Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp70505ybl; Tue, 7 Jan 2020 14:21:16 -0800 (PST) X-Google-Smtp-Source: APXvYqyGDe+tUHMihAKOmD5NKghxLyBJYdJgSRPn2zG/9lmx+kaoAdNQqH4loPB/6AfksyRI+MhI X-Received: by 2002:a05:6830:20cf:: with SMTP id z15mr1865062otq.277.1578435676599; Tue, 07 Jan 2020 14:21:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578435676; cv=none; d=google.com; s=arc-20160816; b=UrX9oIqPgYIf8CfUx+6vlEWSvpn6eXA4F61SIVNxck+lVQ6sTTpUZ00zhJoPXHAbJC 8TNzZ1UhBlZxInybkpSZzLB9NzklHmEAcowllDe6ACrnD5RXWnXK3h6aTspf+oqUqMxb WiJNriLGeyhp/xoq6JRW5JZGk+F3rObFYXWIz9YYvAJtngzI8JHHJhTmUFZm9U0+F5Qq qmtGvapt66Ybz9Ld8hVy5dDCQ37XnQGepRzNSrFGcrZN5uJgmpaxEfKOhFlxc4+tWISs tSlGmyNKZ3yZU5hBdahAQLkIfvbNQ12A7w2cwsmDZjmH3f8G94Yd5eh5r9BYxu6BtnvQ cnnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Zb95Q/cm011QT1ZGgsbCvrz+k9bOB0k1uPIZLoGOnE8=; b=tqH9HqLNSKHuouXNjzUTXSrvRFQln5lMUqWqA0a/TqUtCZ93OrlxK6nFjrnnQ2K9m4 DXo8PwiUP1DYmzrCVlqLrMXliBNH/rpJXvayYjDjsgmn7mRBm7MtH66rO9XqXioTppHh ECx9qMIkAT3/47ooUh2TFn1409x32CFrfBKM1lQjr8aOo92JdVUIYwehF+5LsSeedlmL yDpG6SwlkdDuugoOhfAmYzd7/bWdwHuM0Ssaz6PGLXNak6uVuY1BmfgcYlzLr56FgpC6 tU0T469EyaYVNP1rg9W6CnTpdfxVrQvyFtCbJqYOUB2xLRBgEx1gOYLmURul0xdEtn+5 iDNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wuauVopS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w196si714473oia.135.2020.01.07.14.21.04; Tue, 07 Jan 2020 14:21:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wuauVopS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728433AbgAGVZo (ORCPT + 99 others); Tue, 7 Jan 2020 16:25:44 -0500 Received: from mail.kernel.org ([198.145.29.99]:33042 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728180AbgAGU7l (ORCPT ); Tue, 7 Jan 2020 15:59:41 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 36C582081E; Tue, 7 Jan 2020 20:59:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578430780; bh=oSVw/i/5zpP39arLMUvAIPUk4ziO5aQIjG1jYWIsv74=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wuauVopSBOE0aiHQCbgCgBnWjl4hudZ4eCx9fohhcyq+BlQkWum3hn7+FE/+knU6d /ZUMoSl8cvLSZ37bh/I32SQ6qLGWYrJl020l3ITgZIPlzfFjsx3AFps2zl7YbXoDZn rcDs9tuPVAhZMLAEqaRekKGxcgdShlM7yA0UWyD4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sargun Dhillon , Christian Brauner , Aleksa Sarai , Tycho Andersen , Kees Cook Subject: [PATCH 5.4 094/191] seccomp: Check that seccomp_notif is zeroed out by the user Date: Tue, 7 Jan 2020 21:53:34 +0100 Message-Id: <20200107205338.024294053@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200107205332.984228665@linuxfoundation.org> References: <20200107205332.984228665@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sargun Dhillon commit 2882d53c9c6f3b8311d225062522f03772cf0179 upstream. This patch is a small change in enforcement of the uapi for SECCOMP_IOCTL_NOTIF_RECV ioctl. Specifically, the datastructure which is passed (seccomp_notif) must be zeroed out. Previously any of its members could be set to nonsense values, and we would ignore it. This ensures all fields are set to their zero value. Signed-off-by: Sargun Dhillon Reviewed-by: Christian Brauner Reviewed-by: Aleksa Sarai Acked-by: Tycho Andersen Link: https://lore.kernel.org/r/20191229062451.9467-2-sargun@sargun.me Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook Signed-off-by: Greg Kroah-Hartman --- kernel/seccomp.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1015,6 +1015,13 @@ static long seccomp_notify_recv(struct s struct seccomp_notif unotif; ssize_t ret; + /* Verify that we're not given garbage to keep struct extensible. */ + ret = check_zeroed_user(buf, sizeof(unotif)); + if (ret < 0) + return ret; + if (!ret) + return -EINVAL; + memset(&unotif, 0, sizeof(unotif)); ret = down_interruptible(&filter->notif->request);