From: Sargun Dhillon <sargun@sargun.me>
To: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org
Cc: tycho@tycho.ws, jannh@google.com, christian.brauner@ubuntu.com,
keescook@chromium.org, cyphar@cyphar.com
Subject: [PATCH v2 2/2] seccomp: Check that seccomp_notif is zeroed out by the user
Date: Sat, 28 Dec 2019 01:48:51 +0000 [thread overview]
Message-ID: <20191228014849.GA31783@ircssh-2.c.rugged-nimbus-611.internal> (raw)
This patch is a small change in enforcement of the uapi for
SECCOMP_IOCTL_NOTIF_RECV ioctl. Specifically, the datastructure which
is passed (seccomp_notif) must be zeroed out. Previously any of its
members could be set to nonsense values, and we would ignore it.
This ensures all fields are set to their zero value.
This relies on the seccomp_notif datastructure to not have
any unnamed padding, as it is valid to initialize the datastructure
as:
struct seccomp_notif notif = {};
This only initializes named members to their 0-value [1].
[1]: https://lore.kernel.org/lkml/20191227023131.klnobtlfgeqcmvbb@yavin.dot.cyphar.com/
Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Cc: Kees Cook <keescook@chromium.org>
---
kernel/seccomp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 12d2227e5786..4fd73cbdd01e 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1026,6 +1026,12 @@ static long seccomp_notify_recv(struct seccomp_filter *filter,
struct seccomp_notif unotif;
ssize_t ret;
+ ret = check_zeroed_user(buf, sizeof(unotif));
+ if (ret < 0)
+ return ret;
+ if (!ret)
+ return -EINVAL;
+
memset(&unotif, 0, sizeof(unotif));
ret = down_interruptible(&filter->notif->request);
--
2.20.1
next reply other threads:[~2019-12-28 1:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-28 1:48 Sargun Dhillon [this message]
2019-12-28 2:06 ` [PATCH v2 2/2] seccomp: Check that seccomp_notif is zeroed out by the user Aleksa Sarai
2019-12-28 3:49 ` Tycho Andersen
2019-12-28 7:09 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191228014849.GA31783@ircssh-2.c.rugged-nimbus-611.internal \
--to=sargun@sargun.me \
--cc=christian.brauner@ubuntu.com \
--cc=cyphar@cyphar.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tycho@tycho.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox