lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <884d9eb7-0e8e-3e59-cf6d-2c6931da35ee@alu.unizg.hr>
Date: Thu, 8 Jun 2023 07:37:15 +0200
From: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
To: Guillaume Nault <gnault@...hat.com>
Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
 Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
 Paolo Abeni <pabeni@...hat.com>, Shuah Khan <shuah@...nel.org>,
 linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject: Re: POSSIBLE BUG: selftests/net/fcnal-test.sh: [FAIL][FIX TESTED] in
 vrf "bind - ns-B IPv6 LLA" test

On 6/7/23 18:51, Guillaume Nault wrote:
> On Wed, Jun 07, 2023 at 12:04:52AM +0200, Mirsad Goran Todorovac wrote:
>> I cannot tell if those are new for the architecture (Ubuntu 22.04 + AMD Ryzen)
>>
>> However, Ubuntu's unsigned 6.3.1 generic mainline kernel is also affected.
>> So, it might seem like an old problem.
>>
>> (If you could isolate the exact tests, I could try a bisect.)
>>
>> [...]
>> TEST: ping local, VRF bind - ns-A IP                                          [ OK ]
>> TEST: ping local, VRF bind - VRF IP                                           [FAIL]
>> TEST: ping local, VRF bind - loopback                                         [ OK ]
>> TEST: ping local, device bind - ns-A IP                                       [FAIL]
>> TEST: ping local, device bind - VRF IP                                        [ OK ]
>> [...]
>>
>> SYSCTL: net.ipv4.raw_l3mdev_accept=1
>>
>> [...]
>> TEST: ping local, VRF bind - ns-A IP                                          [ OK ]
>> TEST: ping local, VRF bind - VRF IP                                           [FAIL]
>> TEST: ping local, VRF bind - loopback                                         [ OK ]
>> TEST: ping local, device bind - ns-A IP                                       [FAIL]
>> TEST: ping local, device bind - VRF IP                                        [ OK ]
>> [...]
>>
>> Yes, just tested, w commit 42510dffd0e2 these are still present
>> in fcnal-test.sh output:
>>
>> [...]
>> TEST: ping local, VRF bind - ns-A IP                                          [ OK ]
>> TEST: ping local, VRF bind - VRF IP                                           [FAIL]
>> TEST: ping local, VRF bind - loopback                                         [ OK ]
>> TEST: ping local, device bind - ns-A IP                                       [FAIL]
>> TEST: ping local, device bind - VRF IP                                        [ OK ]
>> [...]
>> TEST: ping local, VRF bind - ns-A IP                                          [ OK ]
>> TEST: ping local, VRF bind - VRF IP                                           [FAIL]
>> TEST: ping local, VRF bind - loopback                                         [ OK ]
>> TEST: ping local, device bind - ns-A IP                                       [FAIL]
>> TEST: ping local, device bind - VRF IP                                        [ OK ]
>> [...]
> 
> I have the same failures here. They don't seem to be recent.
> I'll take a look.

Certainly. I thought it might be something architecture-specific?

I have reproduced it also on a Lenovo IdeaPad 3 with Ubuntu 22.10,
but on Lenovo desktop with AlmaLinux 8.8 (CentOS fork), the result
was "888/888 passed".

However, I have a question:

In the ping + "With VRF" section, the tests with net.ipv4.raw_l3mdev_accept=1
are repeated twice, while "No VRF" section has the versions:

SYSCTL: net.ipv4.raw_l3mdev_accept=0

and

SYSCTL: net.ipv4.raw_l3mdev_accept=1

The same happens with the IPv6 ping tests.

In that case, it could be that we have only 2 actual FAIL cases,
because the error is reported twice.

Is this intentional?

Thanks,
Mirsad

   74 #################################################################
   75 With VRF
   76
   77 SYSCTL: net.ipv4.raw_l3mdev_accept=1
   78
   79 TEST: ping out, VRF bind - ns-B IP                                            [ OK ]
   80 TEST: ping out, device bind - ns-B IP                                         [ OK ]
   81 TEST: ping out, vrf device + dev address bind - ns-B IP                       [ OK ]
   82 TEST: ping out, vrf device + vrf address bind - ns-B IP                       [ OK ]
   83 TEST: ping out, VRF bind - ns-B loopback IP                                   [ OK ]
   84 TEST: ping out, device bind - ns-B loopback IP                                [ OK ]
   85 TEST: ping out, vrf device + dev address bind - ns-B loopback IP              [ OK ]
   86 TEST: ping out, vrf device + vrf address bind - ns-B loopback IP              [ OK ]
   87 TEST: ping in - ns-A IP                                                       [ OK ]
   88 TEST: ping in - VRF IP                                                        [ OK ]
   89 TEST: ping local, VRF bind - ns-A IP                                          [ OK ]
   90 TEST: ping local, VRF bind - VRF IP                                           [FAIL]
   91 TEST: ping local, VRF bind - loopback                                         [ OK ]
   92 TEST: ping local, device bind - ns-A IP                                       [FAIL]
   93 TEST: ping local, device bind - VRF IP                                        [ OK ]
   94 TEST: ping local, device bind - loopback                                      [ OK ]
   95 TEST: ping out, vrf bind, blocked by rule - ns-B loopback IP                  [ OK ]
   96 TEST: ping out, device bind, blocked by rule - ns-B loopback IP               [ OK ]
   97 TEST: ping in, blocked by rule - ns-A loopback IP                             [ OK ]
   98 TEST: ping out, vrf bind, unreachable route - ns-B loopback IP                [ OK ]
   99 TEST: ping out, device bind, unreachable route - ns-B loopback IP             [ OK ]
  100 TEST: ping in, unreachable route - ns-A loopback IP                           [ OK ]
  101 SYSCTL: net.ipv4.ping_group_range=0 2147483647
  102
  103 SYSCTL: net.ipv4.raw_l3mdev_accept=1
  104
  105 TEST: ping out, VRF bind - ns-B IP                                            [ OK ]
  106 TEST: ping out, device bind - ns-B IP                                         [ OK ]
  107 TEST: ping out, vrf device + dev address bind - ns-B IP                       [ OK ]
  108 TEST: ping out, vrf device + vrf address bind - ns-B IP                       [ OK ]
  109 TEST: ping out, VRF bind - ns-B loopback IP                                   [ OK ]
  110 TEST: ping out, device bind - ns-B loopback IP                                [ OK ]
  111 TEST: ping out, vrf device + dev address bind - ns-B loopback IP              [ OK ]
  112 TEST: ping out, vrf device + vrf address bind - ns-B loopback IP              [ OK ]
  113 TEST: ping in - ns-A IP                                                       [ OK ]
  114 TEST: ping in - VRF IP                                                        [ OK ]
  115 TEST: ping local, VRF bind - ns-A IP                                          [ OK ]
  116 TEST: ping local, VRF bind - VRF IP                                           [FAIL]
  117 TEST: ping local, VRF bind - loopback                                         [ OK ]
  118 TEST: ping local, device bind - ns-A IP                                       [FAIL]
  119 TEST: ping local, device bind - VRF IP                                        [ OK ]
  

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