 2025 at 7:19 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
>>
>> DCCP was orphaned in 2021 by commit 054c4610bd05 ("MAINTAINERS: dccp:
>> move Gerrit Renker to CREDITS"), which noted that the last maintainer
>> had been inactive for five years.
>>
>> In recent years, it has become a playground for syzbot, and most changes
>> to DCCP have been odd bug fixes triggered by syzbot.  Apart from that,
>> the only changes have been driven by treewide or networking API updates
>> or adjustments related to TCP.
>>
>> Thus, in 2023, we announced we would remove DCCP in 2025 via commit
>> b144fcaf46d4 ("dccp: Print deprecation notice.").
>>
>> Since then, only one individual has contacted the netdev mailing list. [0]
>>
>> There is ongoing research for Multipath DCCP.  The repository is hosted
>> on GitHub [1], and development is not taking place through the upstream
>> community.  While the repository is published under the GPLv2 license,
>> the scheduling part remains proprietary, with a LICENSE file [2] stating:
>>
>>   "This is not Open Source software."
>>
>> The researcher mentioned a plan to address the licensing issue, upstream
>> the patches, and step up as a maintainer, but there has been no further
>> communication since then.
>>
>> Maintaining DCCP for a decade without any real users has become a burden.
>>
>> Therefore, it's time to remove it.
>>
>> Removing DCCP will also provide significant benefits to TCP.  It allows
>> us to freely reorganize the layout of struct inet_connection_sock, which
>> is currently shared with DCCP, and optimize it to reduce the number of
>> cachelines accessed in the TCP fast path.
>>
>> Note that we leave uAPI headers alone for userspace programs.
>>
>> Link: https://lore.kernel.org/netdev/20230710182253.81446-1-kuniyu@amazon.com/T/#u #[0]
>> Link: https://github.com/telekom/mp-dccp #[1]
>> Link: https://github.com/telekom/mp-dccp/blob/mpdccp_v03_k5.10/net/dccp/non_gpl_scheduler/LICENSE #[2]
>> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
>
> Adding the LSM and SELinux lists for obvious reasons, as well as Casey
> directly since he maintains Smack and I don't see him on the To/CC
> line.
>
> For those that weren't on the original posting, the lore link is below:
> https://lore.kernel.org/all/20250407231823.95927-1-kuniyu@amazon.com
>
>> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
>> index 04a9b480885e..5665aa5e7853 100644
>> --- a/security/selinux/include/classmap.h
>> +++ b/security/selinux/include/classmap.h
>> @@ -127,8 +127,6 @@ const struct security_class_mapping secclass_map[] = {
>>         { "key",
>>           { "view", "read", "write", "search", "link", "setattr", "create",
>>             NULL } },
>> -       { "dccp_socket",
>> -         { COMMON_SOCK_PERMS, "node_bind", "name_connect", NULL } },
>>         { "memprotect", { "mmap_zero", NULL } },
>>         { "peer", { "recv", NULL } },
>>         { "capability2", { COMMON_CAP2_PERMS, NULL } },
>
> A quick question for the rest of the SELinux folks: the DCCP code is
> going away, so we won't be performing any of the access checks listed
> above, and there will be no way to get a "dccp_socket" object, but do
> we want to preserve the class/perms simply to quiet the warning when
> loading existing policies?

Isn't the kernel just warning about missing clssses/permissions? If policies still define dccp_socket I think the kernel treats it as user space class, like dbus.

> Personally I'm not too bothered by those warnings, I see them fairly
> regularly for a few classes/perms on my test systems, but thought it
> was worth having a quick discussion on this one since it is a bit
> different.
>
> --
> paul-moore.com

Re: [PATCH v1 net-next 2/4] net: Retire DCCP.

[Paul Moore]

