Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp12832231ybl; Sat, 28 Dec 2019 22:46:15 -0800 (PST) X-Google-Smtp-Source: APXvYqzEf/uqNbzZAbi4FA0vUq8b6UeYndPXDyd0IelvghdRgZ09WQt3oBKIeb7oZUXD1XhprodN X-Received: by 2002:a54:4f14:: with SMTP id e20mr4514833oiy.84.1577601975669; Sat, 28 Dec 2019 22:46:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577601975; cv=none; d=google.com; s=arc-20160816; b=yEgTRatfW2SR6ADQIpOF9q+Au4jKoNysUubdhEyNCt67jRs8zboxXfcdrTl7LlTrhi CjexBtGdEE3UMkHoL8OaiWnS/5PEvMpuXDLxpJp46MSbsOKv2F9PWT1rXS3mDBELkGCM kr80uq5QhYl/S/HMGYz3f3/X2gFmqf+TJPvIuCfUU9D/3uUThoIWTqo72fZ9108UtHRh T/BxVK8l0Ncxat9x8b/gV3j+ua+BEKpmHPC/hqcrle0kFYT+/sJmnBRIS0NUAwjeRp4y Phd/Z/770+JK1PNInT95D6QEyaU6O/qqAM0E/XkILfrtE+C2VRzG/kZX/JoKYPTvaxu9 SwfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=10zDnvpvgJY3+fg2idIElI8KZXsWauju2j/O5QjINPQ=; b=o85KI5OmZWMt0WfGt38sIHLzUbWwR25KmZ6JjSaBeBbCQM+GKFivnVH8i7UMRni/Uj rNfZHr4soXyd32SbZ/LPKfnBYztxTF+iAJhPjsybmBdmEQAZsRn8tKvRSO4b85EgDszA mrQR7w9B/REipO70Dljq+Cn4hNmCubQQdJJejGmvTQzpP3dwf02jumsMoC/iwh7PXL7j jmJlidgqX1n5DwXwPK1x5GFkzhJaXfy0x3ukelskXuJIdn34TY9BJuJj2Ni9zZazge7/ naNnKv1XIJitw2ohrhbVkNwepLck0+tcvz//74A5TfCTkTH/eaNqKEz/fbzc04603JoN aQ+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=cJFapQrL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g126si20072437oib.105.2019.12.28.22.46.04; Sat, 28 Dec 2019 22:46:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=cJFapQrL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726425AbfL2Gmn (ORCPT + 99 others); Sun, 29 Dec 2019 01:42:43 -0500 Received: from mail-il1-f196.google.com ([209.85.166.196]:44935 "EHLO mail-il1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726406AbfL2Gmn (ORCPT ); Sun, 29 Dec 2019 01:42:43 -0500 Received: by mail-il1-f196.google.com with SMTP id z12so25525886iln.11 for ; Sat, 28 Dec 2019 22:42:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=10zDnvpvgJY3+fg2idIElI8KZXsWauju2j/O5QjINPQ=; b=cJFapQrL43W7gizsvi1Gn3JwV1FWqQA4NyrNvcOgzUbs6M2WgdBaHksuPstTqPyNFD BlAgPYao7368C21/i4nvGYEG4/wnwzAvD3yGp8/PfkasQJqh/0Ksuoqi1o5Ep/efP4zD RYHf96bjqdbO5T5fFgz9Qas1ec1f4Pe9qvuVE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=10zDnvpvgJY3+fg2idIElI8KZXsWauju2j/O5QjINPQ=; b=cJiy6W2JKgTV6HypNhHxmFFyMCE6Mteo9mmVm0IGbvqKkHqzkEkCkxNFqBahN1BP6i pu+sVvS9GmTxo3uQZb0zhjyLsMrye9pwaUOlotztRzvCdS4l31Gkq6tHJkHCOsH9m9GU czXhMxWoFvOK5dZpW2dx+FAeTGnBGK2EJjI7snpd/XcunLj6hqby088cf5oQbczB6yLk h5sjGiGsZpUEMZ/xwaFTUFGP1Es5hOBzKPpANFBlB9TztX5dXuDcw3jb8fJ+oJB6b+Vf pgnYwYaFjnAWt/6DqhkcuZ4lQryONSpcEcj4HVmJoRCLdellf2vlsgygdCbi3KSiRslO jRLg== X-Gm-Message-State: APjAAAX51MKMxVsZEK/3LDHqnYboh1LkeEfxhE+OEaVtLJ+NDwS3Ru0v iurqRuQSYlRMeRznDetC0GaKWu9Y3VbCYg== X-Received: by 2002:a92:c8c4:: with SMTP id c4mr53014267ilq.38.1577601762024; Sat, 28 Dec 2019 22:42:42 -0800 (PST) Received: from ubuntu.netflix.com ([75.104.68.239]) by smtp.gmail.com with ESMTPSA id y11sm15112053ilp.46.2019.12.28.22.42.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 28 Dec 2019 22:42:41 -0800 (PST) From: Sargun Dhillon To: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org Cc: Jann Horn , Christian Brauner , Kees Cook , Aleksa Sarai , Tycho Andersen , Sargun Dhillon Subject: [PATCH v3 2/3] seccomp: Check that seccomp_notif is zeroed out by the user Date: Sat, 28 Dec 2019 22:24:50 -0800 Message-Id: <20191229062451.9467-2-sargun@sargun.me> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191229062451.9467-1-sargun@sargun.me> References: <20191229062451.9467-1-sargun@sargun.me> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch is a small change in enforcement of the uapi for SECCOMP_IOCTL_NOTIF_RECV ioctl. Specifically, the datastructure which is passed (seccomp_notif) must be zeroed out. Previously any of its members could be set to nonsense values, and we would ignore it. This ensures all fields are set to their zero value. Signed-off-by: Sargun Dhillon Cc: Kees Cook Reviewed-by: Christian Brauner Reviewed-by: Aleksa Sarai Acked-by: Tycho Andersen --- kernel/seccomp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 12d2227e5786..b6ea3dcb57bf 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1026,6 +1026,13 @@ static long seccomp_notify_recv(struct seccomp_filter *filter, struct seccomp_notif unotif; ssize_t ret; + /* Verify that we're not given garbage to keep struct extensible. */ + ret = check_zeroed_user(buf, sizeof(unotif)); + if (ret < 0) + return ret; + if (!ret) + return -EINVAL; + memset(&unotif, 0, sizeof(unotif)); ret = down_interruptible(&filter->notif->request); -- 2.20.1