Hi,
I am having some problem with upstream kernel and bpfilter. The
manifestation is that IPT_SO_GET_INFO on an ipv4 socket works, then
something (that I can't fully localize but can reproduce) happens and
then IPT_SO_GET_INFO starts permanently returning 256.
Here is litmus program:
#include <string.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <linux/net.h>
#include <linux/netfilter_ipv4/ip_tables.h>
int main()
{
int fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
struct ipt_getinfo info;
memset(&info, 0, sizeof(info));
strcpy(info.name, "filter");
socklen_t optlen = sizeof(info);
getsockopt(fd, SOL_IP, IPT_SO_GET_INFO, &info, &optlen);
return 0;
}
Initially when I run it under strace I get:
getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
= 0
Then I run this program (potentially several times, aborting with
ctrl+C after random time):
https://gist.githubusercontent.com/dvyukov/ec92310bc0f83bf7d170781a04d01547/raw/fa1983783bcd39a29eef4507984e31bf01bedd93/gistfile1.txt
Now the litmus program always fails with:
getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
= 256
I am currently on upstream commit
28619527b8a712590c93d0a9e24b4425b9376a8c, my .config is attached. I
don't know what is bpfilter, I see it mentions some umh, if it
requires some additional setup I don't it, i.e. I don't install any
userspace modules/helpers.
I've also attached kernel trace of the failing getsockopt syscall, it
seem to bail out somewhere in umh.c.
This is pretty unpleasant issue for syzkaller as it hits this all the time.
Thanks
On Mon, Sep 17, 2018 at 03:36:21PM +0200, Dmitry Vyukov wrote:
> Hi,
>
> I am having some problem with upstream kernel and bpfilter. The
> manifestation is that IPT_SO_GET_INFO on an ipv4 socket works, then
> something (that I can't fully localize but can reproduce) happens and
> then IPT_SO_GET_INFO starts permanently returning 256.
...
> Now the litmus program always fails with:
>
> getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
> = 256
>
> I am currently on upstream commit
> 28619527b8a712590c93d0a9e24b4425b9376a8c, my .config is attached. I
> don't know what is bpfilter, I see it mentions some umh, if it
> requires some additional setup I don't it, i.e. I don't install any
> userspace modules/helpers.
This looks similar to the fallback issue described here:
https://bugzilla.suse.com/show_bug.cgi?id=1106751#c1
Unfortunately I didn't have time to look into it more closely yet.
Michal Kubecek
On Wed, Sep 19, 2018 at 9:18 AM, Michal Kubecek <[email protected]> wrote:
> On Mon, Sep 17, 2018 at 03:36:21PM +0200, Dmitry Vyukov wrote:
>> Hi,
>>
>> I am having some problem with upstream kernel and bpfilter. The
>> manifestation is that IPT_SO_GET_INFO on an ipv4 socket works, then
>> something (that I can't fully localize but can reproduce) happens and
>> then IPT_SO_GET_INFO starts permanently returning 256.
> ...
>> Now the litmus program always fails with:
>>
>> getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
>> "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
>> = 256
>>
>> I am currently on upstream commit
>> 28619527b8a712590c93d0a9e24b4425b9376a8c, my .config is attached. I
>> don't know what is bpfilter, I see it mentions some umh, if it
>> requires some additional setup I don't it, i.e. I don't install any
>> userspace modules/helpers.
>
> This looks similar to the fallback issue described here:
>
> https://bugzilla.suse.com/show_bug.cgi?id=1106751#c1
>
> Unfortunately I didn't have time to look into it more closely yet.
+Takashi
But I already have CONFIG_BPFILTER_UMH=y in my config, so it does not
help completely.
Also in my case it is working initially, but breaks after I run the
second program.
On Wed, Sep 19, 2018 at 10:29 AM, Dmitry Vyukov <[email protected]> wrote:
> On Wed, Sep 19, 2018 at 9:18 AM, Michal Kubecek <[email protected]> wrote:
>> On Mon, Sep 17, 2018 at 03:36:21PM +0200, Dmitry Vyukov wrote:
>>> Hi,
>>>
>>> I am having some problem with upstream kernel and bpfilter. The
>>> manifestation is that IPT_SO_GET_INFO on an ipv4 socket works, then
>>> something (that I can't fully localize but can reproduce) happens and
>>> then IPT_SO_GET_INFO starts permanently returning 256.
>> ...
>>> Now the litmus program always fails with:
>>>
>>> getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
>>> "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
>>> = 256
>>>
>>> I am currently on upstream commit
>>> 28619527b8a712590c93d0a9e24b4425b9376a8c, my .config is attached. I
>>> don't know what is bpfilter, I see it mentions some umh, if it
>>> requires some additional setup I don't it, i.e. I don't install any
>>> userspace modules/helpers.
>>
>> This looks similar to the fallback issue described here:
>>
>> https://bugzilla.suse.com/show_bug.cgi?id=1106751#c1
>>
>> Unfortunately I didn't have time to look into it more closely yet.
>
> +Takashi
>
> But I already have CONFIG_BPFILTER_UMH=y in my config, so it does not
> help completely.
> Also in my case it is working initially, but breaks after I run the
> second program.
I've disabled CONFIG_BPFILTER for now, it causes too many failures.
https://github.com/google/syzkaller/commit/19a403430d8d5ae2472e16dab2f26ddd899cf552