[Devel] [PATCH RHEL7 COMMIT] seccomp: move CPT/RST + PT_SUSPEND_SECCOMP check hunk to proper place
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Jan 10 11:31:37 MSK 2019
The commit is pushed to "branch-rh7-3.10.0-957.1.3.vz7.83.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-957.1.3.vz7.83.4
------>
commit 6f7c36de779fa0cfe71dd552fdddecdc9854fd7e
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date: Wed Jan 9 19:22:20 2019 +0300
seccomp: move CPT/RST + PT_SUSPEND_SECCOMP check hunk to proper place
During the rebase to RHEL7.6 the hunk of commit
b50e754dc961 ("ms/seccomp: add ptrace options for suspend/resume")
had been incorrectly moved to __seccomp_filter() func.
Move the hunk to proper place - to secure_computing_strict().
Fixes: 681ccaa23ec5 ("ms/seccomp: add ptrace options for suspend/resume")
https://jira.sw.ru/browse/PSBM-90547
Found-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
Reviewed-by: Cyrill Gorcunov <gorcunov at gmail.com>
---
kernel/seccomp.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index afb2417bcfb6..bac2bcdcf19a 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -658,6 +658,10 @@ void secure_computing_strict(int this_syscall)
{
int mode = current->seccomp.mode;
+ if (config_enabled(CONFIG_CHECKPOINT_RESTORE) &&
+ unlikely(current->ptrace & PT_SUSPEND_SECCOMP))
+ return 0;
+
if (mode == 0)
return;
else if (mode == SECCOMP_MODE_STRICT)
@@ -672,9 +676,6 @@ static u32 __seccomp_filter(int this_syscall, struct pt_regs *regs)
u32 filter_ret, action;
int data;
- if (config_enabled(CONFIG_CHECKPOINT_RESTORE) &&
- unlikely(current->ptrace & PT_SUSPEND_SECCOMP))
- return 0;
/*
* Make sure that any changes to mode from another thread have
* been seen after TIF_SECCOMP was seen.
More information about the Devel
mailing list