Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp11609413ybl; Fri, 27 Dec 2019 17:50:04 -0800 (PST) X-Google-Smtp-Source: APXvYqwG5AQcGyd2ZJAhlr/X6VLI0Jxc7WmK1rHCEJeSshOkTHLnHrM+LG/ZrYcBUrJshzYaJvy3 X-Received: by 2002:a9d:7c8a:: with SMTP id q10mr56353280otn.124.1577497804709; Fri, 27 Dec 2019 17:50:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577497804; cv=none; d=google.com; s=arc-20160816; b=S9WwykjVqA2P0BTpYzddPtrEBpiHIU3x5H0lISbl4YoLHpLG5W8MN1bxzBq1nXlM1w 99mGt+bEpvmyaq0mZJKWBiRSffQswC7+dwnXBtmFSAJNUOK9/iREwTETocDtusW+fzTk ZV+8so8q5DvjCPQkHtNMprWL9E42xOv2pqQQAN1cOrCfUt7m+8n8ijNmmHDQkn+OE5ch D6ERzzo9xbViuc4J+NE6i/lnjMjXRsc7TaFHmPVgxUrh+F6AxqzU+A7dqXdxThEGyOip x1tOH77F1OueYKj569qOg0IaQ5F1S2uN61V91lvVIrVjoD5wW3cXjiAuxpEXrwaOsKzr SE7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=NY2N4q5Dac+G88QX+oQjP46FWyhBolRVkhJcTyB0XSo=; b=HrjSqT3w3y1e8+sa1ugt1SDsO8+q6Z9wlAE+yhgr+8dqrAOu38kAG4d+KuwkQTMi8C kX/8uimLSLNykDiczWmSTkM6Ev8bMxGEoveXdS40m2c9ZZRBawIo2whf53W8htOk8nOd izrAU3GJe9Kgp3WQi1DR6RedamWmjfy9XggIqGP7ccgCTx7cEQi040/MiFcD4KpkthXH 0wVUTnGtopMi5NiYrEDQcpqUl3GUuaGeEGApL66Cu9KWceX3fv82fd4GwoIEpUa1eoD/ 957ADCEpjvJnFjjp4W/UTgm6GtKPU4pNqReLiFkH4JR2dP2hBvLgx0kfmnHIjSoTkYSq XrnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=AEifvLg1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h5si17858196oia.277.2019.12.27.17.49.52; Fri, 27 Dec 2019 17:50:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=AEifvLg1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726552AbfL1Bsn (ORCPT + 99 others); Fri, 27 Dec 2019 20:48:43 -0500 Received: from mail-io1-f66.google.com ([209.85.166.66]:34520 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725820AbfL1Bsm (ORCPT ); Fri, 27 Dec 2019 20:48:42 -0500 Received: by mail-io1-f66.google.com with SMTP id z193so27120334iof.1 for ; Fri, 27 Dec 2019 17:48:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=NY2N4q5Dac+G88QX+oQjP46FWyhBolRVkhJcTyB0XSo=; b=AEifvLg1nqDmp9j2ESQm2zzI2MO5rNW2M5ASqEAimcXs9HyA9NLhkvdkmRoXpxyKEQ 9H+w3XUhlzcfJ4qB2kS3Nxy5XW1JVEwJY+erWyk2+hsRB/DwVVMUMalmFpSpuruVqs1H hpNbeRboKp2kj1jJq0MCes+u5klrU7+OQo31U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=NY2N4q5Dac+G88QX+oQjP46FWyhBolRVkhJcTyB0XSo=; b=HFjhUIcHjjd+RV8vm9P6vZiwuBAu+11RWC2pTwKvG7nbJNyLw4FEiA53zmNr4kCENS FRJnaix6enPYY4Ry9w/sQP92Q0Ot/I4YxczhjhZ3ZmB+N2TjAuHwnSMjggR+U3IUXD4z CvRcxSSoMalKuZiAW5fPmEOlirqDta3HVKvKX+FRs1Qm8pxlE2qjp/hHvsPc9b5jMOQP eXETXq+esBk3DE32hzEZXhU4BxgI/47UkK6RunHCCTbE7OsjTYkiN6SzCNyvG9Dstq6U CaVgdj8m889GDyy1ZItWvuf1ueCar2tQrqrG1jIpnMPxhn7cl+JjV5TGXzKmiAaoex2j zDMQ== X-Gm-Message-State: APjAAAV7k0WbEb6ekHrJsrIwlJgggOgOVZnxyNZgqQSuqgvkp1DpH8F5 sXJWFwDc3I9Vn3OeXqI4SJVK6/c8dEU= X-Received: by 2002:a02:aa11:: with SMTP id r17mr43270716jam.88.1577497721350; Fri, 27 Dec 2019 17:48:41 -0800 (PST) Received: from ircssh-2.c.rugged-nimbus-611.internal (80.60.198.104.bc.googleusercontent.com. [104.198.60.80]) by smtp.gmail.com with ESMTPSA id w11sm12061922ilh.55.2019.12.27.17.48.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Dec 2019 17:48:40 -0800 (PST) Date: Sat, 28 Dec 2019 01:48:39 +0000 From: Sargun Dhillon To: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org Cc: tycho@tycho.ws, jannh@google.com, christian.brauner@ubuntu.com, keescook@chromium.org, cyphar@cyphar.com Subject: [PATCH v2 1/2] samples, selftests/seccomp: Zero out seccomp_notif Message-ID: <20191228014837.GA31774@ircssh-2.c.rugged-nimbus-611.internal> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The seccomp_notif structure should be zeroed out prior to calling the SECCOMP_IOCTL_NOTIF_RECV ioctl. Previously, the kernel did not check whether these structures were zeroed out or not, so these worked. Signed-off-by: Sargun Dhillon Cc: Kees Cook --- samples/seccomp/user-trap.c | 2 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/samples/seccomp/user-trap.c b/samples/seccomp/user-trap.c index 6d0125ca8af7..0ca8fb37cd79 100644 --- a/samples/seccomp/user-trap.c +++ b/samples/seccomp/user-trap.c @@ -298,7 +298,6 @@ int main(void) req = malloc(sizes.seccomp_notif); if (!req) goto out_close; - memset(req, 0, sizeof(*req)); resp = malloc(sizes.seccomp_notif_resp); if (!resp) @@ -306,6 +305,7 @@ int main(void) memset(resp, 0, sizeof(*resp)); while (1) { + memset(req, 0, sizes.seccomp_notif); if (ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, req)) { perror("ioctl recv"); goto out_resp; diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 6944b898bb53..f53f14971bff 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -3278,6 +3278,7 @@ TEST(user_notification_signal) close(sk_pair[1]); + memset(&req, 0, sizeof(req)); EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0); EXPECT_EQ(kill(pid, SIGUSR1), 0); @@ -3296,6 +3297,7 @@ TEST(user_notification_signal) EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), -1); EXPECT_EQ(errno, ENOENT); + memset(&req, 0, sizeof(req)); EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0); resp.id = req.id; -- 2.20.1