ksmbd testing progress - buildbot run passed

ksmbd testing progress - buildbot run passed

[Steve French]

Current Linux client (minus the deferred close patches) to current
ksmbd on 5.12-rc8 as a test target passed all tests:

http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com/#/builders/8/builds/32

-- 
Thanks,

Steve

Re: [Linux-cifsd-devel] ksmbd testing progress - buildbot run passed

[Marios Makassikis]

On Wed, 2021-04-21 at 12:18 -0500, Steve French wrote:
> Current Linux client (minus the deferred close patches) to current
> ksmbd on 5.12-rc8 as a test target passed all tests:
> 
> http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com/#/builders/8/builds/32
> 

It doesn't look like any test was actually run though.
I looked at some of the tests output and they all had umount errors:

  umount: /mnt/test: not mounted.
  umount: /mnt/test: not mounted.

The warmup smb3 generic/001 hints at cifs.ko not being loaded:

rmmod: ERROR: Module cifs is not currently loaded
mount error(113): could not connect to 192.168.122.13Unable to find
suitable address.


Marios

Re: ksmbd testing progress - buildbot run passed

[Aurélien Aptel]

Hi,

I have started a small project to test ksmbd by fuzzing.

It's based on an existing project called Fuzzotron and it's not finished
yet. I have taken code from libsmb2 and other places to setup a valid
connection (negprot, sess setup, tcon) before the fuzzing starts. The
code is very messy, not clean at all (all SMB2 logic is in callback.c)

https://github.com/aaptel/fuzzotron

I haven't had time to finish it, TCON creation fails with ACCESS_DENIED,
I haven't figured out why yet :(

Maybe there's a better project to fuzz network servers, I've just used
fuzzotron because the code looked simple enough. The callback.c has all
the required code so it should be relatively easy to move to another
fuzzer.

I think it would be very useful to run this on ksmbd, because:

- the stakes of security issues in that code are very high.
- it would make people trust ksmbd code a lot more if it passes this.

Quick how to if you want to give it a try:
* get radamsa https://gitlab.com/akihe/radamsa and compile it, put it in $PATH
* make a test folder to be used for test input samples (valid SMB2 packets)
- dd if=/dev/urandom of=test/sample1 bs=1K count=1 (simple invalid test)
* make a script to test if server crashed, for example:
- echo 'ping -c1 192.168.2.110' > check.sh
* run
./fuzzotron --radamsa --directory $PWD/test -h 192.168.2.110 -p 445 -P tcp -z "$PWD/check.sh" -o output

Unfortunately it fails because of bad TCON creation right now, as I said
earlier... I need to find some time to find the issue.

Cheers,
-- 
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)

Re: [Linux-cifsd-devel] ksmbd testing progress - buildbot run passed

[Steve French]

On Wed, Apr 21, 2021 at 12:42 PM Marios Makassikis
<mmakassikis@freebox.fr> wrote:
>
> On Wed, 2021-04-21 at 12:18 -0500, Steve French wrote:
> > Current Linux client (minus the deferred close patches) to current
> > ksmbd on 5.12-rc8 as a test target passed all tests:
> >
> > http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com/#/builders/8/builds/32
> >
>
> It doesn't look like any test was actually run though.

The run times look plausible.  Let me know if you see anything
suspicious.  I can ssh in to make sure - but probably fine.  I only
typically worry about tests that take less than 3 or 4 seconds (to
doublecheck that they aren't skipped)

> I looked at some of the tests output and they all had umount errors:
>
>   umount: /mnt/test: not mounted.
>   umount: /mnt/test: not mounted.

That is normal, the tests unmount at the end of the previous one
(unless it times out) and tries to unmount again before the next one
starts.

>
> The warmup smb3 generic/001 hints at cifs.ko not being loaded:
>
> rmmod: ERROR: Module cifs is not currently loaded
> mount error(113): could not connect to 192.168.122.13Unable to find
> suitable address.

