diff options
| author | Ali Al-Asadi <alasadi56@gmail.com> | 2017-09-16 18:03:39 +0200 |
|---|---|---|
| committer | Ali Al-Asadi <alasadi56@gmail.com> | 2017-09-16 18:03:57 +0200 |
| commit | 6d7a43ef2973fd127bf910a521d4808661fe7174 (patch) | |
| tree | 0d60991bc8253ef8f3cd8dd7db7f3f6b6607a39c /kernel/fork.c | |
| parent | 3d01b8790e7e69fb347bacdaafb85f7f1896067b (diff) | |
| parent | 870ce5261ecd42ac7035ad5e345e14ce0c7837fe (diff) | |
msm8960: get all the needed changes for kernelo8.0
Merge branch 'lineage-15.0' of https://github.com/tathanhlam66/android_kernel_htc_msm8960 into o8.0
Change-Id: Ib0698d0a99afbfe73e1bfccddcfb29df5d085045
Diffstat (limited to 'kernel/fork.c')
| -rw-r--r-- | kernel/fork.c | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/kernel/fork.c b/kernel/fork.c index c0ca299d5ed..fdb4792c3f5 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -34,6 +34,7 @@ #include <linux/cgroup.h> #include <linux/security.h> #include <linux/hugetlb.h> +#include <linux/seccomp.h> #include <linux/swap.h> #include <linux/syscalls.h> #include <linux/jiffies.h> @@ -174,6 +175,7 @@ void free_task(struct task_struct *tsk) free_thread_info(tsk->stack); rt_mutex_debug_task_free(tsk); ftrace_graph_exit_task(tsk); + put_seccomp_filter(tsk); free_task_struct(tsk); } EXPORT_SYMBOL(free_task); @@ -296,6 +298,15 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) tsk->flags &= ~PF_SU; tsk->stack = ti; +#ifdef CONFIG_SECCOMP + /* + * We must handle setting up seccomp filters once we're under + * the sighand lock in case orig has changed between now and + * then. Until then, filter must be NULL to avoid messing up + * the usage counts on the error path calling free_task. + */ + tsk->seccomp.filter = NULL; +#endif setup_thread_stack(tsk, orig); clear_user_return_notifier(tsk); @@ -1087,6 +1098,39 @@ static void copy_flags(unsigned long clone_flags, struct task_struct *p) p->flags = new_flags; } +static void copy_seccomp(struct task_struct *p) +{ +#ifdef CONFIG_SECCOMP + /* + * Must be called with sighand->lock held, which is common to + * all threads in the group. Holding cred_guard_mutex is not + * needed because this new task is not yet running and cannot + * be racing exec. + */ + assert_spin_locked(¤t->sighand->siglock); + + /* Ref-count the new filter user, and assign it. */ + get_seccomp_filter(current); + p->seccomp = current->seccomp; + + /* + * Explicitly enable no_new_privs here in case it got set + * between the task_struct being duplicated and holding the + * sighand lock. The seccomp state and nnp must be in sync. + */ + if (task_no_new_privs(current)) + task_set_no_new_privs(p); + + /* + * If the parent gained a seccomp mode after copying thread + * flags and between before we held the sighand lock, we have + * to manually enable the seccomp thread flag here. + */ + if (p->seccomp.mode != SECCOMP_MODE_DISABLED) + set_tsk_thread_flag(p, TIF_SECCOMP); +#endif +} + SYSCALL_DEFINE1(set_tid_address, int __user *, tidptr) { current->clear_child_tid = tidptr; @@ -1414,6 +1458,12 @@ static struct task_struct *copy_process(unsigned long clone_flags, spin_lock(¤t->sighand->siglock); /* + * Copy seccomp details explicitly here, in case they were changed + * before holding sighand lock. + */ + copy_seccomp(p); + + /* * Process group and session signals need to be delivered to just the * parent before the fork or both the parent and the child after the * fork. Restart if a signal comes in before we add the new process to |