diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2024-04-02 12:08:29 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2024-04-02 13:05:41 +0000 |
| commit | 81b7a40ac5bab47ffe0b732c66522cfc922df3ad (patch) | |
| tree | 310220234125805a99bee5c6d6ff1d9f8baf7945 /executor | |
| parent | aed5b33a040a2b82edb7ec053cf61930a2648a44 (diff) | |
executor: ignore ENOENT for socket calls
Don't treat ENOENT from socket call as fatal.
Fuzzer manages to make all socket calls for a particular
protocol fail using NLBL_MGMT_C_REMOVE netlink function.
Diffstat (limited to 'executor')
| -rw-r--r-- | executor/common_linux.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h index 85e19cf84..eea0fd2cf 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -3328,6 +3328,13 @@ static void checkpoint_iptables(struct ipt_table_desc* tables, int num_tables, i switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + // ENOENT can be returned if smack lsm is used. Smack tried to aplly netlbl to created sockets, + // but the fuzzer can manage to remove netlbl entry for SOCK_STREAM/IPPROTO_TCP using + // NLBL_MGMT_C_REMOVE, which is unfortunately global (not part of net namespace). In this state + // creation of such sockets will fail all the time in all processes (so in some sense the machine + // is indeed broken), but ignoring the error is still probably the best option given we allow + // the fuzzer to invoke NLBL_MGMT_C_REMOVE in the first place. + case ENOENT: return; } failmsg("iptable checkpoint: socket(SOCK_STREAM, IPPROTO_TCP) failed", "family=%d", family); @@ -3381,6 +3388,7 @@ static void reset_iptables(struct ipt_table_desc* tables, int num_tables, int fa switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } failmsg("iptable: socket(SOCK_STREAM, IPPROTO_TCP) failed", "family=%d", family); @@ -3427,6 +3435,7 @@ static void checkpoint_arptables(void) switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("arptable checkpoint: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) failed"); @@ -3477,6 +3486,7 @@ static void reset_arptables() switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("arptable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); @@ -3570,6 +3580,7 @@ static void checkpoint_ebtables(void) switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("ebtable checkpoint: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); @@ -3611,6 +3622,7 @@ static void reset_ebtables() switch (errno) { case EAFNOSUPPORT: case ENOPROTOOPT: + case ENOENT: return; } fail("ebtable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); |