lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 21 Oct 2022 11:18:39 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Jiri Olsa <olsajiri@...il.com>
Cc:     Jakub Kicinski <kuba@...nel.org>,
        Martin KaFai Lau <martin.lau@...nel.org>,
        bpf@...r.kernel.org,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: WARN: multiple IDs found for 'nf_conn': 92168, 117897 - using 92168

On Thu, Oct 13, 2022 at 11:47 PM Jiri Olsa <olsajiri@...il.com> wrote:
>
> On Thu, Oct 13, 2022 at 03:24:59PM -0700, Andrii Nakryiko wrote:
> > On Thu, Oct 13, 2022 at 3:12 PM Jiri Olsa <olsajiri@...il.com> wrote:
> > >
> > > On Thu, Oct 13, 2022 at 08:05:17AM -0700, Jakub Kicinski wrote:
> > > > On Wed, 5 Oct 2022 22:07:57 +0200 Jiri Olsa wrote:
> > > > > > Yeah, it's there on linux-next, too.
> > > > > >
> > > > > > Let me grab a fresh VM and try there. Maybe it's my system. Somehow.
> > > > >
> > > > > ok, I will look around what's the way to install that centos 8 thing
> > > >
> > > > Any luck?
> > >
> > > now BTFIDS warnings..
> > >
> > > I can see following on centos8 with gcc 8.5:
> > >
> > >           BTFIDS  vmlinux
> > >         WARN: multiple IDs found for 'task_struct': 300, 56614 - using 300
> > >         WARN: multiple IDs found for 'file': 540, 56649 - using 540
> > >         WARN: multiple IDs found for 'vm_area_struct': 549, 56652 - using 549
> > >         WARN: multiple IDs found for 'seq_file': 953, 56690 - using 953
> > >         WARN: multiple IDs found for 'inode': 1132, 56966 - using 1132
> > >         WARN: multiple IDs found for 'path': 1164, 56995 - using 1164
> > >         WARN: multiple IDs found for 'task_struct': 300, 61905 - using 300
> > >         WARN: multiple IDs found for 'file': 540, 61943 - using 540
> > >         WARN: multiple IDs found for 'vm_area_struct': 549, 61946 - using 549
> > >         WARN: multiple IDs found for 'inode': 1132, 62029 - using 1132
> > >         WARN: multiple IDs found for 'path': 1164, 62058 - using 1164
> > >         WARN: multiple IDs found for 'cgroup': 1190, 62067 - using 1190
> > >         WARN: multiple IDs found for 'seq_file': 953, 62253 - using 953
> > >         WARN: multiple IDs found for 'sock': 7960, 62374 - using 7960
> > >         WARN: multiple IDs found for 'sk_buff': 1876, 62485 - using 1876
> > >         WARN: multiple IDs found for 'bpf_prog': 6094, 62542 - using 6094
> > >         WARN: multiple IDs found for 'socket': 7993, 62545 - using 7993
> > >         WARN: multiple IDs found for 'xdp_buff': 6191, 62836 - using 6191
> > >         WARN: multiple IDs found for 'sock_common': 8164, 63152 - using 8164
> > >         WARN: multiple IDs found for 'request_sock': 17296, 63204 - using 17296
> > >         WARN: multiple IDs found for 'inet_request_sock': 36292, 63222 - using 36292
> > >         WARN: multiple IDs found for 'inet_sock': 32700, 63225 - using 32700
> > >         WARN: multiple IDs found for 'inet_connection_sock': 33944, 63240 - using 33944
> > >         WARN: multiple IDs found for 'tcp_request_sock': 36299, 63260 - using 36299
> > >         WARN: multiple IDs found for 'tcp_sock': 33969, 63264 - using 33969
> > >         WARN: multiple IDs found for 'bpf_map': 6623, 63343 - using 6623
> > >
> > > I'll need to check on that..
> > >
> > > and I just actually saw the 'nf_conn' warning on linux-next/master with
> > > latest fedora/gcc-12:
> > >
> > >           BTF [M] net/netfilter/nf_nat.ko
