Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1281117imu; Tue, 11 Dec 2018 16:32:31 -0800 (PST) X-Google-Smtp-Source: AFSGD/XLIZu4NfqUe+2Ealtk80m1sU1hgsPg3gA4JhhsvgnN2/RMs1Oz/9M4DvEmfSIRU5Fuk/Zl X-Received: by 2002:a62:109b:: with SMTP id 27mr17887970pfq.227.1544574751365; Tue, 11 Dec 2018 16:32:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544574751; cv=none; d=google.com; s=arc-20160816; b=wLcougL9BO+ESeo7JkuaTPbhRKi/W3nXC147l3Ce1vfXJnIrdUIU101zn8tSMVoq3i IlzeHhnmHAF/hPhPTSYQOdCtZtOECbydT4WdaJUzZCjr7AitD44Vm4q2vAJJnszb0L8n D5eOofCRw9e6X78OiCI3zmmeK7J94lohnwk8BLueh8z8LdcOF9Y39fB+0RtR8px7uhGO 1FnR7LnP0frrMfLIncGWcq/AQkZqA3RCHRvVp7XYidgSuURvbf3GMNgmu6/C5y08IkCZ hzqBIh7V24XklvQXlbmneyQ5m9PCSRFoOhkON0pYze5MGOOPeLaCeoO61zYmkvF2QSzJ r7jA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=RRJ3aClqjNq3nazn5+LQNCLFoj999J+Fr6uYi7oCn74=; b=dDdZ194yvWqB4PbyH2ZZ5i4rsH5O/EUO4nyacNIDnoauqx6mLPUrssdEfLYVovtl+D 1DyVADolzL3WBwDX8K/g/61ppMiZQRhe2giKlcqfUs+qpE5fZE5WF+WwyEE0J0v8HxfM nYDRu5KZmc7k/dDtEFXdMtUe8L5j3DWrHUOwpvPWm7+RVCQnkd3lib7rMoXKKlyXKt2p DaoZUSppyadTFdt8bqwsZnnZLXlTDts8DbAdRJKm56xK80DW1XbN33DDEkOQ3wVZsTZN oqDI16WHnLk41kKfjJjQ1ZGlBC5FuR+swBfCyJ73UszfzYQLTFnormJG9SX7OMGouuEp SqAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=oFoFpTP8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m8si13435053plt.171.2018.12.11.16.32.05; Tue, 11 Dec 2018 16:32:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=oFoFpTP8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726241AbeLLAbJ (ORCPT + 99 others); Tue, 11 Dec 2018 19:31:09 -0500 Received: from mail-yw1-f65.google.com ([209.85.161.65]:41347 "EHLO mail-yw1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726211AbeLLAbJ (ORCPT ); Tue, 11 Dec 2018 19:31:09 -0500 Received: by mail-yw1-f65.google.com with SMTP id f65so6251586ywc.8 for ; Tue, 11 Dec 2018 16:31:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RRJ3aClqjNq3nazn5+LQNCLFoj999J+Fr6uYi7oCn74=; b=oFoFpTP8277RJxPueoPf0oRSmiqtk4Nuk97wt2I6CbM4viOw0kbXKdJv40enlrLGM9 dTi7htQen5Lb7+xWyd+1okfzCZ8eLj1hhfC0emOeERebZX3A8tTiaeBT2Ixn5EE7Zw5t ffEM1O+Z6Lb68/ZOz1GbIt2N2t3y20gyBy/dQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RRJ3aClqjNq3nazn5+LQNCLFoj999J+Fr6uYi7oCn74=; b=DyLtfRQez4n4Cynel46XPfZ4Krn0Hy/AST2f6MlrY91oh/jWpRB3e3YGXZ5ObpvcBE 1+zjG/T7/MoLGw/AWvFU9gHLP1nzZ/BHZsrZu0/kg5oEMh7JPelWX37Au3JJIzwZxL3t uLKO7SjoG+KobmesPgjSeZmVy8180RlWnuELo1GRKNol95dOBToJvk2Qg4S8jdrCJ0Ey X+r9MWrkEuG4qHjwG8QOtoU+VkEFeuU07bAAksZTN6+HPbXmeyj7ogVnXr71rRFSdC4r zKdxWVFxiItryWLAMhC97y0ebRME17L3lQ2O1NZF3BC35cZdEbYvm7iCnwXNTsCwo+5v V7oQ== X-Gm-Message-State: AA+aEWYVISi0/mTihZSvwrFU0S4a/oca0UV8hDFB2s2OYJrAIbxRk7+v HFi4Ct5LLvksFr7weEO8IrzTL6WWYCU= X-Received: by 2002:a81:2848:: with SMTP id o69mr19306809ywo.225.1544574666616; Tue, 11 Dec 2018 16:31:06 -0800 (PST) Received: from mail-yw1-f45.google.com (mail-yw1-f45.google.com. [209.85.161.45]) by smtp.gmail.com with ESMTPSA id y83sm5156122ywd.65.2018.12.11.16.31.04 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Dec 2018 16:31:05 -0800 (PST) Received: by mail-yw1-f45.google.com with SMTP id g75so6261794ywb.1 for ; Tue, 