bpfilter breaks IPT_SO_GET_INFO
36 views
Skip to first unread message
Dmitry Vyukov
Sep 17, 2018, 9:36:43 AM9/17/18
to Alexei Starovoitov, David Miller, Daniel Borkmann, netdev, LKML, syzkaller
Hi,
I am having some problem with upstream kernel and bpfilter. The
manifestation is that IPT_SO_GET_INFO on an ipv4 socket works, then
something (that I can't fully localize but can reproduce) happens and
then IPT_SO_GET_INFO starts permanently returning 256.
Here is litmus program:
#include <string.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <linux/net.h>
#include <linux/netfilter_ipv4/ip_tables.h>
int main()
{
int fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
struct ipt_getinfo info;
memset(&info, 0, sizeof(info));
strcpy(info.name, "filter");
socklen_t optlen = sizeof(info);
getsockopt(fd, SOL_IP, IPT_SO_GET_INFO, &info, &optlen);
return 0;
}
Initially when I run it under strace I get:
getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
= 0
Then I run this program (potentially several times, aborting with
ctrl+C after random time):
https://gist.githubusercontent.com/dvyukov/ec92310bc0f83bf7d170781a04d01547/raw/fa1983783bcd39a29eef4507984e31bf01bedd93/gistfile1.txt
Now the litmus program always fails with:
getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
= 256
I am currently on upstream commit
28619527b8a712590c93d0a9e24b4425b9376a8c, my .config is attached. I
don't know what is bpfilter, I see it mentions some umh, if it
requires some additional setup I don't it, i.e. I don't install any
userspace modules/helpers.
I've also attached kernel trace of the failing getsockopt syscall, it
seem to bail out somewhere in umh.c.
This is pretty unpleasant issue for syzkaller as it hits this all the time.
Thanks
I am having some problem with upstream kernel and bpfilter. The
manifestation is that IPT_SO_GET_INFO on an ipv4 socket works, then
something (that I can't fully localize but can reproduce) happens and
then IPT_SO_GET_INFO starts permanently returning 256.
Here is litmus program:
#include <string.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <linux/net.h>
#include <linux/netfilter_ipv4/ip_tables.h>
int main()
{
int fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
struct ipt_getinfo info;
memset(&info, 0, sizeof(info));
strcpy(info.name, "filter");
socklen_t optlen = sizeof(info);
getsockopt(fd, SOL_IP, IPT_SO_GET_INFO, &info, &optlen);
return 0;
}
Initially when I run it under strace I get:
getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
= 0
Then I run this program (potentially several times, aborting with
ctrl+C after random time):
https://gist.githubusercontent.com/dvyukov/ec92310bc0f83bf7d170781a04d01547/raw/fa1983783bcd39a29eef4507984e31bf01bedd93/gistfile1.txt
Now the litmus program always fails with:
getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
= 256
I am currently on upstream commit
28619527b8a712590c93d0a9e24b4425b9376a8c, my .config is attached. I
don't know what is bpfilter, I see it mentions some umh, if it
requires some additional setup I don't it, i.e. I don't install any
userspace modules/helpers.
I've also attached kernel trace of the failing getsockopt syscall, it
seem to bail out somewhere in umh.c.
This is pretty unpleasant issue for syzkaller as it hits this all the time.
Thanks
Michal Kubecek
Sep 19, 2018, 3:18:50 AM9/19/18
to Dmitry Vyukov, Alexei Starovoitov, David Miller, Daniel Borkmann, netdev, LKML, syzkaller, netfilt...@vger.kernel.org, Fabian Vogt
On Mon, Sep 17, 2018 at 03:36:21PM +0200, Dmitry Vyukov wrote:
> Hi,
>
> I am having some problem with upstream kernel and bpfilter. The
> manifestation is that IPT_SO_GET_INFO on an ipv4 socket works, then
> something (that I can't fully localize but can reproduce) happens and
> then IPT_SO_GET_INFO starts permanently returning 256.
...
> Hi,
>
> I am having some problem with upstream kernel and bpfilter. The
> manifestation is that IPT_SO_GET_INFO on an ipv4 socket works, then
> something (that I can't fully localize but can reproduce) happens and
> then IPT_SO_GET_INFO starts permanently returning 256.
> Now the litmus program always fails with:
>
> getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
> = 256
>
> I am currently on upstream commit
> 28619527b8a712590c93d0a9e24b4425b9376a8c, my .config is attached. I
> don't know what is bpfilter, I see it mentions some umh, if it
> requires some additional setup I don't it, i.e. I don't install any
> userspace modules/helpers.
This looks similar to the fallback issue described here:
>
> getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
> = 256
>
> I am currently on upstream commit
> 28619527b8a712590c93d0a9e24b4425b9376a8c, my .config is attached. I
> don't know what is bpfilter, I see it mentions some umh, if it
> requires some additional setup I don't it, i.e. I don't install any
> userspace modules/helpers.
https://bugzilla.suse.com/show_bug.cgi?id=1106751#c1
Unfortunately I didn't have time to look into it more closely yet.
Michal Kubecek
Dmitry Vyukov
Sep 19, 2018, 4:30:03 AM9/19/18
to Michal Kubecek, Alexei Starovoitov, David Miller, Daniel Borkmann, netdev, LKML, syzkaller, NetFilter, Fabian Vogt, Takashi Iwai
But I already have CONFIG_BPFILTER_UMH=y in my config, so it does not
help completely.
Also in my case it is working initially, but breaks after I run the
second program.
Dmitry Vyukov
Sep 25, 2018, 1:59:21 PM9/25/18
to Michal Kubecek, Alexei Starovoitov, David Miller, Daniel Borkmann, netdev, LKML, syzkaller, NetFilter, Fabian Vogt, Takashi Iwai
https://github.com/google/syzkaller/commit/19a403430d8d5ae2472e16dab2f26ddd899cf552
Reply all
Reply to author
Forward
0 new messages