[RFC v4 10/18] seccomp: Split put_seccomp_filter() with put_seccomp()
From: Mickaël Salaün <mic@digikod.net>
Date: 2016-10-26 07:06:11
Also in:
cgroups, lkml, netdev
Subsystem:
exec & binfmt api, elf, memory management - core, scheduler, secure computing, the rest · Maintainers:
Kees Cook, Andrew Morton, David Hildenbrand, Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Linus Torvalds
The semantic is unchanged. This will be useful for the Landlock integration with seccomp (next commit). Signed-off-by: Mickaël Salaün <mic@digikod.net> Cc: Kees Cook <redacted> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Will Drewry <wad@chromium.org> --- include/linux/seccomp.h | 4 ++-- kernel/fork.c | 2 +- kernel/seccomp.c | 18 +++++++++++++----- 3 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index ecc296c137cd..e25aee2cdfc0 100644
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h@@ -77,10 +77,10 @@ static inline int seccomp_mode(struct seccomp *s) #endif /* CONFIG_SECCOMP */ #ifdef CONFIG_SECCOMP_FILTER -extern void put_seccomp_filter(struct task_struct *tsk); +extern void put_seccomp(struct task_struct *tsk); extern void get_seccomp_filter(struct task_struct *tsk); #else /* CONFIG_SECCOMP_FILTER */ -static inline void put_seccomp_filter(struct task_struct *tsk) +static inline void put_seccomp(struct task_struct *tsk) { return; }
diff --git a/kernel/fork.c b/kernel/fork.c
index 623259fc794d..0690e43bdda5 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c@@ -349,7 +349,7 @@ void free_task(struct task_struct *tsk) #endif rt_mutex_debug_task_free(tsk); ftrace_graph_exit_task(tsk); - put_seccomp_filter(tsk); + put_seccomp(tsk); arch_release_task_struct(tsk); free_task_struct(tsk); }
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 0db7c8a2afe2..e741a82eab4d 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c@@ -63,6 +63,8 @@ struct seccomp_filter { /* Limit any path through the tree to 256KB worth of instructions. */ #define MAX_INSNS_PER_PATH ((1 << 18) / sizeof(struct sock_filter)) +static void put_seccomp_filter(struct seccomp_filter *filter); + /* * Endianness is explicitly ignored and left for BPF program authors to manage * as per the specific architecture.
@@ -313,7 +315,7 @@ static inline void seccomp_sync_threads(void) * current's path will hold a reference. (This also * allows a put before the assignment.) */ - put_seccomp_filter(thread); + put_seccomp_filter(thread->seccomp.filter); smp_store_release(&thread->seccomp.filter, caller->seccomp.filter);
@@ -475,10 +477,11 @@ static inline void seccomp_filter_free(struct seccomp_filter *filter) } } -/* put_seccomp_filter - decrements the ref count of tsk->seccomp.filter */ -void put_seccomp_filter(struct task_struct *tsk) +/* put_seccomp_filter - decrements the ref count of a filter */ +static void put_seccomp_filter(struct seccomp_filter *filter) { - struct seccomp_filter *orig = tsk->seccomp.filter; + struct seccomp_filter *orig = filter; + /* Clean up single-reference branches iteratively. */ while (orig && atomic_dec_and_test(&orig->usage)) { struct seccomp_filter *freeme = orig;
@@ -487,6 +490,11 @@ void put_seccomp_filter(struct task_struct *tsk) } } +void put_seccomp(struct task_struct *tsk) +{ + put_seccomp_filter(tsk->seccomp.filter); +} + /** * seccomp_send_sigsys - signals the task to allow in-process syscall emulation * @syscall: syscall number to send to userland
@@ -898,7 +906,7 @@ long seccomp_get_filter(struct task_struct *task, unsigned long filter_off, if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog))) ret = -EFAULT; - put_seccomp_filter(task); + put_seccomp_filter(task->seccomp.filter); return ret; out:
--
2.9.3