| Message ID | 20210723082932.3570396-2-jk@codeconstruct.com.au |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Add Management Component Transport Protocol support | expand |
Hi Jeremy, CC kbuild On Fri, 23 Jul 2021, Jeremy Kerr wrote: > Add basic Kconfig, an initial (empty) af_mctp source object, and > {AF,PF}_MCTP definitions, and the required selinux definitions. > > Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au> Thanks for your patch, which is now commit bc49d8169aa72295 ("mctp: Add MCTP base") in net-next. > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -1330,7 +1330,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc > return SECCLASS_SMC_SOCKET; > case PF_XDP: > return SECCLASS_XDP_SOCKET; > -#if PF_MAX > 45 > + case PF_MCTP: > + return SECCLASS_MCTP_SOCKET; When building an allmodconfig kernel, I got: security/selinux/hooks.c: In function 'socket_type_to_security_class': security/selinux/hooks.c:1334:32: error: 'SECCLASS_MCTP_SOCKET' undeclared (first use in this function); did you mean 'SECCLASS_SCTP_SOCKET'? 1334 | return SECCLASS_MCTP_SOCKET; | ^~~~~~~~~~~~~~~~~~~~ | SECCLASS_SCTP_SOCKET > +#if PF_MAX > 46 > #error New address family defined, please update this function. > #endif > } > diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h > index 62d19bccf3de..084757ff4390 100644 > --- a/security/selinux/include/classmap.h > +++ b/security/selinux/include/classmap.h > @@ -246,6 +246,8 @@ struct security_class_mapping secclass_map[] = { > NULL } }, > { "xdp_socket", > { COMMON_SOCK_PERMS, NULL } }, > + { "mctp_socket", > + { COMMON_SOCK_PERMS, NULL } }, > { "perf_event", > { "open", "cpu", "kernel", "tracepoint", "read", "write", NULL } }, > { "lockdown", The needed definition should be auto-generated from the above file, but there seems to be an issue with the dependencies, as the file was not regenerated. Manually removing security/selinux/flask.h in the build dir fixed the issue. I'm building in a separate build directory, using make -j 12. Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
Hi Geert,
Thanks for the testing!
> When building an allmodconfig kernel, I got:
[...]
I don't see this on a clean allmodconfig build, nor when building the
previous commit then the MCTP commit with something like:
git checkout bc49d81^
make O=obj.allmodconfig allmodconfig
make O=obj.allmodconfig -j16
git checkout bc49d81
make O=obj.allmodconfig -j16
- but it seems like it might be up to the ordering of a parallel build.
From your description, it does sound like it's not regenerating flask.h;
the kbuild rules would seem to have a classmap.h -> flask.h dependency:
$(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h
cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h
targets += flask.h av_permissions.h
$(obj)/flask.h: $(src)/include/classmap.h FORCE
$(call if_changed,flask)
however, classmap.h is #include-ed as part of the genheaders binary
build, rather than read at runtime; maybe $(obj)/flask.h should depend
on the genheaders binary, rather than $(src)/include/classmap.h ?
If you can reproduce, can you compare the ctimes with:
stat scripts/selinux/genheaders/genheaders security/selinux/flask.h
in your object dir?
