From: Tycho Andersen <tycho@tycho.ws>
To: Sargun Dhillon <sargun@sargun.me>
Cc: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
jannh@google.com, christian.brauner@ubuntu.com,
keescook@chromium.org, cyphar@cyphar.com
Subject: Re: [PATCH v2 1/2] samples, selftests/seccomp: Zero out seccomp_notif
Date: Sat, 28 Dec 2019 11:18:25 -0700 [thread overview]
Message-ID: <20191228181825.GB6746@cisco> (raw)
In-Reply-To: <20191228014837.GA31774@ircssh-2.c.rugged-nimbus-611.internal>
On Sat, Dec 28, 2019 at 01:48:39AM +0000, Sargun Dhillon wrote:
> The seccomp_notif structure should be zeroed out prior to calling the
> SECCOMP_IOCTL_NOTIF_RECV ioctl. Previously, the kernel did not check
> whether these structures were zeroed out or not, so these worked.
>
> Signed-off-by: Sargun Dhillon <sargun@sargun.me>
> Cc: Kees Cook <keescook@chromium.org>
> ---
> samples/seccomp/user-trap.c | 2 +-
> tools/testing/selftests/seccomp/seccomp_bpf.c | 2 ++
> 2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/samples/seccomp/user-trap.c b/samples/seccomp/user-trap.c
> index 6d0125ca8af7..0ca8fb37cd79 100644
> --- a/samples/seccomp/user-trap.c
> +++ b/samples/seccomp/user-trap.c
> @@ -298,7 +298,6 @@ int main(void)
> req = malloc(sizes.seccomp_notif);
> if (!req)
> goto out_close;
> - memset(req, 0, sizeof(*req));
>
> resp = malloc(sizes.seccomp_notif_resp);
> if (!resp)
> @@ -306,6 +305,7 @@ int main(void)
> memset(resp, 0, sizeof(*resp));
I know it's unrelated, but it's probably worth sending a patch to fix
this to be sizes.seccomp_notif_resp instead of sizeof(*resp), since if
the kernel is older this will over-zero things. I can do that, or you
can add the patch to this series, just let me know which.
But in any case, this patch is:
Reviewed-by: Tycho Andersen <tycho@tycho.ws>
Cheers,
Tycho
next prev parent reply other threads:[~2019-12-28 18:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-28 1:48 [PATCH v2 1/2] samples, selftests/seccomp: Zero out seccomp_notif Sargun Dhillon
2019-12-28 9:25 ` Christian Brauner
2019-12-28 18:18 ` Tycho Andersen [this message]
2019-12-29 0:10 ` Sargun Dhillon
2019-12-29 0:18 ` Tycho Andersen
2019-12-30 19:14 ` Sargun Dhillon
2019-12-30 19:33 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191228181825.GB6746@cisco \
--to=tycho@tycho.ws \
--cc=christian.brauner@ubuntu.com \
--cc=cyphar@cyphar.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sargun@sargun.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.