[RHEL7,COMMIT] seccomp: Add PT_SUSPEND_SECCOMP in __secure_computing

Submitted by Konstantin Khorenko on Jan. 15, 2019, 11:33 a.m.

Details

Message ID 201901151133.x0FBXkGh018671@finist-ce7.sw.ru
State New
Series "seccomp: Add PT_SUSPEND_SECCOMP in __secure_computing"
Headers show

Commit Message

Konstantin Khorenko Jan. 15, 2019, 11:33 a.m.
The commit is pushed to "branch-rh7-3.10.0-957.1.3.vz7.83.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-957.1.3.vz7.83.6
------>
commit 55e4131c94d9ff193796ff897f748f78f2b4deba
Author: Kirill Gorkunov <gorcunov@virtuozzo.com>
Date:   Tue Jan 15 11:47:36 2019 +0300

    seccomp: Add PT_SUSPEND_SECCOMP in __secure_computing
    
    We have to fetch the whole 13c4a90119d28cfcb6b5bdd820c233b86c2b0237
    vanilla patch because __secure_computing is called from vsyscalls.
    
    https://jira.sw.ru/browse/PSBM-90760
    
    Fixes: 681ccaa23ec5 ("ms/seccomp: add ptrace options for suspend/resume")
    https://jira.sw.ru/browse/PSBM-90547
    
    Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
---
 kernel/seccomp.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index bac2bcdcf19a..27274c65e6bf 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -660,7 +660,7 @@  void secure_computing_strict(int this_syscall)
 
 	if (config_enabled(CONFIG_CHECKPOINT_RESTORE) &&
 	    unlikely(current->ptrace & PT_SUSPEND_SECCOMP))
-		return 0;
+		return;
 
 	if (mode == 0)
 		return;
@@ -764,6 +764,10 @@  int __secure_computing(void)
 	struct pt_regs *regs = task_pt_regs(current);
 	int this_syscall = syscall_get_nr(current, regs);
 
+	if (config_enabled(CONFIG_CHECKPOINT_RESTORE) &&
+	    unlikely(current->ptrace & PT_SUSPEND_SECCOMP))
+		return 0;
+
 	switch (mode) {
 	case SECCOMP_MODE_STRICT:
 		__secure_computing_strict(this_syscall);  /* may call do_exit */