On Tue, Apr 8, 2025 at 1:22 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
> Apr 8, 2025 03:35:15 Paul Moore <paul@paul-moore.com>:
> > On Mon, Apr 7, 2025 at 7:19 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
> >>
> >> DCCP was orphaned in 2021 by commit 054c4610bd05 ("MAINTAINERS: dccp:
> >> move Gerrit Renker to CREDITS"), which noted that the last maintainer
> >> had been inactive for five years.
> >>
> >> In recent years, it has become a playground for syzbot, and most changes
> >> to DCCP have been odd bug fixes triggered by syzbot.  Apart from that,
> >> the only changes have been driven by treewide or networking API updates
> >> or adjustments related to TCP.
> >>
> >> Thus, in 2023, we announced we would remove DCCP in 2025 via commit
> >> b144fcaf46d4 ("dccp: Print deprecation notice.").
> >>
> >> Since then, only one individual has contacted the netdev mailing list. [0]
> >>
> >> There is ongoing research for Multipath DCCP.  The repository is hosted
> >> on GitHub [1], and development is not taking place through the upstream
> >> community.  While the repository is published under the GPLv2 license,
> >> the scheduling part remains proprietary, with a LICENSE file [2] stating:
> >>
> >>   "This is not Open Source software."
> >>
> >> The researcher mentioned a plan to address the licensing issue, upstream
> >> the patches, and step up as a maintainer, but there has been no further
> >> communication since then.
> >>
> >> Maintaining DCCP for a decade without any real users has become a burden.
> >>
> >> Therefore, it's time to remove it.
> >>
> >> Removing DCCP will also provide significant benefits to TCP.  It allows
> >> us to freely reorganize the layout of struct inet_connection_sock, which
> >> is currently shared with DCCP, and optimize it to reduce the number of
> >> cachelines accessed in the TCP fast path.
> >>
> >> Note that we leave uAPI headers alone for userspace programs.
> >>
> >> Link: https://lore.kernel.org/netdev/20230710182253.81446-1-kuniyu@amazon.com/T/#u #[0]
> >> Link: https://github.com/telekom/mp-dccp #[1]
> >> Link: https://github.com/telekom/mp-dccp/blob/mpdccp_v03_k5.10/net/dccp/non_gpl_scheduler/LICENSE #[2]
> >> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> >
> > Adding the LSM and SELinux lists for obvious reasons, as well as Casey
> > directly since he maintains Smack and I don't see him on the To/CC
> > line.
> >
> > For those that weren't on the original posting, the lore link is below:
> > https://lore.kernel.org/all/20250407231823.95927-1-kuniyu@amazon.com
> >
> >> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> >> index 04a9b480885e..5665aa5e7853 100644
> >> --- a/security/selinux/include/classmap.h
> >> +++ b/security/selinux/include/classmap.h
> >> @@ -127,8 +127,6 @@ const struct security_class_mapping secclass_map[] = {
> >>         { "key",
> >>           { "view", "read", "write", "search", "link", "setattr", "create",
> >>             NULL } },
> >> -       { "dccp_socket",
> >> -         { COMMON_SOCK_PERMS, "node_bind", "name_connect", NULL } },
> >>         { "memprotect", { "mmap_zero", NULL } },
> >>         { "peer", { "recv", NULL } },
> >>         { "capability2", { COMMON_CAP2_PERMS, NULL } },
> >
> > A quick question for the rest of the SELinux folks: the DCCP code is
> > going away, so we won't be performing any of the access checks listed
> > above, and there will be no way to get a "dccp_socket" object, but do
> > we want to preserve the class/perms simply to quiet the warning when
> > loading existing policies?
>
> Isn't the kernel just warning about missing clssses/permissions? If policies still define dccp_socket I think the kernel treats it as user space class, like dbus.

Ah yes, my apologies, I mixed up the "... not defined in policy"
warning in my mind.  Thanks for setting me straight :)

Anyway, this looks fine to me.

Acked-by: Paul Moore <paul@paul-moore.com> (LSM and SELinux)

-- 
paul-moore.com

Re: [PATCH v1 net-next 2/4] net: Retire DCCP.

[Casey Schaufler]

On 4/7/2025 10:22 PM, Christian Göttsche wrote:
> Apr 8, 2025 03:35:15 Paul Moore <paul@paul-moore.com>:
>
>> On Mon, Apr 7, 2025 at 7:19 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote:
>>> DCCP was orphaned in 2021 by commit 054c4610bd05 ("MAINTAINERS: dccp:
>>> move Gerrit Renker to CREDITS"), which noted that the last maintainer
>>> had been inactive for five years.
>>>
>>> In recent years, it has become a playground for syzbot, and most changes
>>> to DCCP have been odd bug fixes triggered by syzbot.  Apart from that,
>>> the only changes have been driven by treewide or networking API updates
>>> or adjustments related to TCP.
>>>
>>> Thus, in 2023, we announced we would remove DCCP in 2025 via commit
>>> b144fcaf46d4 ("dccp: Print deprecation notice.").
>>>
>>> Since then, only one individual has contacted the netdev mailing list. [0]
>>>
>>> There is ongoing research for Multipath DCCP.  The repository is hosted
>>> on GitHub [1], and development is not taking place through the upstream
>>> community.  While the repository is published under the GPLv2 license,
>>> the scheduling part remains proprietary, with a LICENSE file [2] stating:
>>>
>>>   "This is not Open Source software."
>>>
>>> The researcher mentioned a plan to address the licensing issue, upstream
>>> the patches, and step up as a maintainer, but there has been no further
>>> communication since then.
>>>
>>> Maintaining DCCP for a decade without any real users has become a burden.
>>>
>>> Therefore, it's time to remove it.
>>>
>>> Removing DCCP will also provide significant benefits to TCP.  It allows
>>> us to freely reorganize the layout of struct inet_connection_sock, which
>>> is currently shared with DCCP, and optimize it to reduce the number of
>>> cachelines accessed in the TCP fast path.
>>>
>>> Note that we leave uAPI headers alone for userspace programs.
>>>
>>> Link: https://lore.kernel.org/netdev/20230710182253.81446-1-kuniyu@amazon.com/T/#u #[0]
>>> Link: https://github.com/telekom/mp-dccp #[1]
>>> Link: https://github.com/telekom/mp-dccp/blob/mpdccp_v03_k5.10/net/dccp/non_gpl_scheduler/LICENSE #[2]
>>> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
>> Adding the LSM and SELinux lists for obvious reasons, as well as Casey
>> directly since he maintains Smack and I don't see him on the To/CC
>> line.

It's annoying that I found out about this indirectly. No biscuit.

Nonetheless, for the Smack bits:

Acked-by: Casey Schaufler <casey@schaufler-ca.com>