From: "Mickaël Salaün" <mic@digikod.net> To: linux-kernel@vger.kernel.org Cc: "Mickaël Salaün" <mic@digikod.net>, "Alexei Starovoitov" <ast@kernel.org>, "Andy Lutomirski" <luto@amacapital.net>, "Arnaldo Carvalho de Melo" <acme@kernel.org>, "Casey Schaufler" <casey@schaufler-ca.com>, "Daniel Borkmann" <daniel@iogearbox.net>, "David Drysdale" <drysdale@google.com>, "David S . Miller" <davem@davemloft.net>, "Eric W . Biederman" <ebiederm@xmission.com>, "James Morris" <james.l.morris@oracle.com>, "Jann Horn" <jann@thejh.net>, "Jonathan Corbet" <corbet@lwn.net>, "Matthew Garrett" <mjg59@srcf.ucam.org>, "Michael Kerrisk" <mtk.manpages@gmail.com>, "Kees Cook" <keescook@chromium.org>, "Paul Moore" <paul@paul-moore.com>, "Sargun Dhillon" <sargun@sargun.me>, "Serge E . Hallyn" <serge@hallyn.com>, "Shuah Khan" <shuah@kernel.org>, "Tejun Heo" <tj@kernel.org>, "Thomas Graf" <tgraf@suug.ch>, "Will Drewry" <wad@chromium.org>, kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v5 05/10] seccomp: Split put_seccomp_filter() with put_seccomp() Date: Wed, 22 Feb 2017 02:26:27 +0100 [thread overview] Message-ID: <20170222012632.4196-6-mic@digikod.net> (raw) In-Reply-To: <20170222012632.4196-1-mic@digikod.net> The semantic is unchanged. This will be useful for the Landlock integration with seccomp (next commit). Signed-off-by: Mickaël Salaün <mic@digikod.net> Cc: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Will Drewry <wad@chromium.org> --- include/linux/seccomp.h | 4 ++-- kernel/fork.c | 2 +- kernel/seccomp.c | 18 +++++++++++++----- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index ecc296c137cd..e25aee2cdfc0 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h @@ -77,10 +77,10 @@ static inline int seccomp_mode(struct seccomp *s) #endif /* CONFIG_SECCOMP */ #ifdef CONFIG_SECCOMP_FILTER -extern void put_seccomp_filter(struct task_struct *tsk); +extern void put_seccomp(struct task_struct *tsk); extern void get_seccomp_filter(struct task_struct *tsk); #else /* CONFIG_SECCOMP_FILTER */ -static inline void put_seccomp_filter(struct task_struct *tsk) +static inline void put_seccomp(struct task_struct *tsk) { return; } diff --git a/kernel/fork.c b/kernel/fork.c index 11c5c8ab827c..a4f0d0e8aeb2 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -352,7 +352,7 @@ void free_task(struct task_struct *tsk) #endif rt_mutex_debug_task_free(tsk); ftrace_graph_exit_task(tsk); - put_seccomp_filter(tsk); + put_seccomp(tsk); arch_release_task_struct(tsk); if (tsk->flags & PF_KTHREAD) free_kthread_struct(tsk); diff --git a/kernel/seccomp.c b/kernel/seccomp.c index f7ce79a46050..06f2f3ee454c 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -62,6 +62,8 @@ struct seccomp_filter { /* Limit any path through the tree to 256KB worth of instructions. */ #define MAX_INSNS_PER_PATH ((1 << 18) / sizeof(struct sock_filter)) +static void put_seccomp_filter(struct seccomp_filter *filter); + /* * Endianness is explicitly ignored and left for BPF program authors to manage * as per the specific architecture. @@ -312,7 +314,7 @@ static inline void seccomp_sync_threads(void) * current's path will hold a reference. (This also * allows a put before the assignment.) */ - put_seccomp_filter(thread); + put_seccomp_filter(thread->seccomp.filter); smp_store_release(&thread->seccomp.filter, caller->seccomp.filter); @@ -474,10 +476,11 @@ static inline void seccomp_filter_free(struct seccomp_filter *filter) } } -/* put_seccomp_filter - decrements the ref count of tsk->seccomp.filter */ -void put_seccomp_filter(struct task_struct *tsk) +/* put_seccomp_filter - decrements the ref count of a filter */ +static void put_seccomp_filter(struct seccomp_filter *filter) { - struct seccomp_filter *orig = tsk->seccomp.filter; + struct seccomp_filter *orig = filter; + /* Clean up single-reference branches iteratively. */ while (orig && atomic_dec_and_test(&orig->usage)) { struct seccomp_filter *freeme = orig; @@ -486,6 +489,11 @@ void put_seccomp_filter(struct task_struct *tsk) } } +void put_seccomp(struct task_struct *tsk) +{ + put_seccomp_filter(tsk->seccomp.filter); +} + /** * seccomp_send_sigsys - signals the task to allow in-process syscall emulation * @syscall: syscall number to send to userland @@ -897,7 +905,7 @@ long seccomp_get_filter(struct task_struct *task, unsigned long filter_off, if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog))) ret = -EFAULT; - put_seccomp_filter(task); + put_seccomp_filter(task->seccomp.filter); return ret; out: -- 2.11.0
next prev parent reply other threads:[~2017-02-22 1:28 UTC|newest] Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-02-22 1:26 [PATCH v5 00/10] Landlock LSM: Toward unprivileged sandboxing Mickaël Salaün 2017-02-22 1:26 ` [PATCH v5 01/10] bpf: Add eBPF program subtype and is_valid_subtype() verifier Mickaël Salaün 2017-02-22 1:26 ` [PATCH v5 02/10] bpf,landlock: Define an eBPF program type for Landlock Mickaël Salaün 2017-02-22 1:26 ` [PATCH v5 03/10] bpf: Define handle_fs and add a new helper bpf_handle_fs_get_mode() Mickaël Salaün 2017-03-01 9:32 ` James Morris 2017-03-01 22:20 ` Mickaël Salaün 2017-02-22 1:26 ` [PATCH v5 04/10] landlock: Add LSM hooks related to filesystem Mickaël Salaün 2017-02-22 1:26 ` Mickaël Salaün [this message] 2017-02-22 1:26 ` [PATCH v5 06/10] seccomp,landlock: Handle Landlock events per process hierarchy Mickaël Salaün 2017-02-28 20:01 ` Andy Lutomirski 2017-03-01 22:14 ` Mickaël Salaün 2017-03-01 22:20 ` Andy Lutomirski 2017-03-01 23:28 ` Mickaël Salaün 2017-03-02 16:36 ` Andy Lutomirski 2017-03-03 0:48 ` Mickaël Salaün 2017-03-03 0:55 ` Andy Lutomirski 2017-03-03 1:05 ` Mickaël Salaün 2017-03-02 10:22 ` [kernel-hardening] " Djalal Harouni 2017-03-03 0:54 ` Mickaël Salaün 2017-02-22 1:26 ` [PATCH v5 07/10] bpf: Add a Landlock sandbox example Mickaël Salaün 2017-02-23 22:13 ` Mickaël Salaün 2017-02-22 1:26 ` [PATCH v5 08/10] seccomp: Enhance test_harness with an assert step mechanism Mickaël Salaün 2017-02-22 1:26 ` [PATCH v5 09/10] bpf,landlock: Add tests for Landlock Mickaël Salaün 2017-02-22 1:26 ` [PATCH v5 10/10] landlock: Add user and kernel documentation " Mickaël Salaün 2017-02-22 5:21 ` Andy Lutomirski 2017-02-22 7:43 ` Mickaël Salaün
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20170222012632.4196-6-mic@digikod.net \ --to=mic@digikod.net \ --cc=acme@kernel.org \ --cc=ast@kernel.org \ --cc=casey@schaufler-ca.com \ --cc=corbet@lwn.net \ --cc=daniel@iogearbox.net \ --cc=davem@davemloft.net \ --cc=drysdale@google.com \ --cc=ebiederm@xmission.com \ --cc=james.l.morris@oracle.com \ --cc=jann@thejh.net \ --cc=keescook@chromium.org \ --cc=kernel-hardening@lists.openwall.com \ --cc=linux-api@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=luto@amacapital.net \ --cc=mjg59@srcf.ucam.org \ --cc=mtk.manpages@gmail.com \ --cc=netdev@vger.kernel.org \ --cc=paul@paul-moore.com \ --cc=sargun@sargun.me \ --cc=serge@hallyn.com \ --cc=shuah@kernel.org \ --cc=tgraf@suug.ch \ --cc=tj@kernel.org \ --cc=wad@chromium.org \ --subject='Re: [PATCH v5 05/10] seccomp: Split put_seccomp_filter() with put_seccomp()' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).