From af90e68623c729d0e3b06a1e838c5584d2d8b7c2 Mon Sep 17 00:00:00 2001
From: Andrei Vagin <avagin@google.com>
Date: Fri, 9 Aug 2019 22:33:40 -0700
Subject: netlink: return an error in nlmsgerr

Now if a process sends an unsupported netlink requests,
an error is returned from the send system call.

The linux kernel works differently in this case. It returns errors in the
nlmsgerr netlink message.

Reported-by: syzbot+571d99510c6f935202da@syzkaller.appspotmail.com
PiperOrigin-RevId: 262690453
---
 pkg/sentry/socket/netlink/socket.go | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

(limited to 'pkg/sentry/socket')

diff --git a/pkg/sentry/socket/netlink/socket.go b/pkg/sentry/socket/netlink/socket.go
index eccbd527a..d0aab293d 100644
--- a/pkg/sentry/socket/netlink/socket.go
+++ b/pkg/sentry/socket/netlink/socket.go
@@ -511,6 +511,19 @@ func (s *Socket) sendResponse(ctx context.Context, ms *MessageSet) *syserr.Error
 	return nil
 }
 
+func (s *Socket) dumpErrorMesage(ctx context.Context, hdr linux.NetlinkMessageHeader, ms *MessageSet, err *syserr.Error) *syserr.Error {
+	m := ms.AddMessage(linux.NetlinkMessageHeader{
+		Type: linux.NLMSG_ERROR,
+	})
+
+	m.Put(linux.NetlinkErrorMessage{
+		Error:  int32(-err.ToLinux().Number()),
+		Header: hdr,
+	})
+	return nil
+
+}
+
 // processMessages handles each message in buf, passing it to the protocol
 // handler for final handling.
 func (s *Socket) processMessages(ctx context.Context, buf []byte) *syserr.Error {
@@ -545,14 +558,20 @@ func (s *Socket) processMessages(ctx context.Context, buf []byte) *syserr.Error
 			continue
 		}
 
+		ms := NewMessageSet(s.portID, hdr.Seq)
+		var err *syserr.Error
 		// TODO(b/68877377): ACKs not supported yet.
 		if hdr.Flags&linux.NLM_F_ACK == linux.NLM_F_ACK {
-			return syserr.ErrNotSupported
-		}
+			err = syserr.ErrNotSupported
+		} else {
 
-		ms := NewMessageSet(s.portID, hdr.Seq)
-		if err := s.protocol.ProcessMessage(ctx, hdr, data, ms); err != nil {
-			return err
+			err = s.protocol.ProcessMessage(ctx, hdr, data, ms)
+		}
+		if err != nil {
+			ms = NewMessageSet(s.portID, hdr.Seq)
+			if err := s.dumpErrorMesage(ctx, hdr, ms, err); err != nil {
+				return err
+			}
 		}
 
 		if err := s.sendResponse(ctx, ms); err != nil {
-- 
cgit v1.2.3