[rh7] seccomp: Add PT_SUSPEND_SECCOMP in __secure_computing

Submitted by Kirill Gorkunov on Jan. 15, 2019, 8:47 a.m.

Details

Message ID 20190115084734.GC9746@uranus.lan
State New
Series "seccomp: Add PT_SUSPEND_SECCOMP in __secure_computing"
Headers show

Commit Message

Kirill Gorkunov Jan. 15, 2019, 8:47 a.m.
We have to fetch the whole 13c4a90119d28cfcb6b5bdd820c233b86c2b0237
vanilla patch because __secure_computing is called from vsyscalls.

https://jira.sw.ru/browse/PSBM-90760

Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
---
 kernel/seccomp.c |    4 ++++
 1 file changed, 4 insertions(+)

Patch hide | download patch | download mbox

Index: linux-pcs7.git/kernel/seccomp.c
===================================================================
--- linux-pcs7.git.orig/kernel/seccomp.c
+++ linux-pcs7.git/kernel/seccomp.c
@@ -764,6 +764,10 @@  int __secure_computing(void)
 	struct pt_regs *regs = task_pt_regs(current);
 	int this_syscall = syscall_get_nr(current, regs);
 
+	if (config_enabled(CONFIG_CHECKPOINT_RESTORE) &&
+	    unlikely(current->ptrace & PT_SUSPEND_SECCOMP))
+		return 0;
+
 	switch (mode) {
 	case SECCOMP_MODE_STRICT:
 		__secure_computing_strict(this_syscall);  /* may call do_exit */