Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull seccomp fix from James Morris. BUG(!spin_is_locked()) really doesn't work very well in UP configurations without any actual spinlock state. Which is very much why we have that "assert_spin_lock()" function for this. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-08-14 12:09:48 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-08-14 12:09:48 -0400
commit: 311bf6d1cbfc288ccd6e6480cbf104da2447b524 (patch)
tree: 1daf6dea42eee46481feef90a66242df9e768f38 /kernel
parent: 82f05a08e27755835c948b7a45b86fac9e114e1d (diff)
parent: 69f6a34bdeea4fec50bb90619bc9602973119572 (diff)
2 files changed, 6 insertions, 6 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index 1380d8ace334..0cf9cdb6e491 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1105,7 +1105,7 @@ static void copy_seccomp(struct task_struct *p)
         * needed because this new task is not yet running and cannot
         * be racing exec.
         */
-        BUG_ON(!spin_is_locked(&current->sighand->siglock));
+        assert_spin_locked(&current->sighand->siglock);
        /* Ref-count the new filter user, and assign it. */
        get_seccomp_filter(current);
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 25b0043f4755..44eb005c6695 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -203,7 +203,7 @@ static u32 seccomp_run_filters(int syscall)
 static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode)
 {
-        BUG_ON(!spin_is_locked(&current->sighand->siglock));
+        assert_spin_locked(&current->sighand->siglock);
        if (current->seccomp.mode && current->seccomp.mode != seccomp_mode)
                return false;
@@ -214,7 +214,7 @@ static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode)
 static inline void seccomp_assign_mode(struct task_struct *task,
                                       unsigned long seccomp_mode)
 {
-        BUG_ON(!spin_is_locked(&task->sighand->siglock));
+        assert_spin_locked(&task->sighand->siglock);
        task->seccomp.mode = seccomp_mode;
        /*
@@ -253,7 +253,7 @@ static inline pid_t seccomp_can_sync_threads(void)
        struct task_struct *thread, *caller;
        BUG_ON(!mutex_is_locked(&current->signal->cred_guard_mutex));
-        BUG_ON(!spin_is_locked(&current->sighand->siglock));
+        assert_spin_locked(&current->sighand->siglock);
        /* Validate all threads being eligible for synchronization. */
        caller = current;
@@ -294,7 +294,7 @@ static inline void seccomp_sync_threads(void)
        struct task_struct *thread, *caller;
        BUG_ON(!mutex_is_locked(&current->signal->cred_guard_mutex));
-        BUG_ON(!spin_is_locked(&current->sighand->siglock));
+        assert_spin_locked(&current->sighand->siglock);
        /* Synchronize all threads. */
        caller = current;
@@ -464,7 +464,7 @@ static long seccomp_attach_filter(unsigned int flags,
        unsigned long total_insns;
        struct seccomp_filter *walker;
-        BUG_ON(!spin_is_locked(&current->sighand->siglock));
+        assert_spin_locked(&current->sighand->siglock);
        /* Validate resulting filter length. */
        total_insns = filter->prog->len;
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-08-14 12:09:48 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-08-14 12:09:48 -0400
commit	311bf6d1cbfc288ccd6e6480cbf104da2447b524 (patch)
tree	1daf6dea42eee46481feef90a66242df9e768f38 /kernel
parent	82f05a08e27755835c948b7a45b86fac9e114e1d (diff)
parent	69f6a34bdeea4fec50bb90619bc9602973119572 (diff)

diff --git a/kernel/fork.c b/kernel/fork.c index 1380d8ace334..0cf9cdb6e491 100644 --- a/kernel/fork.c +++ b/kernel/fork.c
@@ -1105,7 +1105,7 @@ static void copy_seccomp(struct task_struct *p)
1105	* needed because this new task is not yet running and cannot	1105	* needed because this new task is not yet running and cannot
1106	* be racing exec.	1106	* be racing exec.
1107	*/	1107	*/
1108	BUG_ON(!spin_is_locked(&current->sighand->siglock));	1108	assert_spin_locked(&current->sighand->siglock);
1109		1109
1110	/* Ref-count the new filter user, and assign it. */	1110	/* Ref-count the new filter user, and assign it. */
1111	get_seccomp_filter(current);	1111	get_seccomp_filter(current);


diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 25b0043f4755..44eb005c6695 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c
@@ -203,7 +203,7 @@ static u32 seccomp_run_filters(int syscall)
203		203
204	static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode)	204	static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode)
205	{	205	{
206	BUG_ON(!spin_is_locked(&current->sighand->siglock));	206	assert_spin_locked(&current->sighand->siglock);
207		207
208	if (current->seccomp.mode && current->seccomp.mode != seccomp_mode)	208	if (current->seccomp.mode && current->seccomp.mode != seccomp_mode)
209	return false;	209	return false;
@@ -214,7 +214,7 @@ static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode)
214	static inline void seccomp_assign_mode(struct task_struct *task,	214	static inline void seccomp_assign_mode(struct task_struct *task,
215	unsigned long seccomp_mode)	215	unsigned long seccomp_mode)
216	{	216	{
217	BUG_ON(!spin_is_locked(&task->sighand->siglock));	217	assert_spin_locked(&task->sighand->siglock);
218		218
219	task->seccomp.mode = seccomp_mode;	219	task->seccomp.mode = seccomp_mode;
220	/*	220	/*
@@ -253,7 +253,7 @@ static inline pid_t seccomp_can_sync_threads(void)
253	struct task_struct thread, caller;	253	struct task_struct thread, caller;
254		254
255	BUG_ON(!mutex_is_locked(&current->signal->cred_guard_mutex));	255	BUG_ON(!mutex_is_locked(&current->signal->cred_guard_mutex));
256	BUG_ON(!spin_is_locked(&current->sighand->siglock));	256	assert_spin_locked(&current->sighand->siglock);
257		257
258	/* Validate all threads being eligible for synchronization. */	258	/* Validate all threads being eligible for synchronization. */
259	caller = current;	259	caller = current;
@@ -294,7 +294,7 @@ static inline void seccomp_sync_threads(void)
294	struct task_struct thread, caller;	294	struct task_struct thread, caller;
295		295
296	BUG_ON(!mutex_is_locked(&current->signal->cred_guard_mutex));	296	BUG_ON(!mutex_is_locked(&current->signal->cred_guard_mutex));
297	BUG_ON(!spin_is_locked(&current->sighand->siglock));	297	assert_spin_locked(&current->sighand->siglock);
298		298
299	/* Synchronize all threads. */	299	/* Synchronize all threads. */
300	caller = current;	300	caller = current;
@@ -464,7 +464,7 @@ static long seccomp_attach_filter(unsigned int flags,
464	unsigned long total_insns;	464	unsigned long total_insns;
465	struct seccomp_filter *walker;	465	struct seccomp_filter *walker;
466		466
467	BUG_ON(!spin_is_locked(&current->sighand->siglock));	467	assert_spin_locked(&current->sighand->siglock);
468		468
469	/* Validate resulting filter length. */	469	/* Validate resulting filter length. */
470	total_insns = filter->prog->len;	470	total_insns = filter->prog->len;