> > >         WARN: multiple IDs found for 'nf_conn': 106518, 120156 - using 106518
> > >         WARN: multiple IDs found for 'nf_conn': 106518, 121853 - using 106518
> > >         WARN: multiple IDs found for 'nf_conn': 106518, 123126 - using 106518
> > >         WARN: multiple IDs found for 'nf_conn': 106518, 124537 - using 106518
> > >         WARN: multiple IDs found for 'nf_conn': 106518, 126442 - using 106518
> > >         WARN: multiple IDs found for 'nf_conn': 106518, 128256 - using 106518
> > >           LD [M]  net/netfilter/nf_nat_tftp.ko
> > >
> > > looks like maybe dedup missed this struct for some reason
> > >
> > > nf_conn dump from module:
> > >
> > >         [120155] PTR '(anon)' type_id=120156
> > >         [120156] STRUCT 'nf_conn' size=320 vlen=14
> > >                 'ct_general' type_id=105882 bits_offset=0
> > >                 'lock' type_id=180 bits_offset=64
> > >                 'timeout' type_id=113 bits_offset=640
> > >                 'zone' type_id=106520 bits_offset=672
> > >                 'tuplehash' type_id=106533 bits_offset=704
> > >                 'status' type_id=1 bits_offset=1600
> > >                 'ct_net' type_id=3215 bits_offset=1664
> > >                 'nat_bysource' type_id=139 bits_offset=1728
> > >                 '__nfct_init_offset' type_id=949 bits_offset=1856
> > >                 'master' type_id=120155 bits_offset=1856
> > >                 'mark' type_id=106351 bits_offset=1920
> > >                 'secmark' type_id=106351 bits_offset=1952
> > >                 'ext' type_id=106536 bits_offset=1984
> > >                 'proto' type_id=106532 bits_offset=2048
> > >
> > > nf_conn dump from vmlinux:
> > >
> > >         [106517] PTR '(anon)' type_id=106518
> > >         [106518] STRUCT 'nf_conn' size=320 vlen=14
> > >                 'ct_general' type_id=105882 bits_offset=0
> > >                 'lock' type_id=180 bits_offset=64
> > >                 'timeout' type_id=113 bits_offset=640
> > >                 'zone' type_id=106520 bits_offset=672
> > >                 'tuplehash' type_id=106533 bits_offset=704
> > >                 'status' type_id=1 bits_offset=1600
> > >                 'ct_net' type_id=3215 bits_offset=1664
> > >                 'nat_bysource' type_id=139 bits_offset=1728
> > >                 '__nfct_init_offset' type_id=949 bits_offset=1856
> > >                 'master' type_id=106517 bits_offset=1856
> > >                 'mark' type_id=106351 bits_offset=1920
> > >                 'secmark' type_id=106351 bits_offset=1952
> > >                 'ext' type_id=106536 bits_offset=1984
> > >                 'proto' type_id=106532 bits_offset=2048
> > >
> > > look identical.. Andrii, any idea?
> >
> > I'm pretty sure they are not identical. There is somewhere a STRUCT vs
> > FWD difference. We had a similar discussion recently with Alan
> > Maguire.
> >
> > >                 'master' type_id=120155 bits_offset=1856
> >
> > vs
> >
> > >                 'master' type_id=106517 bits_offset=1856
>
> master is pointer to same 'nf_conn' object, and rest of the ids are same
>

You are right, they should be identical once PTR is deduplicated
properly. Sorry, was too quick to jump to conclusions. I was thinking
about situations explained by Alan.

So, is this still an issue or this was fixed by [0]?

  [0] https://lore.kernel.org/bpf/1666364523-9648-1-git-send-email-alan.maguire@oracle.com/

> jirka

Powered by blists - more mailing lists