On Mon, Dec 30, 2019 at 11:14:44AM -0800, Sargun Dhillon wrote: > On Sat, Dec 28, 2019 at 4:18 PM Tycho Andersen <tycho@xxxxxxxx> wrote: > > > > On Sat, Dec 28, 2019 at 07:10:29PM -0500, Sargun Dhillon wrote: > > > On Sat, Dec 28, 2019 at 1:18 PM Tycho Andersen <tycho@xxxxxxxx> wrote: > > > > > > > > > > > > I know it's unrelated, but it's probably worth sending a patch to fix > > > > this to be sizes.seccomp_notif_resp instead of sizeof(*resp), since if > > > > the kernel is older this will over-zero things. I can do that, or you > > > > can add the patch to this series, just let me know which. > > > > > > I was thinking about this, and initially, I chose to make the smaller > > > change. I think it might make more sense to combine the patch, > > > given that the memset behaviour is "incorrect" if we do it based on > > > sizeof(*req), or sizeof(*resp). > > > > > > I'll go ahead and respin this patch with the change to call memset > > > based on sizes. > > > > I think it would be good to keep it as a separate patch, since it's an > > unrelated bug fix. That way if we have to revert these because of some > > breakage, we won't lose the fix. > > > > Cheers, > > > > Tycho > > As I was doing this, I noticed that the self-tests all use hard-coded struct > sizes. When I was playing with extending the API, all of a sudden all the > self-tests started failing (until I recompiled them against newer headers). > > Should we also change the self-tests to operate against the seccomp > sizes API, or was it intentional for the self-tests hard-coded the struct > definitions, and locked to the kernel version? I intend the seccomp selftests to be kernel-version tied, but I'd like them to fail as gracefully as possible on mismatched kernel versions... -- Kees Cook