* "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3 @ 2014-11-04 20:12 Vinson Lee 2014-11-05 20:48 ` Paul Moore 0 siblings, 1 reply; 12+ messages in thread From: Vinson Lee @ 2014-11-04 20:12 UTC (permalink / raw) To: Paul Moore, Stephen Smalley, Eric Paris, James Morris, Serge E. Hallyn, selinux, linux-security-module Cc: trinity Hi. trinity triggered this kernel warning in selinux_netlink_send on Linux 3.18-rc3. ------------[ cut here ]------------ WARNING: CPU: 8 PID: 53557 at security/selinux/hooks.c:4730 selinux_netlink_send+0x9e/0xfc() selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30 Modules linked in: af_key l2tp_ppp l2tp_netlink l2tp_core nfnetlink can_bcm scsi_transport_iscsi can_raw can pppoe pppox ppp_generic slhc netconsole configfs ipv6 dm_multipath scsi_dh video sbs sbshc acpi_pad acpi_ipmi parport_pc lp parport tcp_diag inet_diag ipmi_devintf sg mlx4_en ptp pps_core vxlan udp_tunnel ip6_udp_tunnel mlx4_core iTCO_wdt iTCO_vendor_support dcdbas wmi ioatdma sb_edac hed i2c_i801 i2c_core microcode edac_core ipmi_si ipmi_msghandler lpc_ich mfd_core shpchp dca ahci libahci libata sd_mod scsi_mod CPU: 8 PID: 53557 Comm: trinity-c8 Not tainted 3.18.0-rc3 #1 0000000000000009 ffff88104c153be8 ffffffff814daf56 00000000000000e5 ffff88104c153c38 ffff88104c153c28 ffffffff8106010d ffffffff8142815f ffffffff8123431e 00000000ffffffea ffff8800770be800 0000000000000000 Call Trace: [<ffffffff814daf56>] dump_stack+0x46/0x58 [<ffffffff8106010d>] warn_slowpath_common+0x81/0x9b [<ffffffff8142815f>] ? __alloc_skb+0x84/0x1b1 [<ffffffff8123431e>] ? selinux_netlink_send+0x9e/0xfc [<ffffffff8106016d>] warn_slowpath_fmt+0x46/0x48 [<ffffffff8123431e>] selinux_netlink_send+0x9e/0xfc [<ffffffff8123119b>] security_netlink_send+0x16/0x18 [<ffffffff8145bf30>] netlink_sendmsg+0x570/0x630 [<ffffffff81232aeb>] ? sock_has_perm+0x63/0x6a [<ffffffff8141ea6f>] __sock_sendmsg_nosec+0x25/0x27 [<ffffffff81420252>] sock_aio_write+0xc6/0xdd [<ffffffff81233255>] ? file_has_perm+0x5d/0x81 [<ffffffff8116835b>] do_sync_write+0x55/0x78 [<ffffffff81168c8e>] vfs_write+0xbb/0x124 [<ffffffff81169321>] SyS_write+0x44/0x78 [<ffffffff814e26b9>] ia32_do_call+0x13/0x13 ---[ end trace 9c4105cdf6c3f1b1 ]--- Cheers, Vinson ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3 2014-11-04 20:12 "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3 Vinson Lee @ 2014-11-05 20:48 ` Paul Moore 2014-11-05 20:51 ` Stephen Smalley 0 siblings, 1 reply; 12+ messages in thread From: Paul Moore @ 2014-11-05 20:48 UTC (permalink / raw) To: Vinson Lee Cc: Stephen Smalley, Eric Paris, James Morris, Serge E. Hallyn, selinux, linux-security-module, trinity On Tuesday, November 04, 2014 12:12:56 PM Vinson Lee wrote: > Hi. > > trinity triggered this kernel warning in selinux_netlink_send on Linux > 3.18-rc3. It looks like trinity sent a bogus netlink message to the kernel and SELinux responded as I would expect it to, with a WARN_ONCE() message. Thank you for your help in testing, but I don't see a problem here that needs to be resolved. > ------------[ cut here ]------------ > WARNING: CPU: 8 PID: 53557 at security/selinux/hooks.c:4730 > selinux_netlink_send+0x9e/0xfc() > selinux_nlmsg_perm: unrecognized netlink message: protocol=0 > nlmsg_type=0 sclass=30 > Modules linked in: af_key l2tp_ppp l2tp_netlink l2tp_core nfnetlink > can_bcm scsi_transport_iscsi can_raw can pppoe pppox ppp_generic slhc > netconsole configfs ipv6 dm_multipath scsi_dh video sbs sbshc acpi_pad > acpi_ipmi