linux

Maksytka/linux

Fork 0

mirror of https://github.com/torvalds/linux.git synced 2025-12-01 07:26:02 +07:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Arnd Bergmann	56af94aace	samples: user-trap: fix strict-aliasing warning I started getting warnings for this one file, though I can't see what changed since it was originally introduced in commit `fec7b66905` ("samples: add an example of seccomp user trap"). samples/seccomp/user-trap.c: In function 'send_fd': samples/seccomp/user-trap.c:50:11: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 50 \| ((int )CMSG_DATA(cmsg)) = fd; \| ~^~~~~~~~~~~~~~~~~~~~~~~ samples/seccomp/user-trap.c: In function 'recv_fd': samples/seccomp/user-trap.c:83:18: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 83 \| return ((int )CMSG_DATA(cmsg)); \| ~^~~~~~~~~~~~~~~~~~~~~~~ Using a temporary pointer variable avoids the warning. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/r/20240212111737.917428-1-arnd@kernel.org Acked-by: Tycho Andersen <tandersen@netflix.com> Signed-off-by: Kees Cook <keescook@chromium.org>	2024-02-12 10:42:02 -08:00
Sargun Dhillon	771b894f2f	samples/seccomp: Zero out members based on seccomp_notif_sizes The sizes by which seccomp_notif and seccomp_notif_resp are allocated are based on the SECCOMP_GET_NOTIF_SIZES ioctl. This allows for graceful extension of these datastructures. If userspace zeroes out the datastructure based on its version, and it is lagging behind the kernel's version, it will end up sending trailing garbage. On the other hand, if it is ahead of the kernel version, it will write extra zero space, and potentially cause corruption. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Suggested-by: Tycho Andersen <tycho@tycho.ws> Link: https://lore.kernel.org/r/20191230203503.4925-1-sargun@sargun.me Fixes: `fec7b66905` ("samples: add an example of seccomp user trap") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org>	2020-01-02 13:03:39 -08:00
Tycho Andersen	fec7b66905	samples: add an example of seccomp user trap The idea here is just to give a demonstration of how one could safely use the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular policy is (as noted in the comment) not very interesting, but it serves to illustrate how one might apply a policy dodging the various TOCTOU issues. Signed-off-by: Tycho Andersen <tycho@tycho.ws> CC: Kees Cook <keescook@chromium.org> CC: Andy Lutomirski <luto@amacapital.net> CC: Oleg Nesterov <oleg@redhat.com> CC: Eric W. Biederman <ebiederm@xmission.com> CC: "Serge E. Hallyn" <serge@hallyn.com> CC: Christian Brauner <christian@brauner.io> CC: Tyler Hicks <tyhicks@canonical.com> CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> Signed-off-by: Kees Cook <keescook@chromium.org>	2018-12-11 16:32:11 -08:00

Arnd Bergmann

56af94aace

samples: user-trap: fix strict-aliasing warning

I started getting warnings for this one file, though I can't see what changed
since it was originally introduced in commit fec7b66905 ("samples: add an
example of seccomp user trap").

samples/seccomp/user-trap.c: In function 'send_fd':
samples/seccomp/user-trap.c:50:11: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
   50 |         *((int *)CMSG_DATA(cmsg)) = fd;
      |          ~^~~~~~~~~~~~~~~~~~~~~~~
samples/seccomp/user-trap.c: In function 'recv_fd':
samples/seccomp/user-trap.c:83:18: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
   83 |         return *((int *)CMSG_DATA(cmsg));
      |                 ~^~~~~~~~~~~~~~~~~~~~~~~

Using a temporary pointer variable avoids the warning.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20240212111737.917428-1-arnd@kernel.org
Acked-by: Tycho Andersen <tandersen@netflix.com>
Signed-off-by: Kees Cook <keescook@chromium.org>

2024-02-12 10:42:02 -08:00

Sargun Dhillon

771b894f2f

samples/seccomp: Zero out members based on seccomp_notif_sizes

The sizes by which seccomp_notif and seccomp_notif_resp are allocated are
based on the SECCOMP_GET_NOTIF_SIZES ioctl. This allows for graceful
extension of these datastructures. If userspace zeroes out the
datastructure based on its version, and it is lagging behind the kernel's
version, it will end up sending trailing garbage. On the other hand,
if it is ahead of the kernel version, it will write extra zero space,
and potentially cause corruption.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Suggested-by: Tycho Andersen <tycho@tycho.ws>
Link: https://lore.kernel.org/r/20191230203503.4925-1-sargun@sargun.me
Fixes: fec7b66905 ("samples: add an example of seccomp user trap")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>

2020-01-02 13:03:39 -08:00

Tycho Andersen

fec7b66905

samples: add an example of seccomp user trap

The idea here is just to give a demonstration of how one could safely use
the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular
policy is (as noted in the comment) not very interesting, but it serves to
illustrate how one might apply a policy dodging the various TOCTOU issues.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
CC: Kees Cook <keescook@chromium.org>
CC: Andy Lutomirski <luto@amacapital.net>
CC: Oleg Nesterov <oleg@redhat.com>
CC: Eric W. Biederman <ebiederm@xmission.com>
CC: "Serge E. Hallyn" <serge@hallyn.com>
CC: Christian Brauner <christian@brauner.io>
CC: Tyler Hicks <tyhicks@canonical.com>
CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Signed-off-by: Kees Cook <keescook@chromium.org>

2018-12-11 16:32:11 -08:00

3 Commits