subject:"\[PATCH ipsec\] xfrm\: do unconditional template resolution before pcpu cache check"

Re: [PATCH ipsec] xfrm: do unconditional template resolution before pcpu cache check

2017-11-03 Thread Steffen Klassert

On Thu, Nov 02, 2017 at 06:57:29PM -0400, Paul Moore wrote: > On Thu, Nov 2, 2017 at 11:46 AM, Florian Westphal wrote: > > Stephen Smalley says: > > Since 4.14-rc1, the selinux-testsuite has been encountering sporadic > > failures during testing of labeled IPSEC. git bisect

Re: [PATCH ipsec] xfrm: do unconditional template resolution before pcpu cache check

2017-11-02 Thread Paul Moore

On Thu, Nov 2, 2017 at 11:46 AM, Florian Westphal wrote: > Stephen Smalley says: > Since 4.14-rc1, the selinux-testsuite has been encountering sporadic > failures during testing of labeled IPSEC. git bisect pointed to > commit ec30d ("xfrm: add xdst pcpu cache"). > The xdst

[PATCH ipsec] xfrm: do unconditional template resolution before pcpu cache check

2017-11-02 Thread Florian Westphal

Stephen Smalley says: Since 4.14-rc1, the selinux-testsuite has been encountering sporadic failures during testing of labeled IPSEC. git bisect pointed to commit ec30d ("xfrm: add xdst pcpu cache"). The xdst pcpu cache is only checking that the policies are the same, but does not validate