That was because the test client VM had some out of memory issues and
so I shut down the windows server test target
(which is not relevant for these tests)
-- 
Thanks,

Steve

Re: [Linux-cifsd-devel] ksmbd testing progress - buildbot run passed

[Marios Makassikis]

On Wed, 2021-04-21 at 12:55 -0500, Steve French wrote:
> On Wed, Apr 21, 2021 at 12:42 PM Marios Makassikis
> <mmakassikis@freebox.fr> wrote:
> > On Wed, 2021-04-21 at 12:18 -0500, Steve French wrote:
> > > Current Linux client (minus the deferred close patches) to
> > > current
> > > ksmbd on 5.12-rc8 as a test target passed all tests:
> > > 
> > > http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com/#/builders/8/builds/32
> > > 
> > 
> > It doesn't look like any test was actually run though.
> 
> The run times look plausible.  Let me know if you see anything
> suspicious.  I can ssh in to make sure - but probably fine.  I only
> typically worry about tests that take less than 3 or 4 seconds (to
> doublecheck that they aren't skipped)
> 
> > I looked at some of the tests output and they all had umount
> > errors:
> > 
> >   umount: /mnt/test: not mounted.
> >   umount: /mnt/test: not mounted.
> 
> That is normal, the tests unmount at the end of the previous one
> (unless it times out) and tries to unmount again before the next one
> starts.
> 
> > The warmup smb3 generic/001 hints at cifs.ko not being loaded:
> > 
> > rmmod: ERROR: Module cifs is not currently loaded
> > mount error(113): could not connect to 192.168.122.13Unable to find
> > suitable address.
> 
> That was because the test client VM had some out of memory issues and
> so I shut down the windows server test target
> (which is not relevant for these tests)

Right, thanks for the explanations. For a second there I thought this
was a case of 'the test failed successfully' :-).

Marios

RE: ksmbd testing progress - buildbot run passed

[Namjae Jeon]

> 
> Hi,
Hi Aurélien,

> 
> I have started a small project to test ksmbd by fuzzing.
Really great work!, We can add this to buildbot test of ksmbd.

> 
> It's based on an existing project called Fuzzotron and it's not finished yet. I have taken code from
> libsmb2 and other places to setup a valid connection (negprot, sess setup, tcon) before the fuzzing
> starts. The code is very messy, not clean at all (all SMB2 logic is in callback.c)
> 
> https://protect2.fireeye.com/v1/url?k=d034d6f7-8fafefb8-d0355db8-0cc47a30d446-
> a31c437df7256da6&q=1&e=2ad65418-4da5-4fd7-85e8-
> 61c1b0dea5c7&u=https%3A%2F%2Fgithub.com%2Faaptel%2Ffuzzotron
> 
> I haven't had time to finish it, TCON creation fails with ACCESS_DENIED, I haven't figured out why
> yet :(
Okay, I will join this project after ksmbd upstream is completed.

> 
> Maybe there's a better project to fuzz network servers, I've just used fuzzotron because the code
> looked simple enough. The callback.c has all the required code so it should be relatively easy to move
> to another fuzzer.
Let me check it.
> 
> I think it would be very useful to run this on ksmbd, because:
> 
> - the stakes of security issues in that code are very high.
> - it would make people trust ksmbd code a lot more if it passes this.
Agreed.

> 
> Quick how to if you want to give it a try:
> * get radamsa https://gitlab.com/akihe/radamsa and compile it, put it in $PATH
> * make a test folder to be used for test input samples (valid SMB2 packets)
> - dd if=/dev/urandom of=test/sample1 bs=1K count=1 (simple invalid test)
> * make a script to test if server crashed, for example:
> - echo 'ping -c1 192.168.2.110' > check.sh
> * run
> ./fuzzotron --radamsa --directory $PWD/test -h 192.168.2.110 -p 445 -P tcp -z "$PWD/check.sh" -o
> output
> 
> Unfortunately it fails because of bad TCON creation right now, as I said earlier... I need to find
> some time to find the issue.
Okay, We are focusing on ksmbd upstream now, Only if it is completed, We will be able to work together.
And It is really necessary for ksmbd and thank you for sharing your work!

> 
> Cheers,
> --
> Aurélien Aptel / SUSE Labs Samba Team
> GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3 SUSE Software Solutions Germany GmbH,
> Maxfeldstr. 5, 90409 Nürnberg, DE
> GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)