Cheers,
Jeremy
Hi Jeremy, On Thu, Aug 12, 2021 at 1:15 PM Jeremy Kerr <jk@codeconstruct.com.au> wrote: > > When building an allmodconfig kernel, I got: > > [...] > > I don't see this on a clean allmodconfig build, nor when building the > previous commit then the MCTP commit with something like: > > git checkout bc49d81^ > make O=obj.allmodconfig allmodconfig > make O=obj.allmodconfig -j16 > git checkout bc49d81 > make O=obj.allmodconfig -j16 > > - but it seems like it might be up to the ordering of a parallel build. > > From your description, it does sound like it's not regenerating flask.h; > the kbuild rules would seem to have a classmap.h -> flask.h dependency: > > $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h > > quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h > cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h > > targets += flask.h av_permissions.h > $(obj)/flask.h: $(src)/include/classmap.h FORCE > $(call if_changed,flask) > > however, classmap.h is #include-ed as part of the genheaders binary > build, rather than read at runtime; maybe $(obj)/flask.h should depend > on the genheaders binary, rather than $(src)/include/classmap.h ? > > If you can reproduce, can you compare the ctimes with: > > stat scripts/selinux/genheaders/genheaders security/selinux/flask.h > > in your object dir? Unfortunately I can't seem to reproduce this anymore. Goodbye, Heisenbug! Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
On Thu, 12 Aug 2021 19:15:24 +0800 Jeremy Kerr <jk@codeconstruct.com.au> wrote: > Hi Geert, > > Thanks for the testing! > > > When building an allmodconfig kernel, I got: > > [...] > > I don't see this on a clean allmodconfig build, nor when building the > previous commit then the MCTP commit with something like: > > git checkout bc49d81^ > make O=obj.allmodconfig allmodconfig > make O=obj.allmodconfig -j16 > git checkout bc49d81 > make O=obj.allmodconfig -j16 > > - but it seems like it might be up to the ordering of a parallel build. > > >From your description, it does sound like it's not regenerating flask.h; > the kbuild rules would seem to have a classmap.h -> flask.h dependency: > > $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h > > quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h > cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h > > targets += flask.h av_permissions.h > $(obj)/flask.h: $(src)/include/classmap.h FORCE > $(call if_changed,flask) > > however, classmap.h is #include-ed as part of the genheaders binary > build, rather than read at runtime; maybe $(obj)/flask.h should depend > on the genheaders binary, rather than $(src)/include/classmap.h ? > > If you can reproduce, can you compare the ctimes with: > > stat scripts/selinux/genheaders/genheaders security/selinux/flask.h I just hit the exact same issue. I build with O=../build/ and by removing security/selinux/flask.h and av_permission.h, it built fine afterward. Appears to be a dependency issue. -- Steve > > in your object dir? > > Cheers, > > > Jeremy >
diff --git a/MAINTAINERS b/MAINTAINERS index da478d5c8b0c..aa2a51ff3aa4 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -11030,6 +11030,13 @@ F: drivers/mailbox/arm_mhuv2.c F: include/linux/mailbox/arm_mhuv2_message.h F: Documentation/devicetree/bindings/mailbox/arm,mhuv2.yaml +MANAGEMENT COMPONENT TRANSPORT PROTOCOL (MCTP) +M: Jeremy Kerr <jk@codeconstruct.com.au> +M: Matt Johnston <matt@codeconstruct.com.au> +L: netdev@vger.kernel.org +S: Maintained +F: net/mctp/ + MAN-PAGES: MANUAL PAGES FOR LINUX -- Sections 2, 3, 4, 5, and 7 M: Michael Kerrisk <mtk.manpages@gmail.com> L: linux-man@vger.kernel.org diff --git a/include/linux/socket.h b/include/linux/socket.h index 0d8e3dcb7f88..fd9ce51582d8 100644 --- a/include/linux/socket.h +++ b/include/linux/socket.h @@ -223,8 +223,11 @@ struct ucred { * reuses AF_INET address family */ #define AF_XDP 44 /* XDP sockets */ +#define AF_MCTP 45 /* Management component + * transport protocol + */ -#define AF_MAX 45 /* For now.. */ +#define AF_MAX 46 /* For now.. */ /* Protocol families, same as address families. */ #define PF_UNSPEC AF_UNSPEC @@ -274,6 +277,7 @@ struct ucred { #define PF_QIPCRTR AF_QIPCRTR #define PF_SMC AF_SMC #define PF_XDP AF_XDP +#define PF_MCTP AF_MCTP #define PF_MAX AF_MAX /* Maximum queue length specifiable by listen. */ diff --git a/include/uapi/linux/mctp.h b/include/uapi/linux/mctp.h new file mode 100644 index 000000000000..2640a589c14c --- /dev/null +++ b/include/uapi/linux/mctp.