Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp14633753ybl;
        Mon, 30 Dec 2019 14:04:24 -0800 (PST)
X-Google-Smtp-Source: APXvYqwXOaf4mhNT0SchitZCalW+nqVa8Rt9gMqJPPo3FXQWmQyLYZQzsJ2BAQ8D5reJTHzY4rNS
X-Received: by 2002:a9d:2028:: with SMTP id n37mr80029330ota.127.1577743464337;
        Mon, 30 Dec 2019 14:04:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1577743464; cv=none;
        d=google.com; s=arc-20160816;
        b=nUiiiv8DrMlZhii16saKQab1igTdbb1rGHwgcXuUtXOz2BohYuLqlsHZca9N+oZaDE
         22lKe1qW8OCt+p0Ott8TeSR/anLTgUnUZ8jsfQ2voATz7Xdl+D0PPBiDVR1L61sATFV2
         /O5AKvcr60e7eUHYl+Ocrpp43NzlmF4AobOt9GtjmxI+lgc0XF6rcKDNYEP4Dt7BIWr5
         FWRRxByFPcP1X52v+LcMB5zc577Ifl6cwrZZbXCO38u1oK61yaRlUk/5y1MT61yuVXH/
         MlGWJ9YGU6QFrn+dHG2bpSgng+6YHCx+k4lmpiR7C//xHT4pWifaxJRvRJf7BjBHa/Mh
         egFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=YzvK3lw7REm+d3DorChVuNUjGAEcBQeyAFoY/nT0KFA=;
        b=A7qAoYA792AMQY04oy+w2jOt5Xq3PZPIioguNBqxZJ6kKC+ba+voKtlujf5LV0pdLS
         SYbJverW1dxoW8ECQmvRLVkgX3PdSk671en0E3CBXe0gPXhC8Kl64Lq+jIC08j6NcwZK
         iBabuxkuHp+WIc/yZ+wBAnmvEqZl5fGug1KvlbBJnqnsdvGPeiX1xdFz32ol63qH0rpT
         /pK+f8YzFrI8bXZluJ0dEd8t/aU90WF3aqIEwBNCfsyWp2v6ww4a0ohH0bj6C1OWDsYD
         ClluZ5IC6t6sYA3Dt5v8IddRhWyRjTdiAyQKRPqesagQgD261C9wKDeWWM9oBZwiCpPB
         DYPw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=YJFfA9U5;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g5si25014225otn.232.2019.12.30.14.04.10;
        Mon, 30 Dec 2019 14:04:24 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=YJFfA9U5;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727761AbfL3WCt (ORCPT <rfc822;zhangckid@gmail.com> + 99 others);
        Mon, 30 Dec 2019 17:02:49 -0500
Received: from mail-oi1-f195.google.com ([209.85.167.195]:33444 "EHLO
        mail-oi1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727691AbfL3WCs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 30 Dec 2019 17:02:48 -0500
Received: by mail-oi1-f195.google.com with SMTP id v140so11560904oie.0
        for <linux-kernel@vger.kernel.org>; Mon, 30 Dec 2019 14:02:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=YzvK3lw7REm+d3DorChVuNUjGAEcBQeyAFoY/nT0KFA=;
        b=YJFfA9U5/zxM8uThmIhHdSff5EiB/t7YyoTIqJWn5wxYA3R4rPc+kZvHhxX8JQ4rN/
         T5NnBcELhpGtUOUlRB7O8ztldeHkExKTseZwZ6eqysvJjc2SjtELbKU8e3rpan47cBoL
         2dISubjtDEISV3v9SvPG8msQa/SqVEyoXVvHc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=YzvK3lw7REm+d3DorChVuNUjGAEcBQeyAFoY/nT0KFA=;
        b=TSL5u4I7IDPSCi0c4g5N8heez/1DTrhubA0MnrlUxoxZpE+SK2JQPCDqqQmpJI2CAA
         iBjyXtIQJQ+l+zVbUMhOMu1zeROD9AU4WaP9dY4Mx3jE8ukRUxgUPTe2FFYJsaQH9be8
         B1S1QIPPsH6JSiuMh5uBd1NHAwvm7BlBLOmDlomCYXgNoOmARSlmcj2wpdN86qcVES12
         7fQCCbvRojRQ1zlq5Lnt1a2tCx7ImZetJbi25ZxHubi6g4u5jgZBGAImlqY4gdvSciv2
         O3OESJbZEdnUVvDc63jdX0uBMN1nllpBDXx86iBP2wBNGmh9U2ekZUMlS2SwO3HaDEVS
         R77Q==
X-Gm-Message-State: APjAAAX/GjITS2TYfwW4BMCTZlCZt6J0xI3/HqISQ3uB5hhv3jLH9Plg
        4mEn38zY8rMQhTDu3C9pOakJww==
X-Received: by 2002:a54:4602:: with SMTP id p2mr401583oip.138.1577743367953;
        Mon, 30 Dec 2019 14:02:47 -0800 (PST)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id k17sm14146392oic.45.2019.12.30.14.02.47
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 30 Dec 2019 14:02:47 -0800 (PST)
Date:   Mon, 30 Dec 2019 14:02:45 -0800
From:   Kees Cook <keescook@chromium.org>
To:     Sargun Dhillon <sargun@sargun.me>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Aleksa Sarai <cyphar@cyphar.com>,
        Tycho Andersen <tycho@tycho.ws>
Subject: Re: [PATCH] selftests/seccomp: Test kernel catches garbage on
 SECCOMP_IOCTL_NOTIF_RECV
Message-ID: <201912301402.DAA6ED9A0@keescook>
References: <20191230203811.4996-1-sargun@sargun.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20191230203811.4996-1-sargun@sargun.me>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Dec 30, 2019 at 12:38:11PM -0800, Sargun Dhillon wrote:
> This adds to the user_notification_basic to set a field of seccomp_notif
> to an invalid value to ensure that the kernel returns EINVAL if any of the
> seccomp_notif fields are set to invalid values.
> 
> Signed-off-by: Sargun Dhillon <sargun@sargun.me>
> Suggested-by: Christian Brauner <christian.brauner@ubuntu.com>
> Cc: Kees Cook <keescook@chromium.org>

Thanks! Applied. :)

-Kees

> ---
>  tools/testing/selftests/seccomp/seccomp_bpf.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
> index f53f14971bff..393578a78dbc 100644
> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
> @@ -3158,6 +3158,13 @@ TEST(user_notification_basic)
>  	EXPECT_GT(poll(&pollfd, 1, -1), 0);
>  	EXPECT_EQ(pollfd.revents, POLLIN);
>  
> +	/* Test that we can't pass garbage to the kernel. */
> +	memset(&req, 0, sizeof(req));
> +	req.pid = -1;
> +	EXPECT_EQ(-1, ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req));
> +	EXPECT_EQ(EINVAL, errno);
> +
> +	req.pid = 0;
>  	EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0);
>  
>  	pollfd.fd = listener;
> -- 
> 2.20.1
> 

-- 
Kees Cook