Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2636167pxa;
        Mon, 17 Aug 2020 15:05:23 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz/JAKFIC41If1PgtAjX0VEjVO72DgWTGvpH5xvI4zu2yWN2QlFkzfS4Vap8Difa2+ihnvp
X-Received: by 2002:a17:906:9609:: with SMTP id s9mr16983710ejx.232.1597701923054;
        Mon, 17 Aug 2020 15:05:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1597701923; cv=none;
        d=google.com; s=arc-20160816;
        b=yRz5Bas65ItCTHFLV3SCLSyXYCTcJEvLpRngLoRPceN+lQ9aq423dqAN+I4gdDUz3g
         LGCmrHsAy65JBQ2J/HouJ0zjvtgVWQ0zwRcDmx0o0fHESa/TGy013Tzt82YdUte7av1V
         dM0mrnZr1M2aUuOKPsQBca/sEDw5doXLInvwGudrvTEAqhIf8tT26EKMuwBo/9qzoaJh
         rjCkrm2xDTkgsKTrkAq4EKRExomKLfZ1vfTCkXG/LKAV9tkD07uycpkzew/jLdp2f4xY
         prk/airkdlqO0bh4u4tA/sNHduyG2lJvjelJVV3/JAJ/2VSBi+Mc6fN9WwGCsuMDwyA7
         f6VQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=hvRnQNAK5n9dUUqYS60ttUxieNONPBQa+3B7At0en9Q=;
        b=l4XEgJjkbjuuYjYRCyRmFjtvg0L3NVqOeTmtKDVS5SmFX71A2IErr9KC1xhn7Y2VDD
         2p5xZGf9Xq1u1+G89q9QFP7tcBzCJrausNNaTlaS4jeX9+PK6byig6jAGfnqkgIi+T/C
         x5rM2Nr+Wo476vnDiZCiWOrH5NyHFMftV+twsTzHlCyueYXulB6Si4GXIFcP1ceGSLJ7
         CQsVrv9sJ48pyIW44ms3XiuKN+n6CJDRPeoqZQl0BpM/nRMoz4xZQjMXLX61TEG3X2CG
         Iez6fT9xzCn6Ry8RD8piiEfRlYnZUim3IY8cvSPkfN9gkXxdEnmpdT7sd0BW3y58mvPe
         BEKg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ozm2lDhX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r14si11764562ejb.283.2020.08.17.15.04.59;
        Mon, 17 Aug 2020 15:05:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ozm2lDhX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387995AbgHQQBS (ORCPT <rfc822;parkch98@gmail.com> + 99 others);
        Mon, 17 Aug 2020 12:01:18 -0400
Received: from mail.kernel.org ([198.145.29.99]:53224 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2387599AbgHQPm6 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 17 Aug 2020 11:42:58 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id C111222CAE;
        Mon, 17 Aug 2020 15:42:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1597678977;
        bh=/UEqwzic9EGyYzOQJVauOsfUX8Ho4axU58aHeAfs0dI=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=ozm2lDhXV+BPgSXe5g4ZKJMORqcnBUFqF5LPRdNuPGU5eXkZRzy2F/UuQTHi+DgPf
         NoP3HJwPo++G4ZZJs4vbyDfD+IAOCW2IwMfClSAROuR5Kgf8RYOuYaF48eTlzeZ1Xo
         atY/Sg6NEuep0ZnGALGFabAxg7pWoKXyYa40qTN4=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Kees Cook <keescook@chromium.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.7 053/393] seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID
Date:   Mon, 17 Aug 2020 17:11:43 +0200
Message-Id: <20200817143822.186829226@linuxfoundation.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200817143819.579311991@linuxfoundation.org>
References: <20200817143819.579311991@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Kees Cook <keescook@chromium.org>

[ Upstream commit 47e33c05f9f07cac3de833e531bcac9ae052c7ca ]

When SECCOMP_IOCTL_NOTIF_ID_VALID was first introduced it had the wrong
direction flag set. While this isn't a big deal as nothing currently
enforces these bits in the kernel, it should be defined correctly. Fix
the define and provide support for the old command until it is no longer
needed for backward compatibility.

Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/uapi/linux/seccomp.h                  | 3 ++-
 kernel/seccomp.c                              | 9 +++++++++
 tools/testing/selftests/seccomp/seccomp_bpf.c | 2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
index c1735455bc536..965290f7dcc28 100644
--- a/include/uapi/linux/seccomp.h
+++ b/include/uapi/linux/seccomp.h
@@ -123,5 +123,6 @@ struct seccomp_notif_resp {
 #define SECCOMP_IOCTL_NOTIF_RECV	SECCOMP_IOWR(0, struct seccomp_notif)
 #define SECCOMP_IOCTL_NOTIF_SEND	SECCOMP_IOWR(1,	\
 						struct seccomp_notif_resp)
-#define SECCOMP_IOCTL_NOTIF_ID_VALID	SECCOMP_IOR(2, __u64)
+#define SECCOMP_IOCTL_NOTIF_ID_VALID	SECCOMP_IOW(2, __u64)
+
 #endif /* _UAPI_LINUX_SECCOMP_H */
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 55a6184f59903..63e283c4c58eb 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -42,6 +42,14 @@
 #include <linux/uaccess.h>
 #include <linux/anon_inodes.h>
 
+/*
+ * When SECCOMP_IOCTL_NOTIF_ID_VALID was first introduced, it had the
+ * wrong direction flag in the ioctl number. This is the broken one,
+ * which the kernel needs to keep supporting until all userspaces stop
+ * using the wrong command number.
+ */
+#define SECCOMP_IOCTL_NOTIF_ID_VALID_WRONG_DIR	SECCOMP_IOR(2, __u64)
+
 enum notify_state {
 	SECCOMP_NOTIFY_INIT,
 	SECCOMP_NOTIFY_SENT,
@@ -1186,6 +1194,7 @@ static long seccomp_notify_ioctl(struct file *file, unsigned int cmd,
 		return seccomp_notify_recv(filter, buf);
 	case SECCOMP_IOCTL_NOTIF_SEND:
 		return seccomp_notify_send(filter, buf);
+	case SECCOMP_IOCTL_NOTIF_ID_VALID_WRONG_DIR:
 	case SECCOMP_IOCTL_NOTIF_ID_VALID:
 		return seccomp_notify_id_valid(filter, buf);
 	default:
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index c0aa46ce14f6c..c84c7b50331c6 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -180,7 +180,7 @@ struct seccomp_metadata {
 #define SECCOMP_IOCTL_NOTIF_RECV	SECCOMP_IOWR(0, struct seccomp_notif)
 #define SECCOMP_IOCTL_NOTIF_SEND	SECCOMP_IOWR(1,	\
 						struct seccomp_notif_resp)
-#define SECCOMP_IOCTL_NOTIF_ID_VALID	SECCOMP_IOR(2, __u64)
+#define SECCOMP_IOCTL_NOTIF_ID_VALID	SECCOMP_IOW(2, __u64)
 
 struct seccomp_notif {
 	__u64 id;
-- 
2.25.1