diff options
author | Kees Cook <keescook@chromium.org> | 2014-06-25 15:38:02 -0700 |
---|---|---|
committer | Kees Cook <keescook@google.com> | 2016-04-08 12:32:07 -0700 |
commit | a059d6f81652522589036621d051f421d608d72e (patch) | |
tree | 41f77d743bcf9c79e521592d0ef8f01071182f33 | |
parent | 74bacd6f2474d56fb94535b866ade80a49581bbd (diff) | |
download | qcom-msm-v3.10-a059d6f81652522589036621d051f421d608d72e.tar.gz |
BACKPORT: seccomp: extract check/assign mode helpers
To support splitting mode 1 from mode 2, extract the mode checking and
assignment logic into common functions.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Bug: 28020023
Patchset: seccomp
(cherry picked from kernel/msm commit c14cdadc575cc14973fad756b09ea2b1b6fc6857)
Signed-off-by: Kees Cook <keescook@google.com>
Change-Id: I887b52d1d3489756f2bee912e45cf4dda5333f10
-rw-r--r-- | kernel/seccomp.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 5d1b09181ae..4d0f01df7e9 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -219,7 +219,23 @@ static u32 seccomp_run_filters(int syscall) } return ret; } +#endif /* CONFIG_SECCOMP_FILTER */ +static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode) +{ + if (current->seccomp.mode && current->seccomp.mode != seccomp_mode) + return false; + + return true; +} + +static inline void seccomp_assign_mode(unsigned long seccomp_mode) +{ + current->seccomp.mode = seccomp_mode; + set_tsk_thread_flag(current, TIF_SECCOMP); +} + +#ifdef CONFIG_SECCOMP_FILTER /** * seccomp_attach_filter: Attaches a seccomp filter to current. * @fprog: BPF program to install @@ -484,8 +500,7 @@ static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter) { long ret = -EINVAL; - if (current->seccomp.mode && - current->seccomp.mode != seccomp_mode) + if (!seccomp_may_assign_mode(seccomp_mode)) goto out; switch (seccomp_mode) { @@ -506,8 +521,7 @@ static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter) goto out; } - current->seccomp.mode = seccomp_mode; - set_thread_flag(TIF_SECCOMP); + seccomp_assign_mode(seccomp_mode); out: return ret; } |