diff options
author | Maciej enczykowski <maze@google.com> | 2019-03-22 14:20:53 -0700 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2019-03-22 14:20:53 -0700 |
commit | dce243734400bd2ef663341a62db6db57a432d2e (patch) | |
tree | ceab27ee0c24a5d9a955209d9e7ad989c7343412 | |
parent | 0e80d0648cf4769c6c4c8db8b8bdfe1283ba3d51 (diff) | |
parent | ccad07c91ffa8affd9a696c62cf5835ba4c48bb8 (diff) | |
download | tests-dce243734400bd2ef663341a62db6db57a432d2e.tar.gz |
net-test: add a test for a kernel panic triggered by a bad backport
am: ccad07c91f
Change-Id: I95378d29a718d542f1510f3db94c1cf605522c53
-rwxr-xr-x | net/test/all_tests.py | 1 | ||||
-rwxr-xr-x | net/test/policy_crash_test.py | 135 | ||||
-rwxr-xr-x | net/test/run_net_test.sh | 1 |
3 files changed, 137 insertions, 0 deletions
diff --git a/net/test/all_tests.py b/net/test/all_tests.py index bfba0e5..485d55b 100755 --- a/net/test/all_tests.py +++ b/net/test/all_tests.py @@ -30,6 +30,7 @@ test_modules = [ 'nf_test', 'pf_key_test', 'ping6_test', + 'policy_crash_test', 'qtaguid_test', 'removed_feature_test', 'resilient_rs_test', diff --git a/net/test/policy_crash_test.py b/net/test/policy_crash_test.py new file mode 100755 index 0000000..536f96d --- /dev/null +++ b/net/test/policy_crash_test.py @@ -0,0 +1,135 @@ +#!/usr/bin/python +# +# Copyright 2019 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ---------------------------------------------------------------------- + +# This triggers a kernel panic on 4.9.114+ which is fixed in 4.9.136 +# +# Crash was introduced by ad8b1ffc3efae2f65080bdb11145c87d299b8f9a +# and reverted in 2edec22d18758c9b29301ded2291f051d65422e9 + +# ---------------------------------------------------------------------- + +# Modules linked in: +# Pid: 305, comm: python Not tainted 4.9.114 +# RIP: 0033:[<0000000060272d73>] +# RSP: 000000007fd09a10 EFLAGS: 00010246 +# RAX: 0000000060492fa8 RBX: 0000000060272b18 RCX: 000000007ff412a8 +# RDX: 000000007ff41288 RSI: 000000007fd09a98 RDI: 000000007ff14a00 +# RBP: 000000007fd09a40 R08: 0000000000000001 R09: 0100000000000000 +# R10: 0000000000000000 R11: 000000007ff412a8 R12: 0000000000010002 +# R13: 000000000000000a R14: 0000000000000000 R15: 0000000000000000 +# Kernel panic - not syncing: Kernel mode fault at addr 0x48, ip 0x60272d73 +# CPU: 0 PID: 305 Comm: python Not tainted 4.9.114 #7 +# Stack: +# 7fcd5000 7ff411e0 7ff14a00 7ff41000 +# 00000000 00000000 7fd09b00 6031acd9 +# 00000000 7ff41288 7ff4100c 100000003 +# Call Trace: +# [<6031acd9>] ip6t_do_table+0x2a3/0x3d4 +# [<6026d300>] ? netfilter_net_init+0xd5/0x14f +# [<6026d37a>] ? nf_iterate+0x0/0x5c +# [<6031c99d>] ip6table_filter_hook+0x21/0x23 +# [<6026d3b2>] nf_iterate+0x38/0x5c +# [<6026d40a>] nf_hook_slow+0x34/0xa2 +# [<6003166c>] ? set_signals+0x0/0x3f +# [<6003165d>] ? get_signals+0x0/0xf +# [<603045d4>] rawv6_sendmsg+0x842/0xc4b +# [<60033d15>] ? wait_stub_done+0x40/0x10a +# [<60021176>] ? copy_chunk_from_user+0x23/0x2e +# [<60021153>] ? copy_chunk_from_user+0x0/0x2e +# [<60302da3>] ? dst_output+0x0/0x11 +# [<602b063a>] inet_sendmsg+0x1e/0x5c +# [<600fe142>] ? __fdget+0x15/0x17 +# [<6022636c>] sock_sendmsg+0xf/0x62 +# [<6022785d>] SyS_sendto+0x108/0x140 +# [<600389c2>] ? arch_switch_to+0x2b/0x2e +# [<60367ce4>] ? __schedule+0x428/0x44f +# [<603678bc>] ? __schedule+0x0/0x44f +# [<60021125>] handle_syscall+0x79/0xa7 +# [<6003445c>] userspace+0x3bb/0x453 +# [<6001dd92>] ? interrupt_end+0x0/0x94 +# [<6001dc42>] fork_handler+0x85/0x87 +# +# /android/kernel/tests/net/test/run_net_test.sh: line 397: 50828 Aborted +# $KERNEL_BINARY umid=net_test mem=512M $blockdevice=$SCRIPT_DIR/$ROOTFS $netconfig $consolemode $cmdline 1>&2 +# Returning exit code 134. + +# ---------------------------------------------------------------------- + +import os +import socket +import unittest + +import net_test + +class RemovedFeatureTest(net_test.NetworkTest): + + def setUp(self): + net_test.RunIptablesCommand(6, "-I OUTPUT 1 -m policy --dir out --pol ipsec") + + def tearDown(self): + net_test.RunIptablesCommand(6, "-D OUTPUT -m policy --dir out --pol ipsec") + + def testPolicyNetfilterFragPanic(self): + ipv6_min_mtu = 1280 + ipv6_header_size = 40 + ipv6_frag_header_size = 8 + + pkt1_frag_len = ipv6_min_mtu - ipv6_header_size - ipv6_frag_header_size + pkt2_frag_len = 1 + + ip6loopback = '00000000000000000000000000000001' # ::1 + + # 40 byte IPv6 header + ver6 = '6' + tclass = '00' + flowlbl = '00000' + # (uint16) payload length - of rest of packets in octets + pkt1_plen = '%04x' % (ipv6_frag_header_size + pkt1_frag_len) + pkt2_plen = '%04x' % (ipv6_frag_header_size + pkt2_frag_len) + nexthdr = '2c' # = 44 IPv6-Frag + hoplimit = '00' + src = ip6loopback + dst = ip6loopback + + # 8 byte IPv6 fragmentation header + frag_nexthdr = '00' + frag_reserved = '00' + # 13-bit offset, 2-bit reserved, 1-bit M[ore] flag + pkt1_frag_offset = '0001' + pkt2_frag_offset = '%04x' % pkt1_frag_len + frag_identification = '00000000' + + # Fragmentation payload + pkt1_frag_payload = '00' * pkt1_frag_len + pkt2_frag_payload = '00' * pkt2_frag_len + + pkt1 = (ver6 + tclass + flowlbl + pkt1_plen + nexthdr + hoplimit + src + dst + + frag_nexthdr + frag_reserved + pkt1_frag_offset + frag_identification + + pkt1_frag_payload) + pkt2 = (ver6 + tclass + flowlbl + pkt2_plen + nexthdr + hoplimit + src + dst + + frag_nexthdr + frag_reserved + pkt2_frag_offset + frag_identification + + pkt2_frag_payload) + + s = socket.socket(socket.AF_INET6, socket.SOCK_RAW, socket.IPPROTO_RAW) + s.sendto(pkt1.decode('hex'), ('::1', 0)) + s.sendto(pkt2.decode('hex'), ('::1', 0)) + s.close() + + +if __name__ == "__main__": + unittest.main() diff --git a/net/test/run_net_test.sh b/net/test/run_net_test.sh index 189ece4..deed5cd 100755 --- a/net/test/run_net_test.sh +++ b/net/test/run_net_test.sh @@ -23,6 +23,7 @@ OPTIONS="$OPTIONS IP6_NF_IPTABLES IP6_NF_MANGLE IP6_NF_FILTER INET6_IPCOMP" OPTIONS="$OPTIONS IPV6_OPTIMISTIC_DAD" OPTIONS="$OPTIONS IPV6_ROUTE_INFO IPV6_ROUTER_PREF" OPTIONS="$OPTIONS NETFILTER_XT_TARGET_NFLOG" +OPTIONS="$OPTIONS NETFILTER_XT_MATCH_POLICY" OPTIONS="$OPTIONS NETFILTER_XT_MATCH_QUOTA" OPTIONS="$OPTIONS NETFILTER_XT_MATCH_QUOTA2" OPTIONS="$OPTIONS NETFILTER_XT_MATCH_QUOTA2_LOG" |