Request cherry-pick of upstream kernel patch which caps SECCOMP_RET_ERRNO to MAX_ERRNO
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Brad Figg | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Vivid |
Fix Released
|
Undecided
|
Unassigned | ||
linux-lts-utopic (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The seccomp regression tests are failing due to SRU kernels not having the relevant commit:
Author: Kees Cook <email address hidden>
Date: Tue Feb 17 13:48:00 2015 -0800
seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO
The value resulting from the SECCOMP_RET_DATA mask could exceed MAX_ERRNO
when setting errno during a SECCOMP_RET_ERRNO filter action. This makes
sure we have a reliable value being set, so that an invalid errno will not
be ignored by userspace.
Signed-off-by: Kees Cook <email address hidden>
Reported-by: Dmitry V. Levin <email address hidden>
Cc: Andy Lutomirski <email address hidden>
Cc: Will Drewry <email address hidden>
Signed-off-by: Andrew Morton <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>
SRU Justification
Impact:
Upstream regression tests are reporting errors.
Test Case:
Run the upstream regression tests and verify they are passing
cleanly.
Related branches
CVE References
Changed in linux (Ubuntu): | |
status: | New → Triaged |
status: | Triaged → In Progress |
assignee: | nobody → Brad Figg (brad-figg) |
description: | updated |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Vivid): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu): | |
status: | Fix Committed → Invalid |
tags: |
added: verification-done-vivid removed: verification-needed-vivid |
no longer affects: | linux-lts-utopic (Ubuntu Vivid) |
Changed in linux (Ubuntu Trusty): | |
status: | New → Fix Committed |
Changed in linux-lts-utopic (Ubuntu Trusty): | |
status: | New → Fix Committed |
tags: |
added: verification-done-trusty removed: verification-needed-trusty |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- vivid' to 'verification- done-vivid' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!