Merge tag 'pm-5.5-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

[linux.git] / kernel / seccomp.c

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 12d2227e5786794260a7018a9141f083b575f732..b6ea3dcb57bfefa47233ada64d74f822b6666ab6 100644 (file)
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1026,6 +1026,13 @@ static long seccomp_notify_recv(struct seccomp_filter *filter,
        struct seccomp_notif unotif;
        ssize_t ret;
 
+       /* Verify that we're not given garbage to keep struct extensible. */
+       ret = check_zeroed_user(buf, sizeof(unotif));
+       if (ret < 0)
+               return ret;
+       if (!ret)
+               return -EINVAL;
+
        memset(&unotif, 0, sizeof(unotif));
 
        ret = down_interruptible(&filter->notif->request);