Merge master@5406228 into git_qt-dev-plus-aosp.

Change-Id: I4fc3c95c5a0061f171b3c7f972b5c44ffb8cbe19
BUG: 129345239

7 files changed, 192 insertions, 11 deletions

diff --git a/net/test/all_tests.py b/net/test/all_tests.py
index bfba0e5..485d55b 100755
--- a/net/test/all_tests.py
+++ b/net/test/all_tests.py
@@ -30,6 +30,7 @@ test_modules = [
     'nf_test',
     'pf_key_test',
     'ping6_test',
+    'policy_crash_test',
     'qtaguid_test',
     'removed_feature_test',
     'resilient_rs_test',
diff --git a/net/test/bpf.py b/net/test/bpf.py
index 43502bd..5062e31 100755
--- a/net/test/bpf.py
+++ b/net/test/bpf.py
@@ -31,12 +31,14 @@ import platform
 # are not running with COMPAT_UTS_MACHINE and must be 64-bit at all times.
 # TODO: is there a better way of doing this?
 __NR_bpf = {
+    "aarch64-32bit": 386,
     "aarch64-64bit": 280,
     "armv7l-32bit": 386,
     "armv8l-32bit": 386,
     "armv8l-64bit": 280,
     "i686-32bit": 357,
     "i686-64bit": 321,
+    "x86_64-32bit": 357,
     "x86_64-64bit": 321,
 }[os.uname()[4] + "-" + platform.architecture()[0]]
 
diff --git a/net/test/build_all_rootfs.sh b/net/test/build_all_rootfs.sh
new file mode 100755
index 0000000..98a4918
--- /dev/null
+++ b/net/test/build_all_rootfs.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+#
+# Copyright (C) 2019 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -e
+
+for s in wheezy stretch; do
+  for a in i386 amd64 armhf arm64; do
+
+    # Debian wheezy does not support arm64 architecture
+    [[ "${s}-${a}" != "wheezy-arm64" ]] || continue
+
+    ./build_rootfs.sh -s "${s}" -a "${a}"
+  done
+done
+
+echo 'All rootfs builds completed.'
diff --git a/net/test/build_rootfs.sh b/net/test/build_rootfs.sh
index ce09da1..72e9598 100755
--- a/net/test/build_rootfs.sh
+++ b/net/test/build_rootfs.sh
@@ -20,7 +20,7 @@ set -e
 SCRIPT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd -P)
 
 usage() {
-  echo -n "usage: $0 [-h] [-s wheezy|stretch] [-a amd64|arm64] "
+  echo -n "usage: $0 [-h] [-s wheezy|stretch] [-a i386|amd64|armhf|arm64] "
   echo "[-m http://mirror/debian] [-n net_test.rootfs.`date +%Y%m%d`]"
   exit 1
 }
@@ -40,14 +40,21 @@ while getopts ":hs:a:m:n:" opt; do
         echo "Invalid suite: $OPTARG" >&2
         usage
       fi
-      suite=$OPTARG
+      suite="${OPTARG}"
+      if [[ "${suite}" == wheezy ]]; then
+        mirror=http://archive.debian.org/debian
+      fi
       ;;
     a)
-      if [ "$OPTARG" != "amd64" -a "$OPTARG" != "arm64" ]; then
-        echo "Invalid arch: $OPTARG" >&2
-        usage
-      fi
-      arch=$OPTARG
+      case "${OPTARG}" in
+        i386|amd64|armhf|arm64)
+          arch="${OPTARG}"
+          ;;
+        *)
+          echo "Invalid arch: ${OPTARG}" >&2
+          usage
+          ;;
+      esac
       ;;
     m)
       mirror=$OPTARG
@@ -66,7 +73,9 @@ while getopts ":hs:a:m:n:" opt; do
   esac
 done
 
-name=net_test.rootfs.$arch.`date +%Y%m%d`
+if [[ -z "${name}" ]]; then
+  name=net_test.rootfs.${arch}.${suite}.`date +%Y%m%d`
+fi
 
