diff options
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/seccomp.c | 7 | ||||
-rw-r--r-- | kernel/user_namespace.c | 21 |
2 files changed, 21 insertions, 7 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index ad64fcb731f2..57d4b13b631d 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c | |||
@@ -8,6 +8,7 @@ | |||
8 | 8 | ||
9 | #include <linux/seccomp.h> | 9 | #include <linux/seccomp.h> |
10 | #include <linux/sched.h> | 10 | #include <linux/sched.h> |
11 | #include <linux/compat.h> | ||
11 | 12 | ||
12 | /* #define SECCOMP_DEBUG 1 */ | 13 | /* #define SECCOMP_DEBUG 1 */ |
13 | #define NR_SECCOMP_MODES 1 | 14 | #define NR_SECCOMP_MODES 1 |
@@ -22,7 +23,7 @@ static int mode1_syscalls[] = { | |||
22 | 0, /* null terminated */ | 23 | 0, /* null terminated */ |
23 | }; | 24 | }; |
24 | 25 | ||
25 | #ifdef TIF_32BIT | 26 | #ifdef CONFIG_COMPAT |
26 | static int mode1_syscalls_32[] = { | 27 | static int mode1_syscalls_32[] = { |
27 | __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32, | 28 | __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32, |
28 | 0, /* null terminated */ | 29 | 0, /* null terminated */ |
@@ -37,8 +38,8 @@ void __secure_computing(int this_syscall) | |||
37 | switch (mode) { | 38 | switch (mode) { |
38 | case 1: | 39 | case 1: |
39 | syscall = mode1_syscalls; | 40 | syscall = mode1_syscalls; |
40 | #ifdef TIF_32BIT | 41 | #ifdef CONFIG_COMPAT |
41 | if (test_thread_flag(TIF_32BIT)) | 42 | if (is_compat_task()) |
42 | syscall = mode1_syscalls_32; | 43 | syscall = mode1_syscalls_32; |
43 | #endif | 44 | #endif |
44 | do { | 45 | do { |
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 79084311ee57..076c7c8215b0 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c | |||
@@ -60,12 +60,25 @@ int create_user_ns(struct cred *new) | |||
60 | return 0; | 60 | return 0; |
61 | } | 61 | } |
62 | 62 | ||
63 | void free_user_ns(struct kref *kref) | 63 | /* |
64 | * Deferred destructor for a user namespace. This is required because | ||
65 | * free_user_ns() may be called with uidhash_lock held, but we need to call | ||
66 | * back to free_uid() which will want to take the lock again. | ||
67 | */ | ||
68 | static void free_user_ns_work(struct work_struct *work) | ||
64 | { | 69 | { |
65 | struct user_namespace *ns; | 70 | struct user_namespace *ns = |
66 | 71 | container_of(work, struct user_namespace, destroyer); | |
67 | ns = container_of(kref, struct user_namespace, kref); | ||
68 | free_uid(ns->creator); | 72 | free_uid(ns->creator); |
69 | kfree(ns); | 73 | kfree(ns); |
70 | } | 74 | } |
75 | |||
76 | void free_user_ns(struct kref *kref) | ||
77 | { | ||
78 | struct user_namespace *ns = | ||
79 | container_of(kref, struct user_namespace, kref); | ||
80 | |||
81 | INIT_WORK(&ns->destroyer, free_user_ns_work); | ||
82 | schedule_work(&ns->destroyer); | ||
83 | } | ||
71 | EXPORT_SYMBOL(free_user_ns); | 84 | EXPORT_SYMBOL(free_user_ns); |