From: "Mickaël Salaün" <mic@digikod.net> To: linux-kernel@vger.kernel.org Cc: "Mickaël Salaün" <mic@digikod.net>, "Alexei Starovoitov" <ast@kernel.org>, "Andy Lutomirski" <luto@amacapital.net>, "Daniel Borkmann" <daniel@iogearbox.net>, "Daniel Mack" <daniel@zonque.org>, "David Drysdale" <drysdale@google.com>, "David S . Miller" <davem@davemloft.net>, "Eric W . Biederman" <ebiederm@xmission.com>, "James Morris" <james.l.morris@oracle.com>, "Jann Horn" <jann@thejh.net>, "Kees Cook" <keescook@chromium.org>, "Paul Moore" <pmoore@redhat.com>, "Sargun Dhillon" <sargun@sargun.me>, "Serge E . Hallyn" <serge@hallyn.com>, "Tejun Heo" <tj@kernel.org>, "Thomas Graf" <tgraf@suug.ch>, "Will Drewry" <wad@chromium.org>, kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, netdev@vger.kernel.org, cgroups@vger.kernel.org Subject: [RFC v4 10/18] seccomp: Split put_seccomp_filter() with put_seccomp() Date: Wed, 26 Oct 2016 08:56:46 +0200 [thread overview] Message-ID: <20161026065654.19166-11-mic@digikod.net> (raw) In-Reply-To: <20161026065654.19166-1-mic@digikod.net> The semantic is unchanged. This will be useful for the Landlock integration with seccomp (next commit). Signed-off-by: Mickaël Salaün <mic@digikod.net> Cc: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Will Drewry <wad@chromium.org> --- include/linux/seccomp.h | 4 ++-- kernel/fork.c | 2 +- kernel/seccomp.c | 18 +++++++++++++----- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index ecc296c137cd..e25aee2cdfc0 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h @@ -77,10 +77,10 @@ static inline int seccomp_mode(struct seccomp *s) #endif /* CONFIG_SECCOMP */ #ifdef CONFIG_SECCOMP_FILTER -extern void put_seccomp_filter(struct task_struct *tsk); +extern void put_seccomp(struct task_struct *tsk); extern void get_seccomp_filter(struct task_struct *tsk); #else /* CONFIG_SECCOMP_FILTER */ -static inline void put_seccomp_filter(struct task_struct *tsk) +static inline void put_seccomp(struct task_struct *tsk) { return; } diff --git a/kernel/fork.c b/kernel/fork.c index 623259fc794d..0690e43bdda5 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -349,7 +349,7 @@ void free_task(struct task_struct *tsk) #endif rt_mutex_debug_task_free(tsk); ftrace_graph_exit_task(tsk); - put_seccomp_filter(tsk); + put_seccomp(tsk); arch_release_task_struct(tsk); free_task_struct(tsk); } diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 0db7c8a2afe2..e741a82eab4d 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -63,6 +63,8 @@ struct seccomp_filter { /* Limit any path through the tree to 256KB worth of instructions. */ #define MAX_INSNS_PER_PATH ((1 << 18) / sizeof(struct sock_filter)) +static void put_seccomp_filter(struct seccomp_filter *filter); + /* * Endianness is explicitly ignored and left for BPF program authors to manage * as per the specific architecture. @@ -313,7 +315,7 @@ static inline void seccomp_sync_threads(void) * current's path will hold a reference. (This also * allows a put before the assignment.) */ - put_seccomp_filter(thread); + put_seccomp_filter(thread->seccomp.filter); smp_store_release(&thread->seccomp.filter, caller->seccomp.filter); @@ -475,10 +477,11 @@ static inline void seccomp_filter_free(struct seccomp_filter *filter) } } -/* put_seccomp_filter - decrements the ref count of tsk->seccomp.filter */ -void put_seccomp_filter(struct task_struct *tsk) +/* put_seccomp_filter - decrements the ref count of a filter */ +static void put_seccomp_filter(struct seccomp_filter *filter) { - struct seccomp_filter *orig = tsk->seccomp.filter; + struct seccomp_filter *orig = filter; + /* Clean up single-reference branches iteratively. */ while (orig && atomic_dec_and_test(&orig->usage)) { struct seccomp_filter *freeme = orig; @@ -487,6 +490,11 @@ void put_seccomp_filter(struct task_struct *tsk) } } +void put_seccomp(struct task_struct *tsk) +{ + put_seccomp_filter(tsk->seccomp.filter); +} + /** * seccomp_send_sigsys - signals the task to allow in-process syscall emulation * @syscall: syscall number to send to userland @@ -898,7 +906,7 @@ long seccomp_get_filter(struct task_struct *task, unsigned long filter_off, if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog))) ret = -EFAULT; - put_seccomp_filter(task); + put_seccomp_filter(task->seccomp.filter); return ret; out: -- 2.9.3