parport_pc lp parport tcp_diag inet_diag ipmi_devintf sg > mlx4_en ptp pps_core vxlan udp_tunnel ip6_udp_tunnel mlx4_core > iTCO_wdt iTCO_vendor_support dcdbas wmi ioatdma sb_edac hed i2c_i801 > i2c_core microcode edac_core ipmi_si ipmi_msghandler lpc_ich mfd_core > shpchp dca ahci libahci libata sd_mod scsi_mod > CPU: 8 PID: 53557 Comm: trinity-c8 Not tainted 3.18.0-rc3 #1 > 0000000000000009 ffff88104c153be8 ffffffff814daf56 00000000000000e5 > ffff88104c153c38 ffff88104c153c28 ffffffff8106010d ffffffff8142815f > ffffffff8123431e 00000000ffffffea ffff8800770be800 0000000000000000 > Call Trace: > [<ffffffff814daf56>] dump_stack+0x46/0x58 > [<ffffffff8106010d>] warn_slowpath_common+0x81/0x9b > [<ffffffff8142815f>] ? __alloc_skb+0x84/0x1b1 > [<ffffffff8123431e>] ? selinux_netlink_send+0x9e/0xfc > [<ffffffff8106016d>] warn_slowpath_fmt+0x46/0x48 > [<ffffffff8123431e>] selinux_netlink_send+0x9e/0xfc > [<ffffffff8123119b>] security_netlink_send+0x16/0x18 > [<ffffffff8145bf30>] netlink_sendmsg+0x570/0x630 > [<ffffffff81232aeb>] ? sock_has_perm+0x63/0x6a > [<ffffffff8141ea6f>] __sock_sendmsg_nosec+0x25/0x27 > [<ffffffff81420252>] sock_aio_write+0xc6/0xdd > [<ffffffff81233255>] ? file_has_perm+0x5d/0x81 > [<ffffffff8116835b>] do_sync_write+0x55/0x78 > [<ffffffff81168c8e>] vfs_write+0xbb/0x124 > [<ffffffff81169321>] SyS_write+0x44/0x78 > [<ffffffff814e26b9>] ia32_do_call+0x13/0x13 > ---[ end trace 9c4105cdf6c3f1b1 ]--- > > Cheers, > Vinson -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3 2014-11-05 20:48 ` Paul Moore @ 2014-11-05 20:51 ` Stephen Smalley 2014-11-05 21:57 ` Paul Moore 0 siblings, 1 reply; 12+ messages in thread From: Stephen Smalley @ 2014-11-05 20:51 UTC (permalink / raw) To: Paul Moore, Vinson Lee Cc: Eric Paris, James Morris, Serge E. Hallyn, selinux, linux-security-module, trinity, Richard Guy Briggs On 11/05/2014 03:48 PM, Paul Moore wrote: > On Tuesday, November 04, 2014 12:12:56 PM Vinson Lee wrote: >> Hi. >> >> trinity triggered this kernel warning in selinux_netlink_send on Linux >> 3.18-rc3. > > It looks like trinity sent a bogus netlink message to the kernel and SELinux > responded as I would expect it to, with a WARN_ONCE() message. Thank you for > your help in testing, but I don't see a problem here that needs to be > resolved. I guess the only thing new here is that this message used to be directed to the audit system via audit_log() and was changed to use WARN_ONCE(). Why was that change made (the change description gives no rationale)? Is this an appropriate use of WARN_ONCE()? > >> ------------[ cut here ]------------ >> WARNING: CPU: 8 PID: 53557 at security/selinux/hooks.c:4730 >> selinux_netlink_send+0x9e/0xfc() >> selinux_nlmsg_perm: unrecognized netlink message: protocol=0 >> nlmsg_type=0 sclass=30 >> Modules linked in: af_key l2tp_ppp l2tp_netlink l2tp_core nfnetlink >> can_bcm scsi_transport_iscsi can_raw can pppoe pppox ppp_generic slhc >> netconsole configfs ipv6 dm_multipath scsi_dh video sbs sbshc acpi_pad >> acpi_ipmi parport_pc lp parport tcp_diag inet_diag ipmi_devintf sg >> mlx4_en ptp pps_core vxlan udp_tunnel ip6_udp_tunnel mlx4_core >> iTCO_wdt iTCO_vendor_support dcdbas wmi ioatdma sb_edac hed i2c_i801 >> i2c_core microcode edac_core ipmi_si ipmi_msghandler lpc_ich mfd_core >> shpchp dca ahci libahci libata sd_mod scsi_mod >> CPU: 8 PID: 53557 Comm: trinity-c8 Not tainted 3.18.0-rc3 #1 >> 0000000000000009 ffff88104c153be8 ffffffff814daf56 00000000000000e5 >> ffff88104c153c38 