lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202502081231.AC11AB4@keescook>
Date: Sat, 8 Feb 2025 12:34:06 -0800
From: Kees Cook <kees@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, Eyal Birger <eyal.birger@...il.com>,
	Kees Cook <kees@...nel.org>, Rafael Buchbinder <rafi@....io>
Subject: [GIT PULL] seccomp fix for v6.14-rc2

Hi Linus,

Please pull this seccomp fix for v6.14-rc2. This is really a work-around
for x86_64 having grown a syscall to implement uretprobe, which has
caused problems since v6.11. This may change in the future, but for now,
this fixes the unintended seccomp filtering when uretprobe switched away
from traps, and does so with something that should be easy to backport.

Thanks!

-Kees

The following changes since commit 2014c95afecee3e76ca4a56956a936e23283f05b:

  Linux 6.14-rc1 (2025-02-02 15:39:26 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v6.14-rc2

for you to fetch changes up to c2debdb8544f415eaf9292a866d4073912eeb561:

  selftests/seccomp: validate uretprobe syscall passes through seccomp (2025-02-06 13:19:14 -0800)

----------------------------------------------------------------
seccomp fix for v6.14-rc2

- Allow uretprobe on x86_64 to avoid behavioral complications (Eyal Birger)

----------------------------------------------------------------
Eyal Birger (2):
      seccomp: passthrough uretprobe systemcall without filtering
      selftests/seccomp: validate uretprobe syscall passes through seccomp

 kernel/seccomp.c                              |  12 ++
 tools/testing/selftests/seccomp/seccomp_bpf.c | 199 ++++++++++++++++++++++++++
 2 files changed, 211 insertions(+)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