diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0051-seccomp-fix-the-usage-of-get-put_seccomp_filter-in-s.patch')
-rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0051-seccomp-fix-the-usage-of-get-put_seccomp_filter-in-s.patch | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0051-seccomp-fix-the-usage-of-get-put_seccomp_filter-in-s.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0051-seccomp-fix-the-usage-of-get-put_seccomp_filter-in-s.patch new file mode 100644 index 00000000..7361acf3 --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.9.21/0051-seccomp-fix-the-usage-of-get-put_seccomp_filter-in-s.patch @@ -0,0 +1,94 @@ +From 687c8baff48fb1849f5c2e8fdaeb2ff565f6554b Mon Sep 17 00:00:00 2001 +From: Oleg Nesterov <oleg@redhat.com> +Date: Wed, 27 Sep 2017 09:25:30 -0600 +Subject: [PATCH 51/93] seccomp: fix the usage of get/put_seccomp_filter() in + seccomp_get_filter() + +commit 66a733ea6b611aecf0119514d2dddab5f9d6c01e upstream. + +As Chris explains, get_seccomp_filter() and put_seccomp_filter() can end +up using different filters. Once we drop ->siglock it is possible for +task->seccomp.filter to have been replaced by SECCOMP_FILTER_FLAG_TSYNC. + +Fixes: f8e529ed941b ("seccomp, ptrace: add support for dumping seccomp filters") +Reported-by: Chris Salls <chrissalls5@gmail.com> +Signed-off-by: Oleg Nesterov <oleg@redhat.com> +[tycho: add __get_seccomp_filter vs. open coding refcount_inc()] +Signed-off-by: Tycho Andersen <tycho@docker.com> +[kees: tweak commit log] +Signed-off-by: Kees Cook <keescook@chromium.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + kernel/seccomp.c | 23 ++++++++++++++++------- + 1 file changed, 16 insertions(+), 7 deletions(-) + +diff --git a/kernel/seccomp.c b/kernel/seccomp.c +index 0db7c8a..af182a6 100644 +--- a/kernel/seccomp.c ++++ b/kernel/seccomp.c +@@ -457,14 +457,19 @@ static long seccomp_attach_filter(unsigned int flags, + return 0; + } + ++void __get_seccomp_filter(struct seccomp_filter *filter) ++{ ++ /* Reference count is bounded by the number of total processes. */ ++ atomic_inc(&filter->usage); ++} ++ + /* get_seccomp_filter - increments the reference count of the filter on @tsk */ + void get_seccomp_filter(struct task_struct *tsk) + { + struct seccomp_filter *orig = tsk->seccomp.filter; + if (!orig) + return; +- /* Reference count is bounded by the number of total processes. */ +- atomic_inc(&orig->usage); ++ __get_seccomp_filter(orig); + } + + static inline void seccomp_filter_free(struct seccomp_filter *filter) +@@ -475,10 +480,8 @@ static inline void seccomp_filter_free(struct seccomp_filter *filter) + } + } + +-/* put_seccomp_filter - decrements the ref count of tsk->seccomp.filter */ +-void put_seccomp_filter(struct task_struct *tsk) ++static void __put_seccomp_filter(struct seccomp_filter *orig) + { +- struct seccomp_filter *orig = tsk->seccomp.filter; + /* Clean up single-reference branches iteratively. */ + while (orig && atomic_dec_and_test(&orig->usage)) { + struct seccomp_filter *freeme = orig; +@@ -487,6 +490,12 @@ void put_seccomp_filter(struct task_struct *tsk) + } + } + ++/* put_seccomp_filter - decrements the ref count of tsk->seccomp.filter */ ++void put_seccomp_filter(struct task_struct *tsk) ++{ ++ __put_seccomp_filter(tsk->seccomp.filter); ++} ++ + /** + * seccomp_send_sigsys - signals the task to allow in-process syscall emulation + * @syscall: syscall number to send to userland +@@ -892,13 +901,13 @@ long seccomp_get_filter(struct task_struct *task, unsigned long filter_off, + if (!data) + goto out; + +- get_seccomp_filter(task); ++ __get_seccomp_filter(filter); + spin_unlock_irq(&task->sighand->siglock); + + if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog))) + ret = -EFAULT; + +- put_seccomp_filter(task); ++ __put_seccomp_filter(filter); + return ret; + + out: +-- +2.7.4 + |