ffff88104c153c28 ffffffff8106010d ffffffff8142815f >> ffffffff8123431e 00000000ffffffea ffff8800770be800 0000000000000000 >> Call Trace: >> [<ffffffff814daf56>] dump_stack+0x46/0x58 >> [<ffffffff8106010d>] warn_slowpath_common+0x81/0x9b >> [<ffffffff8142815f>] ? __alloc_skb+0x84/0x1b1 >> [<ffffffff8123431e>] ? selinux_netlink_send+0x9e/0xfc >> [<ffffffff8106016d>] warn_slowpath_fmt+0x46/0x48 >> [<ffffffff8123431e>] selinux_netlink_send+0x9e/0xfc >> [<ffffffff8123119b>] security_netlink_send+0x16/0x18 >> [<ffffffff8145bf30>] netlink_sendmsg+0x570/0x630 >> [<ffffffff81232aeb>] ? sock_has_perm+0x63/0x6a >> [<ffffffff8141ea6f>] __sock_sendmsg_nosec+0x25/0x27 >> [<ffffffff81420252>] sock_aio_write+0xc6/0xdd >> [<ffffffff81233255>] ? file_has_perm+0x5d/0x81 >> [<ffffffff8116835b>] do_sync_write+0x55/0x78 >> [<ffffffff81168c8e>] vfs_write+0xbb/0x124 >> [<ffffffff81169321>] SyS_write+0x44/0x78 >> [<ffffffff814e26b9>] ia32_do_call+0x13/0x13 >> ---[ end trace 9c4105cdf6c3f1b1 ]--- >> >> Cheers, >> Vinson > ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3 2014-11-05 20:51 ` Stephen Smalley @ 2014-11-05 21:57 ` Paul Moore 2014-11-05 22:25 ` Richard Guy Briggs 0 siblings, 1 reply; 12+ messages in thread From: Paul Moore @ 2014-11-05 21:57 UTC (permalink / raw) To: Stephen Smalley, Richard Guy Briggs Cc: Vinson Lee, Eric Paris, James Morris, Serge E. Hallyn, selinux, linux-security-module, trinity On Wednesday, November 05, 2014 03:51:52 PM Stephen Smalley wrote: > On 11/05/2014 03:48 PM, Paul Moore wrote: > > On Tuesday, November 04, 2014 12:12:56 PM Vinson Lee wrote: > >> Hi. > >> > >> trinity triggered this kernel warning in selinux_netlink_send on Linux > >> 3.18-rc3. > > > > It looks like trinity sent a bogus netlink message to the kernel and > > SELinux responded as I would expect it to, with a WARN_ONCE() message. > > Thank you for your help in testing, but I don't see a problem here that > > needs to be resolved. > > I guess the only thing new here is that this message used to be directed > to the audit system via audit_log() and was changed to use WARN_ONCE(). > Why was that change made (the change description gives no rationale)? My understanding was that the audit record didn't fit the hoped-for-but-not- really-a-standard name value pair format that the audit folks like. Richard wanted to either normalize the audit record or replace it with something else. > Is this an appropriate use of WARN_ONCE()? In retrospect, we could probably do better. I don't think it should be an audit record, but I can see the point that a backtrace and scary WARNING! display are probably a bit too much. Richard, how about converting this WARN_ONCE() to a printk_once(), or similar? -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3 2014-11-05 21:57 ` Paul Moore @ 2014-11-05 22:25 ` Richard Guy Briggs 2014-11-10 20:41 ` Paul Moore 0 siblings, 1 reply; 12+ messages in thread From: Richard Guy Briggs @ 2014-11-05 22:25 UTC (permalink / raw) To: Paul Moore Cc: Stephen Smalley, Vinson Lee, Eric Paris, James Morris, Serge E. Hallyn, selinux, linux-security-module, trinity On 14/11/05, Paul Moore wrote: > On Wednesday, November 05, 2014 03:51:52 PM Stephen Smalley wrote: > > On 11/05/2014 03:48 PM, Paul Moore wrote: > > > On Tuesday, November 04, 2014 12:12:56 PM Vinson Lee wrote: > > >> Hi. > > >> > > >> trinity triggered this kernel warning in selinux_netlink_send on Linux > > >> 3.18-rc3. Vinson, have you ever seen an audit message reporting