Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp11609687ybl; Fri, 27 Dec 2019 17:50:30 -0800 (PST) X-Google-Smtp-Source: APXvYqwV5ppDO3PErhWLyNrBg7MQ1aMjMuaCroOJq3BmrdhiHOlMyFDBKrt8grK3ln0ubsvSRphp X-Received: by 2002:a05:6830:1cc5:: with SMTP id p5mr35351432otg.218.1577497830053; Fri, 27 Dec 2019 17:50:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577497830; cv=none; d=google.com; s=arc-20160816; b=VFAKQvW4Q1zZ1W4eP2e45E90Och0KjkMf0HRjxTID7Qij3ZL4zOV4sngdu/52ZKvw4 OEBnlSx4mj2KidFwIkGtfuCXocQy6wOOkBe7/T8mUBXCroq7qfHeJ5qZXdxsahvxlwvJ gxsikWiYUzGXrXrP3WLlhsv4//6FMsrA0CgqlBzYVLSa9KpbjtXkIHyJxu4HH7+i1D4g XDtj5HKRE0c45+N1/v3wXuGWk9xnqi/IvX/WIyAWgsFCHlvsxw78cJEilLKGpijm7TEO MWithJYaeTEQEkX8/drxOMXr2H9o/0r0HR9dTt8aito+yg1xdVp7uxQ9/+Ef8X+WxqcO 6nCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=DDPiRYZKbt5YXi2Y+CUXPuPnWcpqDrbVx/b405CuP1A=; b=0CahVVBfuNGcNl+t0xUBy7Zsdu1+5ncr+995S0hWYA3VjlUQddRs4PvjL4ewXmszLI UBi2a1/B6tQEVH8IIhBl3PanMGMU//Pgwzlmiob/WtX64Nyi5U0s/Wv3+KtGh5fiD4Wv qAsVpTXccIFqismWQ/qbl1mJDTdFpMLzIlSc6/MW/XQanA9By08uZpXaEUkFB9CDY9m7 3t3mGQrSnBq97vnY4r3pXvf8HC/UYYw7RqC4n3nxaIxUkTolaUz/wIyiiErWh5dmBF+a eFXrxODH2tmJhkrOVsoNRjep33SAR/9uBSDt6gGzo4djIlKcN6Og6u1NdrvXxB124heu KFww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=z7N+czYv; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n85si17030627oig.191.2019.12.27.17.50.18; Fri, 27 Dec 2019 17:50:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=z7N+czYv; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726584AbfL1Bsy (ORCPT + 99 others); Fri, 27 Dec 2019 20:48:54 -0500 Received: from mail-il1-f196.google.com ([209.85.166.196]:46994 "EHLO mail-il1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725820AbfL1Bsy (ORCPT ); Fri, 27 Dec 2019 20:48:54 -0500 Received: by mail-il1-f196.google.com with SMTP id t17so23598082ilm.13 for ; Fri, 27 Dec 2019 17:48:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=DDPiRYZKbt5YXi2Y+CUXPuPnWcpqDrbVx/b405CuP1A=; b=z7N+czYvcFoUZNOTteUd/f/rHfciJ4hgUaWHyQLVN5HHfSLwU/odrwm8TCvckRM1ly ECiTcJMDn+llLl4v7RwW7/seiD9hC+3Z/OcMSSJLjNm3T81PtQp7QHh3x6VedLLacFIz ZelH1jhe171qCQkU34vsmEkQtwU982tQ6EZvo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=DDPiRYZKbt5YXi2Y+CUXPuPnWcpqDrbVx/b405CuP1A=; b=J1TimgXX81pzhy9XLkmhCxdvo+MUkfjpv1IWl9lhU/7ychf4Xq1bxOVkLTZ5Kl8lqz iMBEb6tIxhtOH7gyt2UGC0ULX2fO7kMgxjKwe/ILHl27d4+naWys3odgZaCwYSUueGEO pRm8S0g1xRa5/fvsh0buWt7Cn69Py24i9ovoz+OEt8uddeSq7cko9/tcl+nC2FaLHf8s 0fWziE2QR3zK8W5GdsuIEnJE3Jkw1dDoOHpud1NRe5EmoRSICOb+H06GJgVFHUik3vYU fufjMFRugODVdP6qjOxooFTJcO2ts9RaVWEzoBHDMkqFEYKgmcYzbT0b9ooFlhLTxFVI aTqA== X-Gm-Message-State: APjAAAV8b4bkdPTnpwe8wMMt1xyt8zZBHdRuzVYY4nzMYINA/CEuqPHJ vnvGRy6AkwJ3cbsIm8i5aC66eOGmJI0= X-Received: by 2002:a92:b6db:: with SMTP id m88mr34585103ill.220.1577497733231; Fri, 27 Dec 2019 17:48:53 -0800 (PST) Received: from ircssh-2.c.rugged-nimbus-611.internal (80.60.198.104.bc.googleusercontent.com. [104.198.60.80]) by smtp.gmail.com with ESMTPSA id n20sm9732216ioj.83.2019.12.27.17.48.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Dec 2019 17:48:53 -0800 (PST) Date: Sat, 28 Dec 2019 01:48:51 +0000 From: Sargun Dhillon To: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org Cc: tycho@tycho.ws, jannh@google.com, christian.brauner@ubuntu.com, keescook@chromium.org, cyphar@cyphar.com Subject: [PATCH v2 2/2] seccomp: Check that seccomp_notif is zeroed out by the user Message-ID: <20191228014849.GA31783@ircssh-2.c.rugged-nimbus-611.internal> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch is a small change in enforcement of the uapi for SECCOMP_IOCTL_NOTIF_RECV ioctl. Specifically, the datastructure which is passed (seccomp_notif) must be zeroed out. Previously any of its members could be set to nonsense values, and we would ignore it. This ensures all fields are set to their zero value. This relies on the seccomp_notif datastructure to not have any unnamed padding, as it is valid to initialize the datastructure as: struct seccomp_notif notif = {}; This only initializes named members to their 0-value [1]. [1]: https://lore.kernel.org/lkml/20191227023131.klnobtlfgeqcmvbb@yavin.dot.cyphar.com/ Signed-off-by: Sargun Dhillon Cc: Kees Cook --- kernel/seccomp.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 12d2227e5786..4fd73cbdd01e 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1026,6 +1026,12 @@ static long seccomp_notify_recv(struct seccomp_filter *filter, struct seccomp_notif unotif; ssize_t ret; + ret = check_zeroed_user(buf, sizeof(unotif)); + if (ret < 0) + return ret; + if (!ret) + return -EINVAL; + memset(&unotif, 0, sizeof(unotif)); ret = down_interruptible(&filter->notif->request); -- 2.20.1