WARNING: multiple messages have this Message-ID (diff)
From: "Mickaël Salaün" <mic@digikod.net> To: linux-kernel@vger.kernel.org Cc: "Mickaël Salaün" <mic@digikod.net>, "Alexei Starovoitov" <ast@kernel.org>, "Andy Lutomirski" <luto@amacapital.net>, "Daniel Borkmann" <daniel@iogearbox.net>, "Daniel Mack" <daniel@zonque.org>, "David Drysdale" <drysdale@google.com>, "David S . Miller" <davem@davemloft.net>, "Eric W . Biederman" <ebiederm@xmission.com>, "James Morris" <james.l.morris@oracle.com>, "Jann Horn" <jann@thejh.net>, "Kees Cook" <keescook@chromium.org>, "Paul Moore" <pmoore@redhat.com>, "Sargun Dhillon" <sargun@sargun.me>, "Serge E . Hallyn" <serge@hallyn.com>, "Tejun Heo" <tj@kernel.org>, "Thomas Graf" <tgraf@suug.ch>, "Will Drewry" <wad@chromium.org>, kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, netdev@vger.kernel.org, cgroups@vger.kernel.org Subject: [kernel-hardening] [RFC v4 10/18] seccomp: Split put_seccomp_filter() with put_seccomp() Date: Wed, 26 Oct 2016 08:56:46 +0200 [thread overview] Message-ID: <20161026065654.19166-11-mic@digikod.net> (raw) In-Reply-To: <20161026065654.19166-1-mic@digikod.net> The semantic is unchanged. This will be useful for the Landlock integration with seccomp (next commit). Signed-off-by: Mickaël Salaün <mic@digikod.net> Cc: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Will Drewry <wad@chromium.org> --- include/linux/seccomp.h | 4 ++-- kernel/fork.c | 2 +- kernel/seccomp.c | 18 +++++++++++++----- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index ecc296c137cd..e25aee2cdfc0 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h @@ -77,10 +77,10 @@ static inline int seccomp_mode(struct seccomp *s) #endif /* CONFIG_SECCOMP */ #ifdef CONFIG_SECCOMP_FILTER -extern void put_seccomp_filter(struct task_struct *tsk); +extern void put_seccomp(struct task_struct *tsk); extern void get_seccomp_filter(struct task_struct *tsk); #else /* CONFIG_SECCOMP_FILTER */ -static inline void put_seccomp_filter(struct task_struct *tsk) +static inline void put_seccomp(struct task_struct *tsk) { return; } diff --git a/kernel/fork.c b/kernel/fork.c index 623259fc794d..0690e43bdda5 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -349,7 +349,7 @@ void free_task(struct task_struct *tsk) #endif rt_mutex_debug_task_free(tsk); ftrace_graph_exit_task(tsk); - put_seccomp_filter(tsk); + put_seccomp(tsk); arch_release_task_struct(tsk); free_task_struct(tsk); } diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 0db7c8a2afe2..e741a82eab4d 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -63,6 +63,8 @@ struct seccomp_filter { /* Limit any path through the tree to 256KB worth of instructions. */ #define MAX_INSNS_PER_PATH ((1 << 18) / sizeof(struct sock_filter)) +static void put_seccomp_filter(struct seccomp_filter *filter); + /* * Endianness is explicitly ignored and left for BPF program authors to manage * as per the specific architecture. @@ -313,7 +315,7 @@ static inline void seccomp_sync_threads(void) * current's path will hold a reference. (This also * allows a put before the assignment.) */ - put_seccomp_filter(thread); + put_seccomp_filter(thread->seccomp.filter); smp_store_release(&thread->seccomp.filter, caller->seccomp.filter); @@ -475,10 +477,11 @@ static inline void seccomp_filter_free(struct seccomp_filter *filter) } } -/* put_seccomp_filter - decrements the ref count of tsk->seccomp.filter */ -void put_seccomp_filter(struct task_struct *tsk) +/* put_seccomp_filter - decrements the ref count of a filter */ +static void put_seccomp_filter(struct seccomp_filter *filter) { - struct seccomp_filter *orig = tsk->seccomp.filter; + struct seccomp_filter *orig = filter; + /* Clean up single-reference branches iteratively. */ while (orig && atomic_dec_and_test(&orig->usage)) { struct seccomp_filter *freeme = orig; @@ -487,6 +490,11 @@ void put_seccomp_filter(struct task_struct *tsk) } } +void put_seccomp(struct task_struct *tsk) +{ + put_seccomp_filter(tsk->seccomp.filter); +} + /** * seccomp_send_sigsys - signals the task to allow in-process syscall emulation * @syscall: syscall number to send to userland @@ -898,7 +906,7 @@ long seccomp_get_filter(struct task_struct *task, unsigned long filter_off, if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog))) ret = -EFAULT; - put_seccomp_filter(task); + put_seccomp_filter(task->seccomp.filter); return ret; out: -- 2.9.3
