On Thu, Dec 5, 2019 at 1:10 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 12/5/19 12:41 PM, Paul Moore wrote: > > On Thu, Dec 5, 2019 at 9:08 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > >> Thanks for the double check. Unfortunately my kernel build locks my > >> test VM in early boot; it appears to be non-SELinux related and since > >> the test build is based on selinux/next+patches (which is based off > >> v5.4-rc1) I imagine there might be some unrelated problems in the > >> build. I'm going to rebase my test build to Linus' current and try > >> this again. > > > > Hmm. I haven't done any debugging yet, but the BPF tests are failing > > (they pass with kernel-5.5.0-0.rc0.git5.1.2.secnext.fc32.x86_64): > > > > 1..15 > > ok 1 > > Failed to load BPF prog: Invalid argument > > not ok 2 > > # Failed test at ./test line 68. > > Failed to create BPF map: Permission denied > > ok 3 > > Failed to create BPF map: Permission denied > > ok 4 > > Failed to create BPF map: Permission denied > > ok 5 > > Failed to load BPF prog: Permission denied > > ok 6 > > Failed to load BPF prog: Invalid argument > > ok 7 > > client: Using a BPF map fd > > client: Connected to server via ./test_sock > > server: Accepted a connection, receiving message > > client: Sent descriptor, waiting for reply > > server: Received a descriptor, fd=5, sending back 0 > > client: Received reply, code=0 > > client: ...This implies the descriptor was received > > ok 8 > > Failed to load BPF prog: Invalid argument > > client: Using a BPF prog fd > > client: Connected to server via ./test_sock > > sendmsg: Bad file descriptor > > server: Accepted a connection, receiving message > > server: Received no descriptor, sending back 1 > > not ok 9 > > # Failed test at ./test line 118. > > Failed to load BPF prog: Invalid argument > > client: Using a BPF prog fd > > connect: Connection refused > > ok 10 > > client: Using a BPF map fd > > connect: Connection refused > > ok 11 > > ok 12 > > Client request_service_provider_fd() failing command BR_FAILED_REPLY, exiting. > > ok 13 > > ok 14 > > Failed to load BPF prog: Invalid argument > > Client request_service_provider_fd() failing command BR_FAILED_REPLY, exiting. > > ok 15 > > # Looks like you failed 2 tests of 15. > > They all pass for me (with your next-queue branch, using the > selinux-testsuite defconfig fragment merged with the Fedora config). Oh goodie, I'm special :/ FWIW, my current test kernel is the next-queue branch rebased on top of Linus' current tree, using the latest config from the secnext kernel builds (Fedora Rawhide + stuff for the test suite). > The error above doesn't look SELinux-related; it looks like your kernel > is rejecting the trivial bpf program used in the test code as being > invalid for some reason. That's where I'm at as well, I'm building an instrumented kernel right now to try and track down the source. I'm sure it is something silly like a messed up kernel config or something, but I'd like to understand *why*. -- paul moore www.paul-moore.com
