On Sat, Dec 28, 2019 at 4:18 PM Tycho Andersen <tycho@xxxxxxxx> wrote: > > On Sat, Dec 28, 2019 at 07:10:29PM -0500, Sargun Dhillon wrote: > > On Sat, Dec 28, 2019 at 1:18 PM Tycho Andersen <tycho@xxxxxxxx> wrote: > > > > > > > > > I know it's unrelated, but it's probably worth sending a patch to fix > > > this to be sizes.seccomp_notif_resp instead of sizeof(*resp), since if > > > the kernel is older this will over-zero things. I can do that, or you > > > can add the patch to this series, just let me know which. > > > > I was thinking about this, and initially, I chose to make the smaller > > change. I think it might make more sense to combine the patch, > > given that the memset behaviour is "incorrect" if we do it based on > > sizeof(*req), or sizeof(*resp). > > > > I'll go ahead and respin this patch with the change to call memset > > based on sizes. > > I think it would be good to keep it as a separate patch, since it's an > unrelated bug fix. That way if we have to revert these because of some > breakage, we won't lose the fix. > > Cheers, > > Tycho As I was doing this, I noticed that the self-tests all use hard-coded struct sizes. When I was playing with extending the API, all of a sudden all the self-tests started failing (until I recompiled them against newer headers). Should we also change the self-tests to operate against the seccomp sizes API, or was it intentional for the self-tests hard-coded the struct definitions, and locked to the kernel version?
