diff mbox

[Vivid,SRU,1/1] seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO

Message ID 1442340797-32715-2-git-send-email-brad.figg@canonical.com
State New
Headers show

Commit Message

Brad Figg Sept. 15, 2015, 6:13 p.m. UTC 
From: Kees Cook <keescook@chromium.org>

BugLink: http://bugs.launchpad.net/bugs/1496073

The value resulting from the SECCOMP_RET_DATA mask could exceed MAX_ERRNO
when setting errno during a SECCOMP_RET_ERRNO filter action.  This makes
sure we have a reliable value being set, so that an invalid errno will not
be ignored by userspace.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Dmitry V. Levin <ldv@altlinux.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 580c57f1076872ebc2427f898b927944ce170f2d)
Signed-off-by: Brad Figg <brad.figg@canonical.com>

 100.0% kernel/
---
 kernel/seccomp.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Tim Gardner Sept. 15, 2015, 6:47 p.m. UTC | #1
Chris J Arges Sept. 15, 2015, 6:53 p.m. UTC | #2 
On Tue, Sep 15, 2015 at 11:13:17AM -0700, Brad Figg wrote:
> From: Kees Cook <keescook@chromium.org>
> 
> BugLink: http://bugs.launchpad.net/bugs/1496073
> 
> The value resulting from the SECCOMP_RET_DATA mask could exceed MAX_ERRNO
> when setting errno during a SECCOMP_RET_ERRNO filter action.  This makes
> sure we have a reliable value being set, so that an invalid errno will not
> be ignored by userspace.
> 
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Reported-by: Dmitry V. Levin <ldv@altlinux.org>
> Cc: Andy Lutomirski <luto@amacapital.net>
> Cc: Will Drewry <wad@chromium.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> (cherry picked from commit 580c57f1076872ebc2427f898b927944ce170f2d)
> Signed-off-by: Brad Figg <brad.figg@canonical.com>
> 
>  100.0% kernel/
> ---
>  kernel/seccomp.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
> index 4ef9687..4f44028 100644
> --- a/kernel/seccomp.c
> +++ b/kernel/seccomp.c
> @@ -629,7 +629,9 @@ static u32 __seccomp_phase1_filter(int this_syscall, struct seccomp_data *sd)
>  
>  	switch (action) {
>  	case SECCOMP_RET_ERRNO:
> -		/* Set the low-order 16-bits as a errno. */
> +		/* Set low-order bits as an errno, capped at MAX_ERRNO. */
> +		if (data > MAX_ERRNO)
> +			data = MAX_ERRNO;
>  		syscall_set_return_value(current, task_pt_regs(current),
>  					 -data, 0);
>  		goto skip;
> -- 
> 1.9.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
diff mbox

Patch

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 4ef9687..4f44028 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -629,7 +629,9 @@  static u32 __seccomp_phase1_filter(int this_syscall, struct seccomp_data *sd)
 
 	switch (action) {
 	case SECCOMP_RET_ERRNO:
-		/* Set the low-order 16-bits as a errno. */
+		/* Set low-order bits as an errno, capped at MAX_ERRNO. */
+		if (data > MAX_ERRNO)
+			data = MAX_ERRNO;
 		syscall_set_return_value(current, task_pt_regs(current),
 					 -data, 0);
 		goto skip;