From patchwork Sat Apr 28 11:29:56 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexey Kodanev <alexey.kodanev@oracle.com>
X-Patchwork-Id: 906089
X-Patchwork-Delegate: jan.stancek@gmail.com
Return-Path: <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=lists.linux.it
	(client-ip=2001:1418:10:5::2; helo=picard.linux.it;
	envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=oracle.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=oracle.com header.i=@oracle.com
	header.b="XqRbMsle"; dkim-atps=neutral
Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40Y7f10RqHz9s0w
	for <incoming@patchwork.ozlabs.org>;
	Sat, 28 Apr 2018 21:20:56 +1000 (AEST)
Received: from picard.linux.it (localhost [IPv6:::1])
	by picard.linux.it (Postfix) with ESMTP id 1AFE53E634E
	for <incoming@patchwork.ozlabs.org>;
	Sat, 28 Apr 2018 13:20:54 +0200 (CEST)
X-Original-To: ltp@lists.linux.it
Delivered-To: ltp@picard.linux.it
Received: from in-2.smtp.seeweb.it (in-2.smtp.seeweb.it [217.194.8.2])
	by picard.linux.it (Postfix) with ESMTP id C34553E632C
	for <ltp@lists.linux.it>; Sat, 28 Apr 2018 13:20:52 +0200 (CEST)
Received: from aserp2130.oracle.com (aserp2130.oracle.com [141.146.126.79])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by in-2.smtp.seeweb.it (Postfix) with ESMTPS id A7D4E6008C2
	for <ltp@lists.linux.it>; Sat, 28 Apr 2018 13:20:51 +0200 (CEST)
Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1])
	by aserp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id
	w3SBHxlr090178; Sat, 28 Apr 2018 11:20:40 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
	h=from : to : cc :
	subject : date : message-id : in-reply-to : references;
	s=corp-2017-10-26;
	bh=9fftr3zrcE5k8lmbnxh8Zl1BcYbDrsve2fgOorDtIkI=;
	b=XqRbMsle2SV9WWLdiOuKm3hXZtnV49YixDV7zxFfdLgbuLJqoD0oRmQ/PnwWLl6LX+8z
	1/kVgMNmOiMvjYseLg9TbMTAJTpKbB3qECUgtAVDBxPAv0QV2g+LKb3ZelJwJCjZnBqx
	LPm9rLc0n6uDVjrx6vhgiMFsFnzl2XUakBJcFIPzcK6/fjpstN91edO1sF6A8r2Orht2
	BBzeHRMP7N8aWyEXaHR/ODvVj1uIwrYDi+wv7PQLQ1FY0P4SdaEo6YSdWEV1Il4lmWAK
	UA8DQwbsRAALCYXFYq0QcYrjqeMxEQvDbQmTqydJIA28NNKKNmBQnU8z9vaR+LY4qU01
	Jw==
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233])
	by aserp2130.oracle.com with ESMTP id 2hmeg5gqbq-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Sat, 28 Apr 2018 11:20:40 +0000
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72])
	by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w3SBKdvU023725
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Sat, 28 Apr 2018 11:20:40 GMT
Received: from abhmp0001.oracle.com (abhmp0001.oracle.com [141.146.116.7])
	by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w3SBKdTj004259;
	Sat, 28 Apr 2018 11:20:39 GMT
Received: from ak.ru.oracle.com (/10.162.80.29)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Sat, 28 Apr 2018 04:20:38 -0700
From: Alexey Kodanev <alexey.kodanev@oracle.com>
To: ltp@lists.linux.it
Date: Sat, 28 Apr 2018 14:29:56 +0300
Message-Id: <1524914997-27080-2-git-send-email-alexey.kodanev@oracle.com>
X-Mailer: git-send-email 1.7.1
In-Reply-To: <1524914997-27080-1-git-send-email-alexey.kodanev@oracle.com>
References: <1524914997-27080-1-git-send-email-alexey.kodanev@oracle.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8876
	signatures=668698
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1
	malwarescore=0
	phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.0.1-1711220000 definitions=main-1804280109
X-Virus-Scanned: clamav-milter 0.99.2 at in-2.smtp.seeweb.it
X-Virus-Status: Clean
X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU, SPF_HELO_PASS,
	SPF_PASS autolearn=disabled version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	in-2.smtp.seeweb.it
Subject: [LTP] [PATCH v3 2/3] sctp_big_chunk: make INIT packet in the test
X-BeenThere: ltp@lists.linux.it
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Linux Test Project <ltp.lists.linux.it>
List-Unsubscribe: <https://lists.linux.it/options/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=unsubscribe>
List-Archive: <http://lists.linux.it/pipermail/ltp/>
List-Post: <mailto:ltp@lists.linux.it>
List-Help: <mailto:ltp-request@lists.linux.it?subject=help>
List-Subscribe: <https://lists.linux.it/listinfo/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=subscribe>
MIME-Version: 1.0
Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it
Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>

