mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2025-01-17 23:34:07 +00:00
67 lines
1.9 KiB
Diff
67 lines
1.9 KiB
Diff
From 3a8c560eb7c461639a6d2310c32be6434b962cf0 Mon Sep 17 00:00:00 2001
|
|
From: Kees Cook <keescook@chromium.org>
|
|
Date: Wed, 25 Jun 2014 15:38:02 -0700
|
|
Subject: [PATCH 04/16] seccomp: extract check/assign mode helpers
|
|
|
|
To support splitting mode 1 from mode 2, extract the mode checking and
|
|
assignment logic into common functions.
|
|
|
|
Signed-off-by: Kees Cook <keescook@chromium.org>
|
|
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
|
|
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
|
|
(cherry picked from commit 1f41b450416e689b9b7c8bfb750a98604f687a9b)
|
|
---
|
|
kernel/seccomp.c | 22 ++++++++++++++++++----
|
|
1 file changed, 18 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
|
|
index ef24e22c3d14..8ddb252835aa 100644
|
|
--- a/kernel/seccomp.c
|
|
+++ b/kernel/seccomp.c
|
|
@@ -194,7 +194,23 @@ static u32 seccomp_run_filters(int syscall)
|
|
}
|
|
return ret;
|
|
}
|
|
+#endif /* CONFIG_SECCOMP_FILTER */
|
|
|
|
+static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode)
|
|
+{
|
|
+ if (current->seccomp.mode && current->seccomp.mode != seccomp_mode)
|
|
+ return false;
|
|
+
|
|
+ return true;
|
|
+}
|
|
+
|
|
+static inline void seccomp_assign_mode(unsigned long seccomp_mode)
|
|
+{
|
|
+ current->seccomp.mode = seccomp_mode;
|
|
+ set_tsk_thread_flag(current, TIF_SECCOMP);
|
|
+}
|
|
+
|
|
+#ifdef CONFIG_SECCOMP_FILTER
|
|
/**
|
|
* seccomp_attach_filter: Attaches a seccomp filter to current.
|
|
* @fprog: BPF program to install
|
|
@@ -490,8 +506,7 @@ static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
|
|
{
|
|
long ret = -EINVAL;
|
|
|
|
- if (current->seccomp.mode &&
|
|
- current->seccomp.mode != seccomp_mode)
|
|
+ if (!seccomp_may_assign_mode(seccomp_mode))
|
|
goto out;
|
|
|
|
switch (seccomp_mode) {
|
|
@@ -512,8 +527,7 @@ static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
|
|
goto out;
|
|
}
|
|
|
|
- current->seccomp.mode = seccomp_mode;
|
|
- set_thread_flag(TIF_SECCOMP);
|
|
+ seccomp_assign_mode(seccomp_mode);
|
|
out:
|
|
return ret;
|
|
}
|
|
--
|
|
2.18.0
|
|
|