search

tempesta-tech / tempesta

All-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks
https://tempesta-tech.com/
GNU General Public License v2.0
625 stars 103 forks source link

h2spec: hpack/5.2/3 - Huffman-encoded string literal representation containing the EOS symbol #1827

Closed RomanBelozerov closed 8 months ago

RomanBelozerov commented 1 year ago

Scope

Test passes successfully, but Tempesta outputs warning in dmesg.

DMESG 

[10859.213929] ------------[ cut here ]------------
[10859.214988] WARNING: CPU: 0 PID: 16574 at /root/tempesta/fw/hpack.c:676 tfw_huffman_decode+0x424/0x610 [tempesta_fw]
[10859.217368] Modules linked in: tempesta_fw(OE) tempesta_db(OE) tempesta_tls(OE) tempesta_lib(OE) nfnetlink_queue(E) nfnetlink_log(E) bluetooth(E) jitterentropy_rng(E) drbg(E) ansi_cprng(E) ecdh_generic(E) ecc(E) cfg80211(E) sha256_ssse3(E) sha512_ssse3(E) sha512_generic(E) uinput(E) xt_conntrack(E) nft_chain_nat(E) xt_MASQUERADE(E) nf_nat(E) nf_conntrack_netlink(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) xfrm_user(E) xfrm_algo(E) nft_counter(E) xt_addrtype(E) nft_compat(E) nf_tables(E) libcrc32c(E) nfnetlink(E) br_netfilter(E) bridge(E) stp(E) llc(E) overlay(E) hid_generic(E) usbhid(E) hid(E) intel_rapl_msr(E) intel_rapl_common(E) intel_pmc_core(E) crc32_pclmul(E) ghash_clmulni_intel(E) rfkill(E) snd_ens1371(E) sr_mod(E) snd_ac97_codec(E) cdrom(E) aesni_intel(E) ata_generic(E) ac97_bus(E) libaes(E) crypto_simd(E) uhci_hcd(E) cryptd(E) gameport(E) glue_helper(E) ehci_pci(E) snd_rawmidi(E) ehci_hcd(E) snd_seq_device(E) ata_piix(E) snd_pcm(E) snd_timer(E) libata(E) vmw_balloon(E)
[10859.217421]  e1000(E) snd(E) usbcore(E) sg(E) joydev(E) i2c_piix4(E) pcspkr(E) soundcore(E) vsock_loopback(E) vmw_vsock_virtio_transport_common(E) ac(E) button(E) vmw_vsock_vmci_transport(E) vsock(E) vmw_vmci(E) msr(E) parport_pc(E) ppdev(E) lp(E) parport(E) fuse(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) sd_mod(E) t10_pi(E) crc_t10dif(E) crct10dif_generic(E) vmwgfx(E) drm_kms_helper(E) cec(E) ttm(E) crct10dif_pclmul(E) crct10dif_common(E) evdev(E) crc32c_intel(E) mptspi(E) drm(E) scsi_transport_spi(E) psmouse(E) mptscsih(E) mptbase(E) scsi_mod(E) serio_raw(E) [last unloaded: tempesta_lib]
[10859.249453] CPU: 0 PID: 16574 Comm: h2spec Tainted: G        W  OE     5.10.35+ #4
[10859.251106] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
[10859.253499] RIP: 0010:tfw_huffman_decode+0x424/0x610 [tempesta_fw]
[10859.254824] Code: 01 09 c2 49 89 7c 24 78 66 41 89 94 24 88 00 00 00 0f b7 f2 e9 b7 fe ff ff 8b 8d 58 01 00 00 48 8d 95 40 01 00 00 89 c8 eb 83 <0f> 0b e9 e2 fd ff ff 31 d2 be 01 00 00 00 e8 f9 30 06 00 48 89 85
[10859.258856] RSP: 0018:ffffafc7c0003a80 EFLAGS: 00010286
[10859.260058] RAX: 000000000000034e RBX: ffff9f862a250031 RCX: 0000000000000002
[10859.261576] RDX: 0000000000000006 RSI: 0000000000003ffe RDI: ffff9f865718a038
[10859.263089] RBP: ffff9f85e4f86020 R08: 0000000000001000 R09: 00000000000005f0
[10859.264695] R10: ffffafc7c0003a68 R11: 0000000000000040 R12: ffff9f865718a038
[10859.266202] R13: 00000000fffffffa R14: ffff9f862a250030 R15: 0000000000000000
[10859.267827] FS:  00007f0afdda1740(0000) GS:ffff9f871a000000(0000) knlGS:0000000000000000
[10859.269539] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[10859.270742] CR2: 00000000009d7294 CR3: 000000016a258003 CR4: 0000000000370ef0
[10859.272316] Call Trace:
[10859.272868]  