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Management Component Transport Protocol (MCTP) + * + * Copyright (c) 2021 Code Construct + * Copyright (c) 2021 Google + */ + +#ifndef __UAPI_MCTP_H +#define __UAPI_MCTP_H + +struct sockaddr_mctp { +}; + +#endif /* __UAPI_MCTP_H */ diff --git a/net/Kconfig b/net/Kconfig index c7392c449b25..fb13460c6dab 100644 --- a/net/Kconfig +++ b/net/Kconfig @@ -363,6 +363,7 @@ source "net/bluetooth/Kconfig" source "net/rxrpc/Kconfig" source "net/kcm/Kconfig" source "net/strparser/Kconfig" +source "net/mctp/Kconfig" config FIB_RULES bool diff --git a/net/Makefile b/net/Makefile index 9ca9572188fe..fbfeb8a0bb37 100644 --- a/net/Makefile +++ b/net/Makefile @@ -78,3 +78,4 @@ obj-$(CONFIG_QRTR) += qrtr/ obj-$(CONFIG_NET_NCSI) += ncsi/ obj-$(CONFIG_XDP_SOCKETS) += xdp/ obj-$(CONFIG_MPTCP) += mptcp/ +obj-$(CONFIG_MCTP) += mctp/ diff --git a/net/mctp/Kconfig b/net/mctp/Kconfig new file mode 100644 index 000000000000..2cdf3d0a28c9 --- /dev/null +++ b/net/mctp/Kconfig @@ -0,0 +1,13 @@ + +menuconfig MCTP + depends on NET + tristate "MCTP core protocol support" + help + Management Component Transport Protocol (MCTP) is an in-system + protocol for communicating between management controllers and + their managed devices (peripherals, host processors, etc.). The + protocol is defined by DMTF specification DSP0236. + + This option enables core MCTP support. For communicating with other + devices, you'll want to enable a driver for a specific hardware + channel. diff --git a/net/mctp/Makefile b/net/mctp/Makefile new file mode 100644 index 000000000000..7c056b1b7939 --- /dev/null +++ b/net/mctp/Makefile @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: GPL-2.0 +obj-$(CONFIG_MCTP) += mctp.o +mctp-objs := af_mctp.o diff --git a/net/mctp/af_mctp.c b/net/mctp/af_mctp.c new file mode 100644 index 000000000000..1b63b753057b --- /dev/null +++ b/net/mctp/af_mctp.c @@ -0,0 +1,7 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Management Component Transport Protocol (MCTP) + * + * Copyright (c) 2021 Code Construct + * Copyright (c) 2021 Google + */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b0032c42333e..2143f590e3d6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1330,7 +1330,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc return SECCLASS_SMC_SOCKET; case PF_XDP: return SECCLASS_XDP_SOCKET; -#if PF_MAX > 45 + case PF_MCTP: + return SECCLASS_MCTP_SOCKET; +#if PF_MAX > 46 #error New address family defined, please update this function. #endif } diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 62d19bccf3de..084757ff4390 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -246,6 +246,8 @@ struct security_class_mapping secclass_map[] = { NULL } }, { "xdp_socket", { COMMON_SOCK_PERMS, NULL } }, + { "mctp_socket", + { COMMON_SOCK_PERMS, NULL } }, { "perf_event", { "open", "cpu", "kernel", "tracepoint", "read", "write", NULL } }, { "lockdown", @@ -255,6 +257,6 @@ struct security_class_mapping secclass_map[] = { { NULL } }; -#if PF_MAX > 45 +#if PF_MAX > 46 #error New address family defined, please update secclass_map. #endif
Add basic Kconfig, an initial (empty) af_mctp source object, and {AF,PF}_MCTP definitions, and the required selinux definitions. Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au> --- v2: - Add Linux-syscall-note to uapi header - Add selinux defs for new AF_MCTP - Controller -> component - Don't use strict cflags; warnings are present in #includes --- MAINTAINERS | 7 +++++++ include/linux/socket.h | 6 +++++- include/uapi/linux/mctp.h | 15 +++++++++++++++ net/Kconfig | 1 + net/Makefile | 1 + net/mctp/Kconfig | 13 +++++++++++++ net/mctp/Makefile | 3 +++ net/mctp/af_mctp.c | 7 +++++++ security/selinux/hooks.c | 4 +++- security/selinux/include/classmap.h | 4 +++- 10 files changed, 58 insertions(+), 3 deletions(-) create mode 100644 include/uapi/linux/mctp.h create mode 100644 net/mctp/Kconfig create mode 100644 net/mctp/Makefile create mode 100644 net/mctp/af_mctp.c