| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Sep 2018 15:36:21 +0200
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Alexei Starovoitov <ast@...nel.org>,
David Miller <davem@...emloft.net>,
Daniel Borkmann <daniel@...earbox.net>,
netdev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Cc: syzkaller <syzkaller@...glegroups.com>
Subject: bpfilter breaks IPT_SO_GET_INFO
Hi,
I am having some problem with upstream kernel and bpfilter. The
manifestation is that IPT_SO_GET_INFO on an ipv4 socket works, then
something (that I can't fully localize but can reproduce) happens and
then IPT_SO_GET_INFO starts permanently returning 256.
Here is litmus program:
#include <string.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <linux/net.h>
#include <linux/netfilter_ipv4/ip_tables.h>
int main()
{
int fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
struct ipt_getinfo info;
memset(&info, 0, sizeof(info));
strcpy(info.name, "filter");
socklen_t optlen = sizeof(info);
getsockopt(fd, SOL_IP, IPT_SO_GET_INFO, &info, &optlen);
return 0;
}
Initially when I run it under strace I get:
getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
= 0
Then I run this program (potentially several times, aborting with
ctrl+C after random time):
https://gist.githubusercontent.com/dvyukov/ec92310bc0f83bf7d170781a04d01547/raw/fa1983783bcd39a29eef4507984e31bf01bedd93/gistfile1.txt
Now the litmus program always fails with:
getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84])
= 256
I am currently on upstream commit
28619527b8a712590c93d0a9e24b4425b9376a8c, my .config is attached. I
don't know what is bpfilter, I see it mentions some umh, if it
requires some additional setup I don't it, i.e. I don't install any
userspace modules/helpers.
I've also attached kernel trace of the failing getsockopt syscall, it
seem to bail out somewhere in umh.c.
This is pretty unpleasant issue for syzkaller as it hits this all the time.
Thanks
View attachment "trace.txt" of type "text/plain" (97978 bytes)
Download attachment ".config" of type "application/octet-stream" (145365 bytes)
Powered by blists - more mailing lists