 # Switch to qemu-debootstrap for incompatible architectures
 if [ "$arch" = "arm64" ]; then
diff --git a/net/test/policy_crash_test.py b/net/test/policy_crash_test.py
new file mode 100755
index 0000000..536f96d
--- /dev/null
+++ b/net/test/policy_crash_test.py
@@ -0,0 +1,135 @@
+#!/usr/bin/python
+#
+# Copyright 2019 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# ----------------------------------------------------------------------
+
+# This triggers a kernel panic on 4.9.114+ which is fixed in 4.9.136
+#
+# Crash was introduced by ad8b1ffc3efae2f65080bdb11145c87d299b8f9a
+# and reverted in 2edec22d18758c9b29301ded2291f051d65422e9
+
+# ----------------------------------------------------------------------
+
+# Modules linked in:
+# Pid: 305, comm: python Not tainted 4.9.114
+# RIP: 0033:[<0000000060272d73>]
+# RSP: 000000007fd09a10  EFLAGS: 00010246
+# RAX: 0000000060492fa8 RBX: 0000000060272b18 RCX: 000000007ff412a8
+# RDX: 000000007ff41288 RSI: 000000007fd09a98 RDI: 000000007ff14a00
+# RBP: 000000007fd09a40 R08: 0000000000000001 R09: 0100000000000000
+# R10: 0000000000000000 R11: 000000007ff412a8 R12: 0000000000010002
+# R13: 000000000000000a R14: 0000000000000000 R15: 0000000000000000
+# Kernel panic - not syncing: Kernel mode fault at addr 0x48, ip 0x60272d73
+# CPU: 0 PID: 305 Comm: python Not tainted 4.9.114 #7
+# Stack:
+#  7fcd5000 7ff411e0 7ff14a00 7ff41000
+#  00000000 00000000 7fd09b00 6031acd9
+#  00000000 7ff41288 7ff4100c 100000003
+# Call Trace:
+#  [<6031acd9>] ip6t_do_table+0x2a3/0x3d4
+#  [<6026d300>] ? netfilter_net_init+0xd5/0x14f
+#  [<6026d37a>] ? nf_iterate+0x0/0x5c
+#  [<6031c99d>] ip6table_filter_hook+0x21/0x23
+#  [<6026d3b2>] nf_iterate+0x38/0x5c
+#  [<6026d40a>] nf_hook_slow+0x34/0xa2
+#  [<6003166c>] ? set_signals+0x0/0x3f
+#  [<6003165d>] ? get_signals+0x0/0xf
+#  [<603045d4>] rawv6_sendmsg+0x842/0xc4b
+#  [<60033d15>] ? wait_stub_done+0x40/0x10a
+#  [<60021176>] ? copy_chunk_from_user+0x23/0x2e
+#  [<60021153>] ? copy_chunk_from_user+0x0/0x2e
+#  [<60302da3>] ? dst_output+0x0/0x11
+#  [<602b063a>] inet_sendmsg+0x1e/0x5c
+#  [<600fe142>] ? __fdget+0x15/0x17
+#  [<6022636c>] sock_sendmsg+0xf/0x62
+#  [<6022785d>] SyS_sendto+0x108/0x140
+#  [<600389c2>] ? arch_switch_to+0x2b/0x2e
+#  [<60367ce4>] ? __schedule+0x428/0x44f
+#  [<603678bc>] ? __schedule+0x0/0x44f
+#  [<60021125>] handle_syscall+0x79/0xa7
+#  [<6003445c>] userspace+0x3bb/0x453
+#  [<6001dd92>] ? interrupt_end+0x0/0x94
+#  [<6001dc42>] fork_handler+0x85/0x87
+#
+# /android/kernel/tests/net/test/run_net_test.sh: line 397: 50828 Aborted
+# $KERNEL_BINARY umid=net_test mem=512M $blockdevice=$SCRIPT_DIR/$ROOTFS $netconfig $consolemode $cmdline 1>&2
+# Returning exit code 134.
+
+# ----------------------------------------------------------------------
+
+import os
+import socket
+import unittest
+
+import net_test
+
+class RemovedFeatureTest(net_test.NetworkTest):
+
+  def setUp(self):
+    net_test.RunIptablesCommand(6, "-I OUTPUT 1 -m policy --dir out --pol ipsec")
+
+  def tearDown(self):
+    net_test.RunIptablesCommand(6, "-D OUTPUT -m policy --dir out --pol ipsec")
+
+  def testPolicyNetfilterFragPanic(self):
+    ipv6_min_mtu = 1280
+    ipv6_header_size = 40
+    ipv6_frag_header_size = 8
+
+    pkt1_frag_len = ipv6_min_mtu - ipv6_header_size - ipv6_frag_header_size
+    pkt2_frag_len = 1
+
+    ip6loopback = '00000000000000000000000000000001'   # ::1
+
+    # 40 byte IPv6 header
+    ver6 = '6'
+    tclass = '00'
+    flowlbl = '00000'
+    # (uint16) payload length - of rest of packets in octets
+    pkt1_plen = '%04x' % (ipv6_frag_header_size + pkt1_frag_len)
+    pkt2_plen = '%04x' % (ipv6_frag_header_size + pkt2_frag_len)
+    nexthdr = '2c'   # = 44 IPv6-Frag
+    hoplimit = '00'
+    src = ip6loopback
+    dst = ip6loopback
+
+    # 8 byte IPv6 fragmentation header
+    frag_nexthdr = '00'
+    frag_reserved = '00'
+    # 13-bit offset, 2-bit reserved, 1-bit M[ore] flag
+    pkt1_frag_offset = '0001'
+    pkt2_frag_offset = '%04x' % pkt1_frag_len
+    frag_identification = '00000000'
+
+    # Fragmentation payload
+    pkt1_frag_payload = '00' * pkt1_frag_len
+    pkt2_frag_payload = '00' * pkt2_frag_len
+
+    pkt1 = (ver6 + tclass + flowlbl + pkt1_plen + nexthdr + hoplimit + src + dst
+         + frag_nexthdr + frag_reserved + pkt1_frag_offset + frag_identification
+         + pkt1_frag_payload)
+    pkt2 = (ver6 + tclass + flowlbl + pkt2_plen + nexthdr + hoplimit + src + dst
+         + frag_nexthdr + frag_reserved + pkt2_frag_offset + frag_identification
+         + pkt2_frag_payload)
+
+    s = socket.socket(socket.AF_INET6, socket.SOCK_RAW, socket.IPPROTO_RAW)
+    s.sendto(pkt1.decode('hex'), ('::1', 0))
+    s.sendto(pkt2.decode('hex'), ('::1', 0))
+    s.close()
+
+
+if __name__ == "__main__":
+  unittest.main()
diff --git a/net/test/rootfs/net_test.sh b/net/test/rootfs/net_test.sh
index 9c94d06..34f4a01 100755
--- a/net/test/rootfs/net_test.sh
+++ b/net/test/rootfs/net_test.sh
@@ -15,6 +15,9 @@
 # limitations under the License.
 #
 
