| Message ID | 20230601180643.211112-1-paul@paul-moore.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | selinux: don't use make's grouped targets feature yet | expand |
On Thu, Jun 1, 2023 at 2:06 PM Paul Moore <paul@paul-moore.com> wrote: > > The Linux Kernel currently only requires make v3.82 while the grouped > target functionality requires make v4.3. Removed the grouped target > introduced in 4ce1f694eb5d ("selinux: ensure av_permissions.h is > built when needed") as well as the multiple header file targets in > the make rule. This effectively reverts the problem commit. > > We will revisit this change when make >= 4.3 is required by the rest > of the kernel. > > Cc: stable@vger.kernel.org > Fixes: 4ce1f694eb5d ("selinux: ensure av_permissions.h is built when needed") > Reported-by: Erwan Velu <e.velu@criteo.com> > Reported-by: Luiz Capitulino <luizcap@amazon.com> > Signed-off-by: Paul Moore <paul@paul-moore.com> > --- > security/selinux/Makefile | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) As indicated by the -stable tag above, this is intended for the selinux/stable-6.4 branch, with backports to the affected -stable trees expected once this hits Linus' tree. The SELinux folks will likely note that a different patch will be needed for selinux/next, you can expect that shortly, I just wanted to make sure we fixed Linus' tree first.
On 2023-06-01 14:06, Paul Moore wrote: > > > > The Linux Kernel currently only requires make v3.82 while the grouped > target functionality requires make v4.3. Removed the grouped target > introduced in 4ce1f694eb5d ("selinux: ensure av_permissions.h is > built when needed") as well as the multiple header file targets in > the make rule. This effectively reverts the problem commit. > > We will revisit this change when make >= 4.3 is required by the rest > of the kernel. Tested-by: Luiz Capitulino <luizcap@amazon.com> Note for -stable: this is needed in all kernels that backported commit 4ce1f694eb5d Thanks, Paul! > > Cc: stable@vger.kernel.org > Fixes: 4ce1f694eb5d ("selinux: ensure av_permissions.h is built when needed") > Reported-by: Erwan Velu <e.velu@criteo.com> > Reported-by: Luiz Capitulino <luizcap@amazon.com> > Signed-off-by: Paul Moore <paul@paul-moore.com> > --- > security/selinux/Makefile | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/security/selinux/Makefile b/security/selinux/Makefile > index 0aecf9334ec3..8b21520bd4b9 100644 > --- a/security/selinux/Makefile > +++ b/security/selinux/Makefile > @@ -26,5 +26,9 @@ quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h > cmd_flask = $< $(obj)/flask.h $(obj)/av_permissions.h > > targets += flask.h av_permissions.h > -$(obj)/flask.h $(obj)/av_permissions.h &: scripts/selinux/genheaders/genheaders FORCE > +# once make >= 4.3 is required, we can use grouped targets in the rule below, > +# which basically involves adding both headers and a '&' before the colon, see > +# the example below: > +# $(obj)/flask.h $(obj)/av_permissions.h &: scripts/selinux/... > +$(obj)/flask.h: scripts/selinux/genheaders/genheaders FORCE > $(call if_changed,flask) > -- > 2.40.1 >
On Thu, Jun 1, 2023 at 3:23 PM Luiz Capitulino <luizcap@amazon.com> wrote: > On 2023-06-01 14:06, Paul Moore wrote: > > > > The Linux Kernel currently only requires make v3.82 while the grouped > > target functionality requires make v4.3. Removed the grouped target > > introduced in 4ce1f694eb5d ("selinux: ensure av_permissions.h is > > built when needed") as well as the multiple header file targets in > > the make rule. This effectively reverts the problem commit. > > > > We will revisit this change when make >= 4.3 is required by the rest > > of the kernel. > > Tested-by: Luiz Capitulino <luizcap@amazon.com> Great, thanks for the help. I'm going to merge this into selinux/stable-6.4 and send it up to Linus as soon as the testing with that is done (should be later tonight). > Note for -stable: this is needed in all kernels that backported > commit 4ce1f694eb5d > > Thanks, Paul!
Le 01/06/2023 à 20:06, Paul Moore a écrit : > The Linux Kernel currently only requires make v3.82 while the grouped > target functionality requires make v4.3. Removed the grouped target > introduced in 4ce1f694eb5d ("selinux: ensure av_permissions.h is > built when needed") as well as the multiple header file targets in > the make rule. This effectively reverts the problem commit. > > We will revisit this change when make >= 4.3 is required by the rest > of the kernel. > > Cc: stable@vger.kernel.org > Fixes: 4ce1f694eb5d ("selinux: ensure av_permissions.h is built when needed") > Reported-by: Erwan Velu <e.velu@criteo.com> > Reported-by: Luiz Capitulino <luizcap@amazon.com> > Signed-off-by: Paul Moore <paul@paul-moore.com> Thanks for the patch & the quick exchange we had around this issue. Tested-by: Erwan Velu<e.velu@criteo.com> Erwan,
On Fri, Jun 2, 2023 at 4:35 AM Erwan Velu <e.velu@criteo.com> wrote: > Le 01/06/2023 à 20:06, Paul Moore a écrit : > > The Linux Kernel currently only requires make v3.82 while the grouped > > target functionality requires make v4.3. Removed the grouped target > > introduced in 4ce1f694eb5d ("selinux: ensure av_permissions.h is > > built when needed") as well as the multiple header file targets in > > the make rule. This effectively reverts the problem commit. > > > > We will revisit this change when make >= 4.3 is required by the rest > > of the kernel. > > > > Cc: stable@vger.kernel.org > > Fixes: 4ce1f694eb5d ("selinux: ensure av_permissions.h is built when needed") > > Reported-by: Erwan Velu <e.velu@criteo.com> > > Reported-by: Luiz Capitulino <luizcap@amazon.com> > > Signed-off-by: Paul Moore <paul@paul-moore.com> > > Thanks for the patch & the quick exchange we had around this issue. Thanks for your help with identification and testing! I just saw that Linus merged this into his tree, so I would expect this to start making its way to the -stable trees soon.
diff --git a/security/selinux/Makefile b/security/selinux/Makefile index 0aecf9334ec3..8b21520bd4b9 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile @@ -26,5 +26,9 @@ quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h cmd_flask = $< $(obj)/flask.h $(obj)/av_permissions.h targets += flask.h av_permissions.h -$(obj)/flask.h $(obj)/av_permissions.h &: scripts/selinux/genheaders/genheaders FORCE +# once make >= 4.3 is required, we can use grouped targets in the rule below, +# which basically involves adding both headers and a '&' before the colon, see +# the example below: +# $(obj)/flask.h $(obj)/av_permissions.h &: scripts/selinux/... +$(obj)/flask.h: scripts/selinux/genheaders/genheaders FORCE $(call if_changed,flask)
The Linux Kernel currently only requires make v3.82 while the grouped target functionality requires make v4.3. Removed the grouped target introduced in 4ce1f694eb5d ("selinux: ensure av_permissions.h is built when needed") as well as the multiple header file targets in the make rule. This effectively reverts the problem commit. We will revisit this change when make >= 4.3 is required by the rest of the kernel. Cc: stable@vger.kernel.org Fixes: 4ce1f694eb5d ("selinux: ensure av_permissions.h is built when needed") Reported-by: Erwan Velu <e.velu@criteo.com> Reported-by: Luiz Capitulino <luizcap@amazon.com> Signed-off-by: Paul Moore <paul@paul-moore.com> --- security/selinux/Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)