this problem previously from trinity? > > > It looks like trinity sent a bogus netlink message to the kernel and > > > SELinux responded as I would expect it to, with a WARN_ONCE() message. > > > Thank you for your help in testing, but I don't see a problem here that > > > needs to be resolved. > > > > I guess the only thing new here is that this message used to be directed > > to the audit system via audit_log() and was changed to use WARN_ONCE(). > > Why was that change made (the change description gives no rationale)? > > My understanding was that the audit record didn't fit the hoped-for-but-not- > really-a-standard name value pair format that the audit folks like. Richard > wanted to either normalize the audit record or replace it with something else. I didn't like that it was an audit record because that wasn't really an auditable event since it failed, presenting no danger to the system, and that it could potentially fill audit logs with useless reports. I didn't really like that it was a WARN_ONCE, since it seemed a bit too alarmist and also made it more difficult to debug. The other recent WARN_ONCE conversions were partly influenced by an effort to clean up locking in audit, but that is not the case here. > > Is this an appropriate use of WARN_ONCE()? > > In retrospect, we could probably do better. I don't think it should be an > audit record, but I can see the point that a backtrace and scary WARNING! > display are probably a bit too much. > > Richard, how about converting this WARN_ONCE() to a printk_once(), or similar? I'd be agreeable to that. While I was a bit concerned that a WARN_ONCE() could be lost in the noise (evidently that's not the case!) a printk_once() would more likely get lost in the noise. Would it make sense to make it a bit less infrequent than printk_once() and rate-limit it at say, one per 5 seconds or more? > paul moore - RGB -- Richard Guy Briggs <rbriggs@redhat.com> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3 2014-11-05 22:25 ` Richard Guy Briggs @ 2014-11-10 20:41 ` Paul Moore 2014-11-12 19:01 ` [PATCH] selinux: convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm() Richard Guy Briggs 0 siblings, 1 reply; 12+ messages in thread From: Paul Moore @ 2014-11-10 20:41 UTC (permalink / raw) To: Richard Guy Briggs Cc: Stephen Smalley, Vinson Lee, Eric Paris, James Morris, Serge E. Hallyn, selinux, linux-security-module, trinity On Wednesday, November 05, 2014 05:25:37 PM Richard Guy Briggs wrote: > On 14/11/05, Paul Moore wrote: > > In retrospect, we could probably do better. I don't think it should be an > > audit record, but I can see the point that a backtrace and scary WARNING! > > display are probably a bit too much. > > > > Richard, how about converting this WARN_ONCE() to a printk_once(), or > > similar? > > I'd be agreeable to that. While I was a bit concerned that a > WARN_ONCE() could be lost in the noise (evidently that's not the case!) > a printk_once() would more likely get lost in the noise. Would it make > sense to make it a bit less infrequent than printk_once() and rate-limit > it at say, one per 5 seconds or more? Let's just go with printk_once() for right now. We probably need to have a better, more consistent approach to error messages not related to the normal access control stuff, however, I'd like to fix this for the v3.18-rcX releases and that is a bit out of scope for right now. Ideally I'd like to fix it this week. Richard, any chance you can submit a