| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACRpkdbEKYz_GFYeuBLsSv3xD3qjGjoDh16GWgzfdOfwRjOdYw@mail.gmail.com>
Date: Wed, 29 Jan 2025 15:26:32 +0100
From: Linus Walleij <linus.walleij@...aro.org>
To: Oleg Nesterov <oleg@...hat.com>
Cc: Kees Cook <kees@...nel.org>, Andy Lutomirski <luto@...capital.net>, Will Drewry <wad@...omium.org>,
Thomas Bogendoerfer <tsbogend@...ha.franken.de>, Madhavan Srinivasan <maddy@...ux.ibm.com>,
Michael Ellerman <mpe@...erman.id.au>, Thomas Gleixner <tglx@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>, linux-kernel@...r.kernel.org,
linux-mips@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH v2 2/4] seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER
On Tue, Jan 28, 2025 at 4:03 PM Oleg Nesterov <oleg@...hat.com> wrote:
> Depending on CONFIG_HAVE_ARCH_SECCOMP_FILTER, __secure_computing(NULL)
> will crash or not. This is not consistent/safe, especially considering
> that after the previous change __secure_computing(sd) is always called
> with sd == NULL.
>
> Fortunately, if CONFIG_HAVE_ARCH_SECCOMP_FILTER=n, __secure_computing()
> has no callers, these architectures use secure_computing_strict(). Yet
> it make sense make __secure_computing(NULL) safe in this case.
>
> Note also that with this change we can unexport secure_computing_strict()
> and change the current callers to use __secure_computing(NULL).
>
> Fixes: 8cf8dfceebda ("seccomp: Stub for !HAVE_ARCH_SECCOMP_FILTER")
> Signed-off-by: Oleg Nesterov <oleg@...hat.com>
I had no idea it was this complex, thanks a lot for looking into this Oleg!
Reviewed-by: Linus Walleij <linus.walleij@...aro.org>
Yours,
Linus Walleij
Powered by blists - more mailing lists