From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 680ADC35240 for ; Sun, 26 Jan 2020 04:14:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3AA732075D for ; Sun, 26 Jan 2020 04:14:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729236AbgAZEOt (ORCPT ); Sat, 25 Jan 2020 23:14:49 -0500 Received: from mx2.suse.de ([195.135.220.15]:43448 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729112AbgAZEOt (ORCPT ); Sat, 25 Jan 2020 23:14:49 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id A41ACAC5C; Sun, 26 Jan 2020 04:14:47 +0000 (UTC) Date: Sun, 26 Jan 2020 15:14:39 +1100 From: Aleksa Sarai To: Aleksa Sarai Cc: Sargun Dhillon , linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org, containers@lists.linux-foundation.org, linux-kernel@vger.kernel.org, christian.brauner@ubuntu.com Subject: Re: [PATCH 3/4] seccomp: Add SECCOMP_USER_NOTIF_FLAG_PIDFD to get pidfd on listener trap Message-ID: <20200126041439.liwfmb4h74zmhi76@yavin.dot.cyphar.com> References: <20200124091743.3357-1-sargun@sargun.me> <20200124091743.3357-4-sargun@sargun.me> <20200126040325.5eimmm7hli5qcqrr@yavin.dot.cyphar.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="hqgjtbxoii2e4zog" Content-Disposition: inline In-Reply-To: <20200126040325.5eimmm7hli5qcqrr@yavin.dot.cyphar.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --hqgjtbxoii2e4zog Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2020-01-26, Aleksa Sarai wrote: > On 2020-01-24, Sargun Dhillon wrote: > > static long seccomp_notify_recv(struct seccomp_filter *filter, > > void __user *buf) > > { > > struct seccomp_knotif *knotif =3D NULL, *cur; > > struct seccomp_notif unotif; > > + struct task_struct *group_leader; > > + bool send_pidfd; > > ssize_t ret; > > =20 > > + if (copy_from_user(&unotif, buf, sizeof(unotif))) > > + return -EFAULT; > > /* Verify that we're not given garbage to keep struct extensible. */ > > - ret =3D check_zeroed_user(buf, sizeof(unotif)); > > - if (ret < 0) > > - return ret; > > - if (!ret) > > + if (unotif.id || > > + unotif.pid || > > + memchr_inv(&unotif.data, 0, sizeof(unotif.data)) || > > + unotif.pidfd) > > + return -EINVAL; >=20 > IMHO this check is more confusing than the original check_zeroed_user(). > Something like the following is simpler and less prone to forgetting to > add a new field in the future: >=20 > if (memchr_inv(&unotif, 0, sizeof(unotif))) > return -EINVAL; Also the check in the patch doesn't ensure that any unnamed padding is zeroed -- memchr_inv(&unotif, 0, sizeof(unotif)) does. --=20 Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH --hqgjtbxoii2e4zog Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAl4tEiwACgkQnhiqJn3b jbTteQ/+JshgPkAMJKFvNtMDmJpL7P7c3yj6E3WmLPyOsxvBYndxxt2T8/NGEkps dyUtBVjqguB9yUDaHUw5K7Ac86pAlyjG+gQVO0tk3LKA649QJoa05hLw6ix0Eg4E W9CkIDesL5daNxCn5Qm6fhB8/KTK2ex4JAQEhLX6wyx2/q+5J0i+ZDdDVhMlQC4N XZ+s8p3O6j+sEtA7W1cO7Xq+GWqwOtH772Cy4BT1s6hIIpkBS05VXtN6rzwKj15D 8QkXyfBhHk1p6C92tr/N0RHZ2k5Im2ySDGGg9G6BVOSoUAIPvUyjRlPIj6gSXsuN 0HvC4olEAD/9ZQQIoPtfSGYpvG9y/tndpAGKMDZjfKmg/IGFHrfTLAUPPvOYCSox elV4e8mfwRu2oOZaYwBRasWc7NNUdYwetOkaRwnMiMoxSMHCBK1JBkhwjVoohAsM C84aTpwyJcqCx+HB8drVI28eZp1+ukA/aDdxSW4l6gUSkfwxrkIEMOEFSlwQfrH3 5R3uYw6FTZL2Pcs6TN1W2oVawF7BYkQnvpvG8iHaflgkICajnMpWrcJT6l+IdkQq dmtwaJKc/ExzVmlNzwyVD4nKg00Du1am5Fithn6eRZWj9GY5pMhz6qh9xZJgA03J KOtokDIAmVO+C1CieF4aj394NbS4gYm0u9aXgyv0yG6060jcaXw= =TQFh -----END PGP SIGNATURE----- --hqgjtbxoii2e4zog--