Starting from 4.17-rc2 kernel or the kernels that don't have
commit 40b4f0fd74e4 ("sctp: lack the check for ports in sctp_v6_cmp_addr"),
the test can't bind equal IPv6 addresses to a socket:

    safe_net.c:160: BROK: sctp_big_chunk.c:77:
        setsockopt(4, 132, 100, 0x7ffc7f11e498, 91644) failed: EINVAL

Since creating many different IP addresses and binding them to the
same SCTP socket is a time consuming process, prepare SCTP INIT chunk
in the test. That should fix EINVAL error returned by setsockopt()
for the mentioned kernels.

Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Reviewed-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
v3: * changed commit message

v2: * the test doesn't support IPv6 fragmentation, TCONF in that case
    * add needs_root since we use a raw socket

 runtest/cve                             |    1 -
 testcases/network/sctp/sctp_big_chunk.c |  105 +++++++++++++++++++++++++++----
 2 files changed, 93 insertions(+), 13 deletions(-)

diff --git a/runtest/cve b/runtest/cve
index 1d9569a..2f4171c 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -33,4 +33,3 @@ cve-2017-17052 cve-2017-17052
 cve-2017-16939 cve-2017-16939
 cve-2017-17053 cve-2017-17053
 cve-2018-5803 sctp_big_chunk
-cve-2018-5803_2 sctp_big_chunk -a 10000
diff --git a/testcases/network/sctp/sctp_big_chunk.c b/testcases/network/sctp/sctp_big_chunk.c
index 55a2969..89c5e0d 100644
--- a/testcases/network/sctp/sctp_big_chunk.c
+++ b/testcases/network/sctp/sctp_big_chunk.c
@@ -24,12 +24,14 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
 #include <netdb.h>
 #include <sys/syscall.h>
-#include <fcntl.h>
 
 #include "tst_test.h"
 #include "tst_safe_stdio.h"
+#include "tst_checksum.h"
 #include "lapi/netinet_in.h"
 #include "lapi/socket.h"
 #include "lapi/sctp.h"
@@ -38,6 +40,8 @@ static int port;
 static int sfd, cfd;
 static struct sockaddr_in6 rmt, loc;
 
+static uint8_t packet[IP_MAXPACKET];
+static int pkt_len;
 static char *addr_param;
 static int addr_num = 3273;
 
@@ -53,35 +57,108 @@ static void setup_server(void)
 	tst_res(TINFO, "sctp server listen on %d", port);
 
 	SAFE_LISTEN(sfd, 1);
+
+	srand(port);
+}
+
+static void update_packet_field(size_t *off, void *buf, size_t buf_len)
+{
+	memcpy(packet + *off, buf, buf_len);
+	*off += buf_len;
 }
 
 static void setup_client(void)
 {
-	struct sockaddr_in6 addr_buf[addr_num];
+	struct ip6_hdr ip6;
+	const size_t ip6_hdr_len = sizeof(ip6);
+	size_t cmn_hdr_off;
+	size_t off;
 	int i;
 
-	cfd = SAFE_SOCKET(AF_INET6, SOCK_STREAM, IPPROTO_SCTP);
+	memset(&ip6, 0, sizeof(ip6));
+	ip6.ip6_flow = htonl(6 << 28 | 2 << 20);
+	ip6.ip6_hops = 64;
+	ip6.ip6_nxt = IPPROTO_SCTP;
+	ip6.ip6_src.s6_addr[15] = 1;
+	ip6.ip6_dst.s6_addr[15] = 1;
 	rmt.sin6_family = AF_INET6;
 	rmt.sin6_addr = in6addr_loopback;
-	rmt.sin6_port = htons(port);
 
