diff options
| author | Anton Lindqvist <anton@basename.se> | 2020-09-03 22:18:31 +0200 |
|---|---|---|
| committer | Anton Lindqvist <anton@basename.se> | 2020-09-12 13:21:21 +0200 |
| commit | ce441f065b6eebb166bb006dfd28ea0c6b730384 (patch) | |
| tree | 787f2cd6417a3529bfbbd726d4b08cb148409dbf /sys/linux/dev_input.txt.warn | |
| parent | 7b0683780a0f5f05e602bb3fe9d97c66f2c956e4 (diff) | |
executor: improve opendir(3) error handling
While investigating an OpenBSD reproducer[1][2] I discovered the
following:
* All threads are stuck on the last `sleep(1000000)` syscall in main(),
hence no output for the test machine.
* Each executor process created in loop() performs one iteration but
exits abnormally during the call to remove_dir().
* Calling remove_dir() will eventually invoke itself recursively since
one of the executed syscall is `mkdir("./file0", 0)` meaning that it
will try to remove the directory created by execute_one(). However,
`opendir(3)` fails with `EACCES` due to the permissions passed to
`mkdir(2)` is zero.
Instead of exiting, trying to remove the problematic directory in a best
effort manner makes the reproducer continue executing the generated
syscalls. This work around might be considered to narrow. Another option
would be to replace the `sleep(1000000)` with `waitpid(-1, NULL, 0)`
until ECHILD is hit.
[1] https://syzkaller.appspot.com/bug?id=6f7ce2a0536580a94f65f44e478732ec505e88af
[2] https://syzkaller.appspot.com/text?tag=ReproC&x=10fd1a71900000
Diffstat (limited to 'sys/linux/dev_input.txt.warn')
0 files changed, 0 insertions, 0 deletions