Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp11622647ybl; Fri, 27 Dec 2019 18:08:32 -0800 (PST) X-Google-Smtp-Source: APXvYqxSx4MaMvUInupFO8UMhsqHmi2vY2BAgjONSJVFmKsAcixMRanV+H8gkElWqhlEChFeUENC X-Received: by 2002:a05:6830:12ce:: with SMTP id a14mr23869451otq.366.1577498912002; Fri, 27 Dec 2019 18:08:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577498911; cv=none; d=google.com; s=arc-20160816; b=ZC1VywYfoz3f9udEfnTdpWpZRMdBrMyK3KHddlVb6ViJG23WpEVvLPZC+EF5RmIL2G cRTkP/H1DxMMe0a6PVw63W00g9j9b+gTNCNehnnpZmB16zGyjumunWQHR58vuhpScUGu wM/qR+Q/pAJcByJTRwnBY897+1QetjAdNuRKK+C5VH8WIWhz3/GGZGytU1Pgl6dZRRYD z7Rza8+XMF/bsey/M6LZluw1Q6gjSrdyGu/kt9lOtZ6y22Yz3bLzdiaNNPgQLrCNnlmC 9qZ7WaiF163OSng4H6N0WdRWeLM4QM0qN6TIsHkos3B+OK4dIy/kN6ThD9NO6EdSCnWh IAow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=C+TF+zR8C3hyHhVqlKZQpib6KnRXVirZl4LekkXqx9Y=; b=UKwgUeJz9bSbvIF/kAm4uf/mhk96tykQ5QxlKGJ4aCSelb958el6hU61EUvOqpfKOW oYJ0wnr2dmsdcx/70ifaZCpY9uqV75LQo3UxBPDLDlqIXT3i79z4AKQk6bh1wXaV3mre fjjBzmLGeIjr+UiMMquItLRKJ2EeUyEe6BBDCqy1C5MwzWT2C1g7U4Ibk8rTKcJLWHLd dsr9UZZaXR1L0t68LBJZm082Fb20SuLF9evJphuH2Z54/IhmC11gZl4B7UPZZybgMe5m 75MJH1eCQmp8cRsLSayvZEbaKw8J+v1FcMz+NDwMQ62upww6LcritkkF3OwzhTGxCq4X FB/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y8si18886069otg.309.2019.12.27.18.08.08; Fri, 27 Dec 2019 18:08:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726195AbfL1CG7 (ORCPT + 99 others); Fri, 27 Dec 2019 21:06:59 -0500 Received: from mout-p-101.mailbox.org ([80.241.56.151]:43742 "EHLO mout-p-101.mailbox.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726044AbfL1CG7 (ORCPT ); Fri, 27 Dec 2019 21:06:59 -0500 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 47l6Wh5jNVzKmbc; Sat, 28 Dec 2019 03:06:56 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter01.heinlein-hosting.de (spamfilter01.heinlein-hosting.de [80.241.56.115]) (amavisd-new, port 10030) with ESMTP id 3Fcw9sovV883; Sat, 28 Dec 2019 03:06:51 +0100 (CET) Date: Sat, 28 Dec 2019 13:06:43 +1100 From: Aleksa Sarai To: Sargun Dhillon Cc: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, tycho@tycho.ws, jannh@google.com, christian.brauner@ubuntu.com, keescook@chromium.org Subject: Re: [PATCH v2 2/2] seccomp: Check that seccomp_notif is zeroed out by the user Message-ID: <20191228020643.jb2kn5wztwnrpr74@yavin.dot.cyphar.com> References: <20191228014849.GA31783@ircssh-2.c.rugged-nimbus-611.internal> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="54mmka6dnelc3rwm" Content-Disposition: inline In-Reply-To: <20191228014849.GA31783@ircssh-2.c.rugged-nimbus-611.internal> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --54mmka6dnelc3rwm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2019-12-28, Sargun Dhillon wrote: > This patch is a small change in enforcement of the uapi for > SECCOMP_IOCTL_NOTIF_RECV ioctl. Specifically, the datastructure which > is passed (seccomp_notif) must be zeroed out. Previously any of its > members could be set to nonsense values, and we would ignore it. >=20 > This ensures all fields are set to their zero value. >=20 > This relies on the seccomp_notif datastructure to not have > any unnamed padding, as it is valid to initialize the datastructure > as: >=20 > struct seccomp_notif notif =3D {}; >=20 > This only initializes named members to their 0-value [1]. >=20 > [1]: https://lore.kernel.org/lkml/20191227023131.klnobtlfgeqcmvbb@yavin.d= ot.cyphar.com/ >=20 > Signed-off-by: Sargun Dhillon > Cc: Kees Cook Looks good. Reviewed-by: Aleksa Sarai > --- > kernel/seccomp.c | 6 ++++++ > 1 file changed, 6 insertions(+) >=20 > diff --git a/kernel/seccomp.c b/kernel/seccomp.c > index 12d2227e5786..4fd73cbdd01e 100644 > --- a/kernel/seccomp.c > +++ b/kernel/seccomp.c > @@ -1026,6 +1026,12 @@ static long seccomp_notify_recv(struct seccomp_fil= ter *filter, > struct seccomp_notif unotif; > ssize_t ret; > =20 > + ret =3D check_zeroed_user(buf, sizeof(unotif)); > + if (ret < 0) > + return ret; > + if (!ret) > + return -EINVAL; > + > memset(&unotif, 0, sizeof(unotif)); > =20 > ret =3D down_interruptible(&filter->notif->request); > --=20 > 2.20.1 >=20 --=20 Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH --54mmka6dnelc3rwm Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQSxZm6dtfE8gxLLfYqdlLljIbnQEgUCXga4rwAKCRCdlLljIbnQ EnMAAP9Xs8l4Hin1hWv97QM7HT0Sw7QrXAEhmfu1n2Kz+eMk3AD/YAtD/Zr4L7OC hJdpl7t6/Bega+Lr5/MbnPjfDdjANQ8= =TLug -----END PGP SIGNATURE----- --54mmka6dnelc3rwm--