Skip to content

Commit

Permalink
seccomp: Fix setting loaded filter count during TSYNC
Browse files Browse the repository at this point in the history 
The desired behavior is to set the caller's filter count to thread's.
This value is reported via /proc, so this fixes the inaccurate count
exposed to userspace; it is not used for reference counting, etc.

Signed-off-by: Hsuan-Chi Kuo <hsuanchikuo@gmail.com>
Link: https://lore.kernel.org/r/20210304233708.420597-1-hsuanchikuo@gmail.com
Co-developed-by: Wiktor Garbacz <wiktorg@google.com>
Signed-off-by: Wiktor Garbacz <wiktorg@google.com>
Link: https://lore.kernel.org/lkml/20210810125158.329849-1-wiktorg@google.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Fixes: c818c03 ("seccomp: Report number of loaded filters in /proc/$pid/status")
  • Loading branch information
Hsuan-Chi Kuo authored and Kees Cook committed Aug 11, 2021
1 parent 19d6769 commit b4d8a58
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion kernel/seccomp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -602,7 +602,7 @@ static inline void seccomp_sync_threads(unsigned long flags)
smp_store_release(&thread->seccomp.filter,
caller->seccomp.filter);
atomic_set(&thread->seccomp.filter_count,
atomic_read(&thread->seccomp.filter_count));
atomic_read(&caller->seccomp.filter_count));

/*
* Don't let an unprivileged task work around
Expand Down

0 comments on commit b4d8a58

Please sign in to comment.