[vz7] seccomp: move CPT/RST + PT_SUSPEND_SECCOMP check hunk to proper place

Submitted by Konstantin Khorenko on Jan. 9, 2019, 4:28 p.m.

Details

Message ID 20190109162805.1411-1-khorenko@virtuozzo.com
State New
Series "seccomp: move CPT/RST + PT_SUSPEND_SECCOMP check hunk to proper place"
Headers show

Commit Message

Konstantin Khorenko Jan. 9, 2019, 4:28 p.m.
During the rebase to RHEL7.6 the hunk of commit
 b50e754dc961 ("ms/seccomp: add ptrace options for suspend/resume")

had been incorrectly moved to __seccomp_filter() func.

Move the hunk to proper place - to secure_computing_strict().

Fixes: 681ccaa23ec5 ("ms/seccomp: add ptrace options for suspend/resume")
https://jira.sw.ru/browse/PSBM-90547

Found-by: Cyrill Gorcunov <gorcunov@virtuozzo.com>
Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 kernel/seccomp.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Patch hide | download patch | download mbox

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index afb2417bcfb6..bac2bcdcf19a 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -658,6 +658,10 @@  void secure_computing_strict(int this_syscall)
 {
 	int mode = current->seccomp.mode;
 
+	if (config_enabled(CONFIG_CHECKPOINT_RESTORE) &&
+	    unlikely(current->ptrace & PT_SUSPEND_SECCOMP))
+		return 0;
+
 	if (mode == 0)
 		return;
 	else if (mode == SECCOMP_MODE_STRICT)
@@ -672,9 +676,6 @@  static u32 __seccomp_filter(int this_syscall, struct pt_regs *regs)
 	u32 filter_ret, action;
 	int data;
 
-	if (config_enabled(CONFIG_CHECKPOINT_RESTORE) &&
-	    unlikely(current->ptrace & PT_SUSPEND_SECCOMP))
-		return 0;
 	/*
 	 * Make sure that any changes to mode from another thread have
 	 * been seen after TIF_SECCOMP was seen.

Comments

Kirill Gorkunov Jan. 9, 2019, 4:55 p.m.
On Wed, Jan 09, 2019 at 07:28:05PM +0300, Konstantin Khorenko wrote:
> During the rebase to RHEL7.6 the hunk of commit
>  b50e754dc961 ("ms/seccomp: add ptrace options for suspend/resume")
> 
> had been incorrectly moved to __seccomp_filter() func.
> 
> Move the hunk to proper place - to secure_computing_strict().
> 
> Fixes: 681ccaa23ec5 ("ms/seccomp: add ptrace options for suspend/resume")
> https://jira.sw.ru/browse/PSBM-90547
> 
> Found-by: Cyrill Gorcunov <gorcunov@virtuozzo.com>
> Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@gmail.com>