next prev parent reply other threads:[~2016-10-26 7:06 UTC|newest] Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top 2016-10-26 6:56 [RFC v4 00/18] Landlock LSM: Unprivileged sandboxing Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 01/18] landlock: Add Kconfig Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 02/18] bpf: Move u64_to_ptr() to BPF headers and inline it Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 7:19 ` Arnd Bergmann 2016-10-26 7:19 ` [kernel-hardening] " Arnd Bergmann 2016-10-26 13:52 ` David Sterba 2016-10-26 13:52 ` David Sterba 2016-10-26 6:56 ` [RFC v4 03/18] bpf,landlock: Add a new arraymap type to deal with (Landlock) handles Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 19:01 ` Jann Horn 2016-10-26 19:01 ` Jann Horn 2016-10-26 20:03 ` Mickaël Salaün 2016-10-26 20:03 ` Mickaël Salaün 2016-10-26 20:16 ` [kernel-hardening] " Jann Horn 2016-10-26 20:16 ` Jann Horn 2016-10-26 6:56 ` [RFC v4 04/18] bpf,landlock: Add eBPF program subtype and is_valid_subtype() verifier Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 05/18] bpf,landlock: Define an eBPF program type for Landlock Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 06/18] fs: Constify path_is_under()'s arguments Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 07/18] landlock: Add LSM hooks Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 08/18] landlock: Handle file comparisons Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 09/18] landlock: Add manager functions Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` Mickaël Salaün [this message] 2016-10-26 6:56 ` [kernel-hardening] [RFC v4 10/18] seccomp: Split put_seccomp_filter() with put_seccomp() Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 11/18] seccomp,landlock: Handle Landlock hooks per process hierarchy Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 12/18] bpf: Cosmetic change for bpf_prog_attach() Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 13/18] bpf/cgroup: Replace struct bpf_prog with struct bpf_object Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 14/18] bpf/cgroup: Make cgroup_bpf_update() return an error code Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 15/18] bpf/cgroup: Move capability check Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 16/18] bpf/cgroup,landlock: Handle Landlock hooks per cgroup Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 17/18] landlock: Add update and debug access flags Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` Mickaël Salaün 2016-10-26 6:56 ` [RFC v4 18/18] samples/landlock: Add sandbox example Mickaël Salaün 2016-10-26 6:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 6:56 ` Mickaël Salaün 2016-10-26 14:52 ` [RFC v4 00/18] Landlock LSM: Unprivileged sandboxing Jann Horn 2016-10-26 14:52 ` [kernel-hardening] " Jann Horn 2016-10-26 16:56 ` Mickaël Salaün 2016-10-26 16:56 ` [kernel-hardening] " Mickaël Salaün 2016-10-26 17:24 ` Mickaël Salaün 2016-10-26 17:24 ` [kernel-hardening] " Mickaël Salaün 2016-11-13 14:23 ` Mickaël Salaün 2016-11-13 14:23 ` [kernel-hardening] " Mickaël Salaün 2016-11-14 10:35 ` Sargun Dhillon 2016-11-14 10:35 ` [kernel-hardening] " Sargun Dhillon 2016-11-14 10:35 ` Sargun Dhillon 2016-11-14 20:51 ` Mickaël Salaün 2016-11-14 20:51 ` [kernel-hardening] " Mickaël Salaün 2016-11-14 20:51 ` Mickaël Salaün 2016-11-14 20:51 ` Mickaël Salaün
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20161026065654.19166-11-mic@digikod.net \ --to=mic@digikod.net \ --cc=ast@kernel.org \ --cc=cgroups@vger.kernel.org \ --cc=daniel@iogearbox.net \ --cc=daniel@zonque.org \ --cc=davem@davemloft.net \ --cc=drysdale@google.com \ --cc=ebiederm@xmission.com \ --cc=james.l.morris@oracle.com \ --cc=jann@thejh.net \ --cc=keescook@chromium.org \ --cc=kernel-hardening@lists.openwall.com \ --cc=linux-api@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=luto@amacapital.net \ --cc=netdev@vger.kernel.org \ --cc=pmoore@redhat.com \ --cc=sargun@sargun.me \ --cc=serge@hallyn.com \ --cc=tgraf@suug.ch \ --cc=tj@kernel.org \ --cc=wad@chromium.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.