11 Dec 2018 16:31:04 -0800 (PST) X-Received: by 2002:a81:71c5:: with SMTP id m188mr19049918ywc.353.1544574664125; Tue, 11 Dec 2018 16:31:04 -0800 (PST) MIME-Version: 1.0 References: <20181209182414.30862-1-tycho@tycho.ws> <20181209182414.30862-2-tycho@tycho.ws> In-Reply-To: <20181209182414.30862-2-tycho@tycho.ws> From: Kees Cook Date: Tue, 11 Dec 2018 16:30:52 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v10 1/4] seccomp: hoist struct seccomp_data recalculation higher To: Tycho Andersen Cc: Andy Lutomirski , Oleg Nesterov , "Eric W. Biederman" , "Serge E. Hallyn" , Christian Brauner , Tyler Hicks , Akihiro Suda , Aleksa Sarai , Jann Horn , LKML , Linux Containers , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Dec 9, 2018 at 10:24 AM Tycho Andersen wrote: > > In the next patch, we're going to use the sd pointer passed to > __seccomp_filter() as the data to pass to userspace. Except that in some > cases (__seccomp_filter(SECCOMP_RET_TRACE), emulate_vsyscall(), every time > seccomp is inovked on power, etc.) the sd pointer will be NULL in order to > force seccomp to recompute the register data. Previously this recomputation > happened one level lower, in seccomp_run_filters(); this patch just moves > it up a level higher to __seccomp_filter(). > > Thanks Oleg for spotting this. > > Signed-off-by: Tycho Andersen This is fine. :) Applied for -next. -Kees > CC: Kees Cook > CC: Andy Lutomirski > CC: Oleg Nesterov > CC: Eric W. Biederman > CC: "Serge E. Hallyn" > Acked-by: Serge Hallyn > CC: Christian Brauner > CC: Tyler Hicks > CC: Akihiro Suda > --- > kernel/seccomp.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/kernel/seccomp.c b/kernel/seccomp.c > index f2ae2324c232..96afc32e041d 100644 > --- a/kernel/seccomp.c > +++ b/kernel/seccomp.c > @@ -188,7 +188,6 @@ static int seccomp_check_filter(struct sock_filter *filter, unsigned int flen) > static u32 seccomp_run_filters(const struct seccomp_data *sd, > struct seccomp_filter **match) > { > - struct seccomp_data sd_local; > u32 ret = SECCOMP_RET_ALLOW; > /* Make sure cross-thread synced filter points somewhere sane. */ > struct seccomp_filter *f = > @@ -198,11 +197,6 @@ static u32 seccomp_run_filters(const struct seccomp_data *sd, > if (WARN_ON(f == NULL)) > return SECCOMP_RET_KILL_PROCESS; > > - if (!sd) { > - populate_seccomp_data(&sd_local); > - sd = &sd_local; > - } > - > /* > * All filters in the list are evaluated and the lowest BPF return > * value always takes priority (ignoring the DATA). > @@ -658,6 +652,7 @@ static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd, > u32 filter_ret, action; > struct seccomp_filter *match = NULL; > int data; > + struct seccomp_data sd_local; > > /* > * Make sure that any changes to mode from another thread have > @@ -665,6 +660,11 @@ static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd, > */ > rmb(); > > + if (!sd) { > + populate_seccomp_data(&sd_local); > + sd = &sd_local; > + } > + > filter_ret = seccomp_run_filters(sd, &match); > data = filter_ret & SECCOMP_RET_DATA; > action = filter_ret & SECCOMP_RET_ACTION_FULL; > -- > 2.19.1 > -- Kees Cook