diff options
author | Kees Cook <keescook@chromium.org> | 2020-06-19 12:20:15 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2020-07-10 16:01:52 -0700 |
commit | fe4bfff86ec54773df3db79e8112e3b0f820c799 (patch) | |
tree | cee16ed72bbd27d395c6394252ec9a9cd0160862 /kernel/seccomp.c | |
parent | 47e33c05f9f07cac3de833e531bcac9ae052c7ca (diff) | |
download | linux-stable-fe4bfff86ec54773df3db79e8112e3b0f820c799.tar.gz linux-stable-fe4bfff86ec54773df3db79e8112e3b0f820c799.tar.bz2 linux-stable-fe4bfff86ec54773df3db79e8112e3b0f820c799.zip |
seccomp: Use -1 marker for end of mode 1 syscall list
The terminator for the mode 1 syscalls list was a 0, but that could be
a valid syscall number (e.g. x86_64 __NR_read). By luck, __NR_read was
listed first and the loop construct would not test it, so there was no
bug. However, this is fragile. Replace the terminator with -1 instead,
and make the variable name for mode 1 syscall lists more descriptive.
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'kernel/seccomp.c')
-rw-r--r-- | kernel/seccomp.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 0ed57e8c49d0..866a432cd746 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -742,20 +742,20 @@ static inline void seccomp_log(unsigned long syscall, long signr, u32 action, */ static const int mode1_syscalls[] = { __NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn, - 0, /* null terminated */ + -1, /* negative terminated */ }; static void __secure_computing_strict(int this_syscall) { - const int *syscall_whitelist = mode1_syscalls; + const int *allowed_syscalls = mode1_syscalls; #ifdef CONFIG_COMPAT if (in_compat_syscall()) - syscall_whitelist = get_compat_mode1_syscalls(); + allowed_syscalls = get_compat_mode1_syscalls(); #endif do { - if (*syscall_whitelist == this_syscall) + if (*allowed_syscalls == this_syscall) return; - } while (*++syscall_whitelist); + } while (*++allowed_syscalls != -1); #ifdef SECCOMP_DEBUG dump_stack(); |