-	tst_res(TINFO, "bind %d additional IP addresses", addr_num);
+	/* SCTP common header */
+	off = ip6_hdr_len;
+
+	uint16_t src_port = htons(port - 1);
+	uint16_t dst_port = htons(port);
+	uint32_t vtag = 0;
+	uint32_t checksum = 0;
+
+	update_packet_field(&off, &src_port, 2);
+	update_packet_field(&off, &dst_port, 2);
+	update_packet_field(&off, &vtag, 4);
+	update_packet_field(&off, &checksum, 4);
+	cmn_hdr_off = off;
+
+	/* SCTP INIT chunk */
+	uint16_t chunk_len;
+
+	packet[off++] = 1;
+	packet[off++] = 0;
+	off += 2; /* chunk length, will be set in the end */
+
+	uint32_t init_tag = rand();
+	uint32_t rwnd = htonl(106496);
+	uint16_t outs = htons(10);
+	uint16_t ins = htons(65535);
+	uint32_t init_tsn = rand();
+
+	update_packet_field(&off, &init_tag, 4);
+	update_packet_field(&off, &rwnd, 4);
+	update_packet_field(&off, &outs, 2);
+	update_packet_field(&off, &ins, 2);
+	update_packet_field(&off, &init_tsn, 4);
 
-	memset(addr_buf, 0, sizeof(addr_buf));
+	/* SCTP optional parameter for IPv6 addresses */
+	uint16_t param_type = htons(6);
+	uint16_t param_len = htons(20);
+
+	/* IPv6(40) + SCTP_COMMON(12) + SCTP_CHUNK(20) + SCTP_OPT(65460)) */
 	for (i = 0; i < addr_num; ++i) {
-		addr_buf[i].sin6_family = AF_INET6;
-		addr_buf[i].sin6_addr = in6addr_loopback;
+		update_packet_field(&off, &param_type, 2);
+		update_packet_field(&off, &param_len, 2);
+		packet[off + 15] = 1;
+		off += 16;
 	}
+	pkt_len = off;
+
+	tst_res(TINFO, "set chunk length %zu", pkt_len - cmn_hdr_off);
+	chunk_len = htons(pkt_len - cmn_hdr_off);
+	memcpy(packet + cmn_hdr_off + 2, &chunk_len, 2);
+
+	/* set checksum for SCTP: common header + INIT chunk */
+	uint32_t csum = tst_crc32c(packet + ip6_hdr_len, pkt_len - ip6_hdr_len);
+
+	memcpy(packet + ip6_hdr_len + 8, &csum, 4);
+
+	ip6.ip6_plen = htons(pkt_len - ip6_hdr_len);
+	memcpy(packet, &ip6, ip6_hdr_len);
 
-	SAFE_SETSOCKOPT(cfd, SOL_SCTP, SCTP_SOCKOPT_BINDX_ADD, addr_buf,
-			sizeof(addr_buf));
+	cfd = SAFE_SOCKET(AF_INET6, SOCK_RAW, IPPROTO_RAW);
 }
 
+static const char mtu_path[] = "/sys/class/net/lo/mtu";
+static const unsigned int max_mtu = 65535;
+static unsigned int mtu;
+
 static void setup(void)
 {
 	if (tst_parse_int(addr_param, &addr_num, 1, INT_MAX))
 		tst_brk(TBROK, "wrong address number '%s'", addr_param);
 
+	/* We don't fragment IPv6 packet here yet, check that MTU is 65535 */
+	SAFE_FILE_SCANF(mtu_path, "%d", &mtu);
+	if (mtu < max_mtu)
+		tst_brk(TCONF, "Test needs that 'lo' MTU has %d", max_mtu);
+
 	setup_server();
 	setup_client();
 }
@@ -89,6 +166,7 @@ static void setup(void)
 static void run(void)
 {
 	int pid = SAFE_FORK();
+	int i;
 
 	if (!pid) {
 		struct sockaddr_in6 addr6;
@@ -99,8 +177,10 @@ static void run(void)
 		exit(0);
 	}
 
-	fcntl(cfd, F_SETFL, O_NONBLOCK);
-	connect(cfd, (struct sockaddr *)&rmt, sizeof(rmt));
+	for (i = 0; i < 3; ++i) {
+		SAFE_SENDTO(1, cfd, packet, pkt_len, 0,
+			(struct sockaddr *)&rmt, sizeof(rmt));
+	}
 
 	SAFE_KILL(pid, SIGKILL);
 	SAFE_WAITPID(pid, NULL, 0);
@@ -114,6 +194,7 @@ static struct tst_option options[] = {
 };
 
 static struct tst_test test = {
+	.needs_root = 1,
 	.setup = setup,
 	.forks_child = 1,
 	.test_all = run,