From: Florian Westphal <fw@strlen.de>
Date: Tue, 10 Sep 2024 09:47:44 +0000 (+0200)
Subject: tests: shell: add test for kernel stack recursion bug
X-Git-Tag: v1.1.1~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=359a2fd62f924d1b3899ffe26f0b635ffa7a0448;p=thirdparty%2Fnftables.git

tests: shell: add test for kernel stack recursion bug

Validate that such ruleset updates get rejected.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/tests/shell/testcases/transactions/dumps/validation_recursion.sh.nodump b/tests/shell/testcases/transactions/dumps/validation_recursion.sh.nodump
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/shell/testcases/transactions/validation_recursion.sh b/tests/shell/testcases/transactions/validation_recursion.sh
new file mode 100755
index 00000000..bc3ebcc1
--- /dev/null
+++ b/tests/shell/testcases/transactions/validation_recursion.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# regression check for kernel commit
+# cff3bd012a95 ("netfilter: nf_tables: prefer nft_chain_validate")
+
+chains=100
+
+# first create skeleton, linear list
+# of 1k jumps, c1 -> c2 .. -> c100.
+#
+# not caught, commit phase validation doesn't care about
+# non-base chains.
+(
+	echo add table ip t
+
+	for i in $(seq 1 $chains);do
+		echo add chain t c$i
+	done
+
+	for i in $(seq 1 $((chains-1)) );do
+		echo add rule t c$i jump c$((i+1))
+	done
+) | $NFT -f -
+
+# now link up c0 to c1.  This triggers register-store validation for
+# c1. Old algorithm is recursive and will blindly chase the entire
+# list of chains created above.  On older kernels, this will cause kernel
+# stack overflow/guard page crash.
+$NFT -f - <<EOF
+add chain t c0 { type filter hook input priority 0; }
+add rule t c0 jump c1
+EOF
+
+if [ $? -eq 0 ] ; then
+        echo "E: loaded bogus ruleset" >&2
+        exit 1
+fi
+
+$NFT delete table ip t