+set -e
+set -u
+
 mount -t proc none /proc
 mount -t sysfs none /sys
 mount -t tmpfs tmpfs /tmp
@@ -22,13 +25,13 @@ mount -t tmpfs tmpfs /run
 
 # If this system was booted under UML, it will always have a /proc/exitcode
 # file. If it was booted natively or under QEMU, it will not have this file.
-if [ -e /proc/exitcode ]; then
+if [[ -e /proc/exitcode ]]; then
   mount -t hostfs hostfs /host
 else
   mount -t 9p -o trans=virtio,version=9p2000.L host /host
 fi
 
-test=$(cat /proc/cmdline | sed -re 's/.*net_test=([^ ]*).*/\1/g')
-cd $(dirname $test)
+test="$(sed -r 's/.*net_test=([^ ]*).*/\1/g' < /proc/cmdline)"
+cd "$(dirname "${test}")"
 ./net_test.sh
 poweroff -f
diff --git a/net/test/run_net_test.sh b/net/test/run_net_test.sh
index 189ece4..deed5cd 100755
--- a/net/test/run_net_test.sh
+++ b/net/test/run_net_test.sh
@@ -23,6 +23,7 @@ OPTIONS="$OPTIONS IP6_NF_IPTABLES IP6_NF_MANGLE IP6_NF_FILTER INET6_IPCOMP"
 OPTIONS="$OPTIONS IPV6_OPTIMISTIC_DAD"
 OPTIONS="$OPTIONS IPV6_ROUTE_INFO IPV6_ROUTER_PREF"
 OPTIONS="$OPTIONS NETFILTER_XT_TARGET_NFLOG"
+OPTIONS="$OPTIONS NETFILTER_XT_MATCH_POLICY"
 OPTIONS="$OPTIONS NETFILTER_XT_MATCH_QUOTA"
 OPTIONS="$OPTIONS NETFILTER_XT_MATCH_QUOTA2"
 OPTIONS="$OPTIONS NETFILTER_XT_MATCH_QUOTA2_LOG"