Re: [PATCH v7 3/9] seccomp: introduce writer locking

[PATCH v7 0/9] seccomp: add thread sync ability · Kees Cook <hidden> · 2014-06-23
[PATCH v7 1/9] seccomp: create internal mode-setting function · Kees Cook <hidden> · 2014-06-23
[PATCH v7 8/9] ARM: add seccomp syscall · Kees Cook <hidden> · 2014-06-23
[PATCH v7 5/9] seccomp: split mode set routines · Kees Cook <hidden> · 2014-06-23
[PATCH v7 6/9] seccomp: add "seccomp" syscall · Kees Cook <hidden> · 2014-06-23
[PATCH v7 4/9] seccomp: move no_new_privs into seccomp · Kees Cook <hidden> · 2014-06-23
Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp · Oleg Nesterov <oleg@redhat.com> · 2014-06-24
Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp · Andy Lutomirski <luto@amacapital.net> · 2014-06-24
Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp · Oleg Nesterov <oleg@redhat.com> · 2014-06-24
Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp · Andy Lutomirski <luto@amacapital.net> · 2014-06-24
Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp · Kees Cook <hidden> · 2014-06-24
Re: [PATCH v7 4/9] seccomp: move no_new_privs into seccomp · Andy Lutomirski <luto@amacapital.net> · 2014-06-24
[PATCH v7 7/9] seccomp: implement SECCOMP_FILTER_FLAG_TSYNC · Kees Cook <hidden> · 2014-06-23
Re: [PATCH v7 7/9] seccomp: implement SECCOMP_FILTER_FLAG_TSYNC · Oleg Nesterov <oleg@redhat.com> · 2014-06-24
Re: [PATCH v7 7/9] seccomp: implement SECCOMP_FILTER_FLAG_TSYNC · Kees Cook <hidden> · 2014-06-24
Re: [PATCH v7 7/9] seccomp: implement SECCOMP_FILTER_FLAG_TSYNC · Oleg Nesterov <oleg@redhat.com> · 2014-06-24
Re: [PATCH v7 7/9] seccomp: implement SECCOMP_FILTER_FLAG_TSYNC · Kees Cook <hidden> · 2014-06-24
Re: [PATCH v7 7/9] seccomp: implement SECCOMP_FILTER_FLAG_TSYNC · Oleg Nesterov <oleg@redhat.com> · 2014-06-24
Re: [PATCH v7 7/9] seccomp: implement SECCOMP_FILTER_FLAG_TSYNC · Kees Cook <hidden> · 2014-06-24
[PATCH v7 2/9] seccomp: split filter prep from check and apply · Kees Cook <hidden> · 2014-06-23
Re: [PATCH v7 2/9] seccomp: split filter prep from check and apply · David Drysdale <hidden> · 2014-06-26
Re: [PATCH v7 2/9] seccomp: split filter prep from check and apply · Kees Cook <hidden> · 2014-06-27
[PATCH v7 9/9] MIPS: add seccomp syscall · Kees Cook <hidden> · 2014-06-23
[PATCH v7 3/9] seccomp: introduce writer locking · Kees Cook <hidden> · 2014-06-23
Re: [PATCH v7 3/9] seccomp: introduce writer locking · Oleg Nesterov <oleg@redhat.com> · 2014-06-24
Re: [PATCH v7 3/9] seccomp: introduce writer locking · Kees Cook <hidden> · 2014-06-24
Re: [PATCH v7 3/9] seccomp: introduce writer locking · Oleg Nesterov <oleg@redhat.com> · 2014-06-24
Re: [PATCH v7 3/9] seccomp: introduce writer locking · Kees Cook <hidden> · 2014-06-24
Re: [PATCH v7 3/9] seccomp: introduce writer locking · Oleg Nesterov <oleg@redhat.com> · 2014-06-24
Re: [PATCH v7 3/9] seccomp: introduce writer locking · Kees Cook <hidden> · 2014-06-24
[PATCH v7 1/1] man-pages: seccomp.2: document syscall · Kees Cook <hidden> · 2014-06-23
Re: [PATCH v7 1/1] man-pages: seccomp.2: document syscall · Michael Kerrisk (man-pages) <hidden> · 2014-06-24
Re: [PATCH v7 1/1] man-pages: seccomp.2: document syscall · Kees Cook <hidden> · 2014-06-24
[PATCH v7.1 1/1] man-pages: seccomp.2: document syscall · Kees Cook <hidden> · 2014-06-24
Re: [PATCH v7 1/1] man-pages: seccomp.2: document syscall · Andy Lutomirski <luto@amacapital.net> · 2014-06-24
Re: [PATCH v7 1/1] man-pages: seccomp.2: document syscall · Kees Cook <hidden> · 2014-06-24

From: Oleg Nesterov <oleg@redhat.com>
Date: 2014-06-24 16:54:22
Also in: linux-arch, linux-arm-kernel, linux-mips, lkml

Kees,

I am still trying to force myself to read and try to understand what
this series does ;) Just a minor nit so far.

On 06/23, Kees Cook wrote:

quoted hunk ↗ jump to hunk

@@ -1142,6 +1168,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 {
 	int retval;
 	struct task_struct *p;
+	unsigned long irqflags;
 
 	if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
 		return ERR_PTR(-EINVAL);
@@ -1196,7 +1223,6 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 		goto fork_out;
 
 	ftrace_graph_init_task(p);
-	get_seccomp_filter(p);
 
 	rt_mutex_init_task(p);
 
@@ -1434,7 +1460,13 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 		p->parent_exec_id = current->self_exec_id;
 	}
 
-	spin_lock(&current->sighand->siglock);
+	spin_lock_irqsave(&current->sighand->siglock, irqflags);
+
+	/*
+	 * Copy seccomp details explicitly here, in case they were changed
+	 * before holding tasklist_lock.
+	 */
+	copy_seccomp(p);
 
 	/*
 	 * Process group and session signals need to be delivered to just the
@@ -1446,7 +1478,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 	*/
 	recalc_sigpending();
 	if (signal_pending(current)) {
-		spin_unlock(&current->sighand->siglock);
+		spin_unlock_irqrestore(&current->sighand->siglock, irqflags);
 		write_unlock_irq(&tasklist_lock);
 		retval = -ERESTARTNOINTR;
 		goto bad_fork_free_pid;
@@ -1486,7 +1518,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 	}
 
 	total_forks++;
-	spin_unlock(&current->sighand->siglock);
+	spin_unlock_irqrestore(&current->sighand->siglock, irqflags);
 	write_unlock_irq(&tasklist_lock);
 	proc_fork_connector(p);
 	cgroup_post_fork(p);

It seems that the only change copy_process() needs is copy_seccomp() under the locks.
Everythinh else (irqflags games) looks obviously unneeded?

quoted hunk ↗ jump to hunk

@@ -524,6 +528,9 @@ static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
 	}
 #endif

+	if (unlikely(!lock_task_sighand(current, &irqflags)))
+		goto out_free;
+

Unless this task is exiting (namely, it has already called exit_notify()),
lock_task_sighand(current) must not fail. Looks like you can simly do
spin_lock_irq(->siglock).

Oleg.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help