patch by the end of the day on Tuesday? It really should be trivial; if you can't let me know and I'll take care of it. -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH] selinux: convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm() 2014-11-10 20:41 ` Paul Moore @ 2014-11-12 19:01 ` Richard Guy Briggs 2014-11-12 21:21 ` Paul Moore 0 siblings, 1 reply; 12+ messages in thread From: Richard Guy Briggs @ 2014-11-12 19:01 UTC (permalink / raw) To: selinux, linux-security-module, trinity Cc: Richard Guy Briggs, sds, vlee, eparis, pmoore, james.l.morris, serge, paul Convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm(). After conversion from audit_log() in commit e173fb26, WARN_ONCE() was deemed too alarmist, so switch it to printk_once(). If this gets buried in the noise, it may be converted to a rate-limited call in the future. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- security/selinux/hooks.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e663141..17d0066 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4725,9 +4725,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm); if (err) { if (err == -EINVAL) { - WARN_ONCE(1, "selinux_nlmsg_perm: unrecognized netlink message:" - " protocol=%hu nlmsg_type=%hu sclass=%hu\n", - sk->sk_protocol, nlh->nlmsg_type, sksec->sclass); + printk_once("selinux_nlmsg_perm: unrecognized netlink message:" + " protocol=%hu nlmsg_type=%hu sclass=%hu\n", + sk->sk_protocol, nlh->nlmsg_type, sksec->sclass); if (!selinux_enforcing || security_get_allow_unknown()) err = 0; } -- 1.7.1 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] selinux: convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm() 2014-11-12 19:01 ` [PATCH] selinux: convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm() Richard Guy Briggs @ 2014-11-12 21:21 ` Paul Moore 2014-11-12 21:25 ` Richard Guy Briggs 0 siblings, 1 reply; 12+ messages in thread From: Paul Moore @ 2014-11-12 21:21 UTC (permalink / raw) To: Richard Guy Briggs Cc: selinux, linux-security-module, trinity, sds, vlee, eparis, james.l.morris, serge On Wednesday, November 12, 2014 02:01:34 PM Richard Guy Briggs wrote: > Convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm(). > > After conversion from audit_log() in commit e173fb26, WARN_ONCE() was deemed > too alarmist, so switch it to printk_once(). If this gets buried in the > noise, it may be converted to a rate-limited call in the future. > > Signed-off-by: Richard Guy Briggs <rgb@redhat.com> > --- > security/selinux/hooks.c | 6 +++--- > 1 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index e663141..17d0066 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -4725,9 +4725,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct > sk_buff *skb) err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, > &perm); if (err) { > if (err == -EINVAL) { > - WARN_ONCE(1, "selinux_nlmsg_perm: unrecognized netlink message:" > - " protocol=%hu nlmsg_type=%hu sclass=%hu\n", > - sk->sk_protocol, nlh->nlmsg_type, sksec->sclass); > + printk_once("selinux_nlmsg_perm: unrecognized netlink message:" > + " protocol=%hu nlmsg_type=%hu sclass=%hu\n", > + sk->sk_protocol, nlh->nlmsg_type, sksec->sclass); > if (!selinux_enforcing || security_get_allow_unknown()) > err = 0; > } My apologies, I should have noticed this sooner, but printk_once() is probably not a good choice here as only the first invalid netlink message will be displayed. This is fine if all the invalid netlink