[PATCH] seccomp: Check flags on seccomp_notif is unset

From: Sargun Dhillon
Date: Wed Dec 25 2019 - 16:46:34 EST


This patch is a small change in enforcement of the uapi for
SECCOMP_IOCTL_NOTIF_RECV ioctl. Specificaly, the datastructure which is
passed (seccomp_notif), has a flags member. Previously that could be
set to a nonsense value, and we would ignore it. This ensures that
no flags are set.

Signed-off-by: Sargun Dhillon <sargun@xxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
---
kernel/seccomp.c | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 12d2227e5786..455925557490 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1026,6 +1026,13 @@ static long seccomp_notify_recv(struct seccomp_filter *filter,
struct seccomp_notif unotif;
ssize_t ret;

+ if (copy_from_user(&unotif, buf, sizeof(unotif)))
+ return -EFAULT;
+
+ /* flags is reserved right now, make sure it's unset */
+ if (unotif.flags)
+ return -EINVAL;
+
memset(&unotif, 0, sizeof(unotif));

ret = down_interruptible(&filter->notif->request);
--
2.20.1