[10859.273306]  tfw_hpack_decode+0x7b3/0x1dc0 [tempesta_fw]
[10859.274437]  tfw_h2_parse_req+0xa8/0x200 [tempesta_fw]
[10859.275515]  ss_skb_process+0xed/0x130 [tempesta_fw]
[10859.276742]  ? tfw_http_parse_req+0xf150/0xf150 [tempesta_fw]
[10859.277971]  tfw_http_req_process+0x7c/0x870 [tempesta_fw]
[10859.279124]  ? tfw_http_msg_process_generic+0x40b/0x5e0 [tempesta_fw]
[10859.280595]  ? ss_skb_chop_head_tail+0xbe/0x1d0 [tempesta_fw]
[10859.281797]  ? ss_skb_process+0xed/0x130 [tempesta_fw]
[10859.282913]  tfw_h2_frame_process+0x26b/0x4b0 [tempesta_fw]
[10859.284266]  tfw_connection_recv+0x52/0xa0 [tempesta_fw]
[10859.285409]  tfw_tls_connection_recv+0x281/0x3a0 [tempesta_fw]
[10859.286619]  ss_tcp_process_data+0x1f1/0x400 [tempesta_fw]
[10859.287854]  ss_tcp_data_ready+0x3f/0xc0 [tempesta_fw]
[10859.288945]  tcp_rcv_established+0x5d8/0x680
[10859.289842]  tcp_v4_do_rcv+0x131/0x1f0
[10859.290631]  tcp_v4_rcv+0xc2f/0xd80
[10859.291364]  ip_protocol_deliver_rcu+0x2b/0x1b0
[10859.292402]  ip_local_deliver_finish+0x44/0x50
[10859.293357]  __netif_receive_skb_one_core+0x87/0xa0
[10859.294371]  process_backlog+0x96/0x160
[10859.295188]  net_rx_action+0x145/0x3e0
[10859.296117]  __do_softirq+0xcf/0x284
[10859.296884]  asm_call_irq_on_stack+0x12/0x20
[10859.297794]  
[10859.298262]  do_softirq_own_stack+0x37/0x40
[10859.299177]  do_softirq+0x5e/0x70
[10859.299981]  __local_bh_enable_ip+0x4b/0x50
[10859.300891]  ip_finish_output2+0x1ab/0x590
[10859.301747]  ? ipv4_link_failure+0x1b0/0x1b0
[10859.302642]  __ip_queue_xmit+0x180/0x410
[10859.303472]  ? update_load_avg+0x7a/0x5e0
[10859.304326]  __tcp_transmit_skb+0xa0e/0xbc0
[10859.305306]  tcp_write_xmit+0x41b/0x1240
[10859.306158]  __tcp_push_pending_frames+0x32/0xf0
[10859.307119]  tcp_sendmsg_locked+0xa32/0xb50
[10859.307999]  tcp_sendmsg+0x28/0x40
[10859.308803]  sock_sendmsg+0x57/0x60
[10859.309549]  sock_write_iter+0x97/0x100
[10859.310357]  new_sync_write+0x199/0x1b0
[10859.311163]  vfs_write+0x1c2/0x260
[10859.311879]  ksys_write+0xa7/0xe0
[10859.312678]  ? exit_to_user_mode_prepare+0x32/0x120
[10859.313719]  do_syscall_64+0x33/0x80
[10859.314501]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[10859.315562] RIP: 0033:0x4b1c9b
[10859.316306] Code: fb ff eb bd e8 86 75 fb ff e9 61 ff ff ff cc e8 9b 4e fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[10859.320279] RSP: 002b:000000c00013aee0 EFLAGS: 00000206 ORIG_RAX: 0000000000000001
[10859.321873] RAX: ffffffffffffffda RBX: 000000c000022000 RCX: 00000000004b1c9b
[10859.323397] RDX: 0000000000000041 RSI: 000000c000192000 RDI: 0000000000000006
[10859.324991] RBP: 000000c00013af30 R08: 000000c00013af01 R09: 0000000000000004
[10859.326487] R10: 0000000000852ea0 R11: 0000000000000206 R12: 0000000063f49903
[10859.327965] R13: 000000000000000a R14: 0000000000000024 R15: 00000000000000aa
[10859.329543] ---[ end trace 76fcacae30959693 ]---
[10859.330531] [tempesta fw] Warning: failed to parse request: 127.0.0.1

Testing

Test to reproduce. Please enable test after fix.

enuribekov-tempesta commented 8 months ago

This behavior is absolutely expected because WARNING is raised when "shift" (number of bits which represent a current symbol) is wrong. In their turn wrong value is a result of broke of decoding chain by EOS. Function returns "Compression error" code and in this way error handling correctly.

Maybe make sense to remove useless error dump and simply add simple error message to the log.