messages happen the same, but that isn't likely to be the case. Richard, any objections if I convert the printk_once() to a printk(WARN) and update the patch description accordingly? -- paul moore security and virtualization @ redhat ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] selinux: convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm() 2014-11-12 21:21 ` Paul Moore @ 2014-11-12 21:25 ` Richard Guy Briggs 2014-11-12 21:30 ` Paul Moore 0 siblings, 1 reply; 12+ messages in thread From: Richard Guy Briggs @ 2014-11-12 21:25 UTC (permalink / raw) To: Paul Moore Cc: selinux, linux-security-module, trinity, sds, vlee, eparis, james.l.morris, serge On 14/11/12, Paul Moore wrote: > On Wednesday, November 12, 2014 02:01:34 PM Richard Guy Briggs wrote: > > Convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm(). > > > > After conversion from audit_log() in commit e173fb26, WARN_ONCE() was deemed > > too alarmist, so switch it to printk_once(). If this gets buried in the > > noise, it may be converted to a rate-limited call in the future. > > > > Signed-off-by: Richard Guy Briggs <rgb@redhat.com> > > --- > > security/selinux/hooks.c | 6 +++--- > > 1 files changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > > index e663141..17d0066 100644 > > --- a/security/selinux/hooks.c > > +++ b/security/selinux/hooks.c > > @@ -4725,9 +4725,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct > > sk_buff *skb) err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, > > &perm); if (err) { > > if (err == -EINVAL) { > > - WARN_ONCE(1, "selinux_nlmsg_perm: unrecognized netlink > message:" > > - " protocol=%hu nlmsg_type=%hu sclass=%hu\n", > > - sk->sk_protocol, nlh->nlmsg_type, sksec->sclass); > > + printk_once("selinux_nlmsg_perm: unrecognized netlink message:" > > + " protocol=%hu nlmsg_type=%hu sclass=%hu\n", > > + sk->sk_protocol, nlh->nlmsg_type, sksec->sclass); > > if (!selinux_enforcing || security_get_allow_unknown()) > > err = 0; > > } > > My apologies, I should have noticed this sooner, but printk_once() is probably > not a good choice here as only the first invalid netlink message will be > displayed. This is fine if all the invalid netlink messages happen the same, > but that isn't likely to be the case. This was the same situation with WARN_ONCE(), hence my comment about difficulty in debugging... > Richard, any objections if I convert the printk_once() to a printk(WARN) and > update the patch description accordingly? Use pr_warn() instead... > paul moore - RGB -- Richard Guy Briggs <rbriggs@redhat.com> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] selinux: convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm() 2014-11-12 21:25 ` Richard Guy Briggs @ 2014-11-12 21:30 ` Paul Moore 2014-11-12 21:35 ` Richard Guy Briggs 0 siblings, 1 reply; 12+ messages in thread From: Paul Moore @ 2014-11-12 21:30 UTC (permalink / raw) To: Richard Guy Briggs Cc: selinux, linux-security-module, trinity, sds, vlee, eparis, james.l.morris, serge On Wednesday, November 12, 2014 04:25:15 PM Richard Guy Briggs wrote: > On 14/11/12, Paul Moore wrote: > > My apologies, I should have noticed this sooner, but printk_once() is > > probably not a good choice here as only the first invalid netlink message > > will be displayed. This is fine if all the invalid netlink messages > > happen the same, but that isn't likely to be the case. > > This was the same situation with WARN_ONCE(), hence my comment about > difficulty in