diff options
| author | Kees Cook <keescook@chromium.org> | 2017-06-26 12:24:00 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2017-06-26 12:24:00 -0400 |
| commit | 0b5fa2290637a3235898d18dc0e7a136783f1bd2 (patch) | |
| tree | fa350a4ac455aace74b1aa5b584a1f9afef8e770 | |
| parent | 93bd70e3330be45542c455dde11d8dc657ab3044 (diff) | |
seccomp: Switch from atomic_t to recount_t
This switches the seccomp usage tracking from atomic_t to refcount_t to
gain refcount overflow protections.
Cc: Elena Reshetova <elena.reshetova@intel.com>
Cc: David Windsor <dwindsor@gmail.com>
Cc: Hans Liljestrand <hans.liljestrand@aalto.fi>
Signed-off-by: Kees Cook <keescook@chromium.org>
| -rw-r--r-- | kernel/seccomp.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index fce83885b7ef..98b59b5db90b 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | * of Berkeley Packet Filters/Linux Socket Filters. | 13 | * of Berkeley Packet Filters/Linux Socket Filters. |
| 14 | */ | 14 | */ |
| 15 | 15 | ||
| 16 | #include <linux/atomic.h> | 16 | #include <linux/refcount.h> |
| 17 | #include <linux/audit.h> | 17 | #include <linux/audit.h> |
| 18 | #include <linux/compat.h> | 18 | #include <linux/compat.h> |
| 19 | #include <linux/coredump.h> | 19 | #include <linux/coredump.h> |
| @@ -56,7 +56,7 @@ | |||
| 56 | * to a task_struct (other than @usage). | 56 | * to a task_struct (other than @usage). |
| 57 | */ | 57 | */ |
| 58 | struct seccomp_filter { | 58 | struct seccomp_filter { |
| 59 | atomic_t usage; | 59 | refcount_t usage; |
| 60 | struct seccomp_filter *prev; | 60 | struct seccomp_filter *prev; |
| 61 | struct bpf_prog *prog; | 61 | struct bpf_prog *prog; |
| 62 | }; | 62 | }; |
| @@ -378,7 +378,7 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) | |||
| 378 | return ERR_PTR(ret); | 378 | return ERR_PTR(ret); |
| 379 | } | 379 | } |
| 380 | 380 | ||
| 381 | atomic_set(&sfilter->usage, 1); | 381 | refcount_set(&sfilter->usage, 1); |
| 382 | 382 | ||
| 383 | return sfilter; | 383 | return sfilter; |
| 384 | } | 384 | } |
| @@ -465,7 +465,7 @@ void get_seccomp_filter(struct task_struct *tsk) | |||
| 465 | if (!orig) | 465 | if (!orig) |
| 466 | return; | 466 | return; |
| 467 | /* Reference count is bounded by the number of total processes. */ | 467 | /* Reference count is bounded by the number of total processes. */ |
| 468 | atomic_inc(&orig->usage); | 468 | refcount_inc(&orig->usage); |
| 469 | } | 469 | } |
| 470 | 470 | ||
| 471 | static inline void seccomp_filter_free(struct seccomp_filter *filter) | 471 | static inline void seccomp_filter_free(struct seccomp_filter *filter) |
| @@ -481,7 +481,7 @@ void put_seccomp_filter(struct task_struct *tsk) | |||
| 481 | { | 481 | { |
| 482 | struct seccomp_filter *orig = tsk->seccomp.filter; | 482 | struct seccomp_filter *orig = tsk->seccomp.filter; |
| 483 | /* Clean up single-reference branches iteratively. */ | 483 | /* Clean up single-reference branches iteratively. */ |
| 484 | while (orig && atomic_dec_and_test(&orig->usage)) { | 484 | while (orig && refcount_dec_and_test(&orig->usage)) { |
| 485 | struct seccomp_filter *freeme = orig; | 485 | struct seccomp_filter *freeme = orig; |
| 486 | orig = orig->prev; | 486 | orig = orig->prev; |
| 487 | seccomp_filter_free(freeme); | 487 | seccomp_filter_free(freeme); |