[CRIU] [PATCH 12/15] restore: Prepare on-restorer seccomp filters earlier

Pavel Emelyanov xemul at virtuozzo.com
Tue May 24 04:36:32 PDT 2016 

Signed-off-by: Pavel Emelyanov <xemul at virtuozzo.com>
---
 criu/cr-restore.c      | 11 ++++-------
 criu/include/seccomp.h |  3 ++-
 criu/seccomp.c         | 24 ++++++++++++------------
 3 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/criu/cr-restore.c b/criu/cr-restore.c
index b7e6240..b920cdd 100644
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -548,6 +548,9 @@ static int restore_one_alive_task(int pid, CoreEntry *core)
 	if (prepare_timerfds(ta))
 		return -1;
 
+	if (seccomp_filters_get_rst_pos(core, ta) < 0)
+		return -1;
+
 	return sigreturn_restore(pid, ta_cp, core);
 }
 
@@ -2715,8 +2718,6 @@ static int sigreturn_restore(pid_t pid, unsigned long ta_cp, CoreEntry *core)
 #ifdef CONFIG_VDSO
 	unsigned long vdso_rt_size = 0;
 #endif
-	int n_seccomp_filters = 0;
-	unsigned long seccomp_filter_pos = 0;
 
 	struct vm_area_list self_vmas;
 	struct vm_area_list *vmas = &rsti(current)->vmas;
@@ -2749,9 +2750,6 @@ static int sigreturn_restore(pid_t pid, unsigned long ta_cp, CoreEntry *core)
 	if (ret < 0)
 		goto err;
 
-	if (seccomp_filters_get_rst_pos(core, &n_seccomp_filters, &seccomp_filter_pos) < 0)
-		goto err;
-
 	rst_mem_size = rst_mem_lock();
 	memzone_size = round_up(sizeof(struct restore_mem_zone) * current->nr_threads, page_size());
 	restore_bootstrap_len = restorer_len + memzone_size + rst_mem_size;
@@ -2867,14 +2865,13 @@ static int sigreturn_restore(pid_t pid, unsigned long ta_cp, CoreEntry *core)
 	task_args->rlims = rst_mem_remap_ptr((unsigned long)task_args->rlims, RM_PRIVATE);
 	task_args->helpers = rst_mem_remap_ptr((unsigned long)task_args->helpers, RM_PRIVATE);
 	task_args->zombies = rst_mem_remap_ptr((unsigned long)task_args->zombies, RM_PRIVATE);
+	task_args->seccomp_filters = rst_mem_remap_ptr((unsigned long)task_args->seccomp_filters, RM_PRIVATE);
 
 #define remap_array(name, nr, cpos)	do {				\
 		task_args->name##_n = nr;				\
 		task_args->name = rst_mem_remap_ptr(cpos, RM_PRIVATE);	\
 	} while (0)
 
-	remap_array(seccomp_filters,	n_seccomp_filters, seccomp_filter_pos);
-
 #undef remap_array
 
 	if (core->tc->has_seccomp_mode)
diff --git a/criu/include/seccomp.h b/criu/include/seccomp.h
index 8a5b937..42ab9ab 100644
--- a/criu/include/seccomp.h
+++ b/criu/include/seccomp.h
@@ -28,5 +28,6 @@
 
 extern int collect_seccomp_filters(void);
 extern int prepare_seccomp_filters(void);
-extern int seccomp_filters_get_rst_pos(CoreEntry *item, int *count, unsigned long *pos);
+struct task_restore_args;
+extern int seccomp_filters_get_rst_pos(CoreEntry *item, struct task_restore_args *);
 #endif
diff --git a/criu/seccomp.c b/criu/seccomp.c
index 3baaac2..1858233 100644
--- a/criu/seccomp.c
+++ b/criu/seccomp.c
@@ -9,6 +9,7 @@
 #include "pstree.h"
 #include "ptrace.h"
 #include "proc_parse.h"
+#include "restorer.h"
 #include "seccomp.h"
 #include "servicefd.h"
 #include "util.h"
@@ -216,28 +217,26 @@ int prepare_seccomp_filters(void)
 	return 0;
 }
 
-int seccomp_filters_get_rst_pos(CoreEntry *core, int *count, unsigned long *pos)
+int seccomp_filters_get_rst_pos(CoreEntry *core, struct task_restore_args *ta)
 {
 	SeccompFilter *sf = NULL;
 	struct sock_fprog *arr = NULL;
 	void *filter_data = NULL;
-	int ret = -1, i;
+	int ret = -1, i, n_filters;
 	size_t filter_size = 0;
 
-	if (!core->tc->has_seccomp_filter) {
-		*count = 0;
+	ta->seccomp_filters_n = 0;
+
+	if (!core->tc->has_seccomp_filter)
 		return 0;
-	}
 
-	*count = 0;
-	*pos = rst_mem_align_cpos(RM_PRIVATE);
+	ta->seccomp_filters = (struct sock_fprog *)rst_mem_align_cpos(RM_PRIVATE);
 
 	BUG_ON(core->tc->seccomp_filter > se->n_seccomp_filters);
 	sf = se->seccomp_filters[core->tc->seccomp_filter];
 
 	while (1) {
-		(*count)++;
-
+		ta->seccomp_filters_n++;
 		filter_size += sf->filter.len;
 
 		if (!sf->has_prev)
@@ -246,13 +245,14 @@ int seccomp_filters_get_rst_pos(CoreEntry *core, int *count, unsigned long *pos)
 		sf = se->seccomp_filters[sf->prev];
 	}
 
-	arr = rst_mem_alloc(sizeof(struct sock_fprog) * (*count) + filter_size, RM_PRIVATE);
+	n_filters = ta->seccomp_filters_n;
+	arr = rst_mem_alloc(sizeof(struct sock_fprog) * n_filters + filter_size, RM_PRIVATE);
 	if (!arr)
 		goto out;
 
-	filter_data = &arr[*count];
+	filter_data = &arr[n_filters];
 	sf = se->seccomp_filters[core->tc->seccomp_filter];
-	for (i = 0; i < *count; i++) {
+	for (i = 0; i < n_filters; i++) {
 		struct sock_fprog *fprog = &arr[i];
 
 		BUG_ON(sf->filter.len % sizeof(struct sock_filter));
-- 
2.5.0

More information about the CRIU mailing list