[14/28] seccomp: Produce thread core records

Submitted by Cyrill Gorcunov on March 20, 2018, 9:42 p.m.

Details

Message ID 20180320214313.25326-15-gorcunov@gmail.com
State Rejected
Series "seccomp, v2: Add support for per-thread tracking"
Headers show

Commit Message

Cyrill Gorcunov March 20, 2018, 9:42 p.m.
From: Cyrill Gorcunov <gorcunov@virtuozzo.com>

So that each thread woul carry own seccomp filter chain.

Signed-off-by: Cyrill Gorcunov <gorcunov@virtuozzo.com>
---
 criu/cr-dump.c         | 23 ++---------------------
 criu/include/seccomp.h |  1 +
 criu/seccomp.c         | 21 +++++++++++++++++++++
 3 files changed, 24 insertions(+), 21 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/cr-dump.c b/criu/cr-dump.c
index dc3fb5f6a8ff..eecfa310ed47 100644
--- a/criu/cr-dump.c
+++ b/criu/cr-dump.c
@@ -733,6 +733,8 @@  int dump_thread_core(int pid, CoreEntry *core, const struct parasite_dump_thread
 			tc->pdeath_sig = ti->pdeath_sig;
 		}
 	}
+	if (!ret)
+		ret = seccomp_dump_thread(pid, tc);
 
 	return ret;
 }
@@ -746,7 +748,6 @@  static int dump_task_core_all(struct parasite_ctl *ctl,
 	CoreEntry *core = item->core[0];
 	pid_t pid = item->pid->real;
 	int ret = -1;
-	struct seccomp_entry *entry;
 	struct parasite_dump_cgroup_args cgroup_args, *info = NULL;
 
 	BUILD_BUG_ON(sizeof(cgroup_args) < PARASITE_ARG_SIZE_MIN);
@@ -759,26 +760,6 @@  static int dump_task_core_all(struct parasite_ctl *ctl,
 	if (ret < 0)
 		goto err;
 
-	entry = seccomp_find_entry(pid);
-	if (!entry) {
-		ret = -1;
-		goto err;
-	}
-
-	if (entry->mode != SECCOMP_MODE_DISABLED) {
-		ThreadCoreEntry *thread_core = pstree_thread_core(item, pid);
-		BUG_ON(!thread_core);
-
-		pr_info("got seccomp mode %d for %d\n", entry->mode, vpid(item));
-		thread_core->has_seccomp_mode = true;
-		thread_core->seccomp_mode = entry->mode;
-
-		if (entry->mode == SECCOMP_MODE_FILTER) {
-			thread_core->has_seccomp_filter = true;
-			thread_core->seccomp_filter = entry->last_filter;
-		}
-	}
-
 	strlcpy((char *)core->tc->comm, stat->comm, TASK_COMM_LEN);
 	core->tc->flags = stat->flags;
 	core->tc->task_state = item->pid->state;
diff --git a/criu/include/seccomp.h b/criu/include/seccomp.h
index 63ab0cf9dcf2..96320f863fff 100644
--- a/criu/include/seccomp.h
+++ b/criu/include/seccomp.h
@@ -41,6 +41,7 @@  extern struct seccomp_entry *seccomp_lookup(pid_t tid_real, bool create, bool ma
 #define seccomp_find_entry(tid_real) seccomp_lookup(tid_real, false, true)
 extern int seccomp_collect_entry(pid_t tid_real, unsigned int mode);
 extern void seccomp_free_entries(void);
+extern int seccomp_dump_thread(pid_t tid_real, ThreadCoreEntry *thread_core);
 
 struct seccomp_info {
 	struct seccomp_info	*prev;
diff --git a/criu/seccomp.c b/criu/seccomp.c
index dab7b2ed4c80..7d39bcc69808 100644
--- a/criu/seccomp.c
+++ b/criu/seccomp.c
@@ -87,6 +87,27 @@  void seccomp_free_entries(void)
 	}
 }
 
+int seccomp_dump_thread(pid_t tid_real, ThreadCoreEntry *thread_core)
+{
+	struct seccomp_entry *entry = seccomp_find_entry(tid_real);
+	if (!entry) {
+		pr_err("Can't dump thread core on tid_real %d\n", tid_real);
+		return -1;
+	}
+
+	if (entry->mode != SECCOMP_MODE_DISABLED) {
+		thread_core->has_seccomp_mode = true;
+		thread_core->seccomp_mode = entry->mode;
+
+		if (entry->mode == SECCOMP_MODE_FILTER) {
+			thread_core->has_seccomp_filter = true;
+			thread_core->seccomp_filter = entry->last_filter;
+		}
+	}
+
+	return 0;
+}
+
 /* populated on dump during collect_seccomp_filters() */
 static int next_filter_id = 0;
 static struct seccomp_info **filters = NULL;