debugging... Unfortunately I didn't realize your point until now. > > Richard, any objections if I convert the printk_once() to a printk(WARN) > > and update the patch description accordingly? > > Use pr_warn() instead... Normally, yes, but the rest of the SELinux code uses printk(WARN) and I'm a stickler for consistency. -- paul moore security and virtualization @ redhat ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] selinux: convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm() 2014-11-12 21:30 ` Paul Moore @ 2014-11-12 21:35 ` Richard Guy Briggs 2014-11-12 21:44 ` Paul Moore 0 siblings, 1 reply; 12+ messages in thread From: Richard Guy Briggs @ 2014-11-12 21:35 UTC (permalink / raw) To: Paul Moore Cc: selinux, linux-security-module, trinity, sds, vlee, eparis, james.l.morris, serge On 14/11/12, Paul Moore wrote: > On Wednesday, November 12, 2014 04:25:15 PM Richard Guy Briggs wrote: > > On 14/11/12, Paul Moore wrote: > > > My apologies, I should have noticed this sooner, but printk_once() is > > > probably not a good choice here as only the first invalid netlink message > > > will be displayed. This is fine if all the invalid netlink messages > > > happen the same, but that isn't likely to be the case. > > > > This was the same situation with WARN_ONCE(), hence my comment about > > difficulty in debugging... > > Unfortunately I didn't realize your point until now. > > > > Richard, any objections if I convert the printk_once() to a printk(WARN) > > > and update the patch description accordingly? > > > > Use pr_warn() instead... > > Normally, yes, but the rest of the SELinux code uses printk(WARN) and I'm a > stickler for consistency. And Joe Perches hasn't handed a patch you've accepted yet to convert it all over? As you prefer... > paul moore - RGB -- Richard Guy Briggs <rbriggs@redhat.com> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] selinux: convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm() 2014-11-12 21:35 ` Richard Guy Briggs @ 2014-11-12 21:44 ` Paul Moore 0 siblings, 0 replies; 12+ messages in thread From: Paul Moore @ 2014-11-12 21:44 UTC (permalink / raw) To: Richard Guy Briggs Cc: selinux, linux-security-module, trinity, sds, vlee, eparis, james.l.morris, serge On Wednesday, November 12, 2014 04:35:33 PM Richard Guy Briggs wrote: > On 14/11/12, Paul Moore wrote: > > On Wednesday, November 12, 2014 04:25:15 PM Richard Guy Briggs wrote: > > > Use pr_warn() instead... > > > > Normally, yes, but the rest of the SELinux code uses printk(WARN) and I'm > > a stickler for consistency. > > And Joe Perches hasn't handed a patch you've accepted yet to convert it > all over? Maybe I missed it, but I don't recall one ... -- paul moore security and virtualization @ redhat ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2014-11-12 21:44 UTC | newest] Thread overview: 12+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-11-04 20:12 "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3 Vinson Lee 2014-11-05 20:48 ` Paul Moore 2014-11-05 20:51 ` Stephen Smalley 2014-11-05 21:57 ` Paul Moore 2014-11-05 22:25 ` Richard Guy Briggs 2014-11-10 20:41 ` Paul Moore 2014-11-12 19:01 ` [PATCH] selinux: convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm() Richard Guy Briggs 2014-11-12 21:21 ` Paul Moore 2014-11-12 21:25 ` Richard Guy Briggs 2014-11-12 21:30 ` Paul Moore 2014-11-12 21:35 ` Richard Guy Briggs 2014-11-12 21:44 ` Paul Moore
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).