Re: [PATCH net-next v3 01/16] mctp: Add MCTP base

Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> · Thu, 12 Aug 2021 11:45:55 +0200 (CEST)

Hi Jeremy,

CC kbuild

On Fri, 23 Jul 2021, Jeremy Kerr wrote:
Add basic Kconfig, an initial (empty) af_mctp source object, and
{AF,PF}_MCTP definitions, and the required selinux definitions.

Signed-off-by: Jeremy Kerr <jk@xxxxxxxxxxxxxxxxxxxx>

Thanks for your patch, which is now commit bc49d8169aa72295 ("mctp: Add
MCTP base") in net-next.

--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1330,7 +1330,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
			return SECCLASS_SMC_SOCKET;
		case PF_XDP:
			return SECCLASS_XDP_SOCKET;
-#if PF_MAX > 45
+		case PF_MCTP:
+			return SECCLASS_MCTP_SOCKET;

When building an allmodconfig kernel, I got:

security/selinux/hooks.c: In function 'socket_type_to_security_class':
security/selinux/hooks.c:1334:32: error: 'SECCLASS_MCTP_SOCKET' undeclared (first use in this function); did you mean 'SECCLASS_SCTP_SOCKET'?
 1334 |                         return SECCLASS_MCTP_SOCKET;
      |                                ^~~~~~~~~~~~~~~~~~~~
      |                                SECCLASS_SCTP_SOCKET

+#if PF_MAX > 46
#error New address family defined, please update this function.
#endif
		}

diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 62d19bccf3de..084757ff4390 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -246,6 +246,8 @@ struct security_class_mapping secclass_map[] = {
	    NULL } },
	{ "xdp_socket",
	  { COMMON_SOCK_PERMS, NULL } },
+	{ "mctp_socket",
+	  { COMMON_SOCK_PERMS, NULL } },
	{ "perf_event",
	  { "open", "cpu", "kernel", "tracepoint", "read", "write", NULL } },
	{ "lockdown",

The needed definition should be auto-generated from the above file, but
there seems to be an issue with the dependencies, as the file was not
regenerated.

Manually removing security/selinux/flask.h in the build dir fixed the
issue.

I'm building in a separate build directory, using make -j 12.

Gr{oetje,eeting}s,

						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
							    -- Linus Torvalds






