On Tue, Feb 07, 2017 at 03:18:51PM -0800, Kees Cook wrote:
> The SECCOMP_RET_KILL filter return code has always killed the current
> thread, not the entire process. Changing this as a side-effect of dumping
> core isn't a safe thing to do (a few test suites have already flagged this
> behavioral change). Instead, restore the RET_KILL semantics, but still
> dump core when a RET_KILL delivers SIGSYS to a single-threaded process.
>
> Fixes: b25e67161c29 ("seccomp: dump core when using SECCOMP_RET_KILL")
> Signed-off-by: Kees Cook <keesc...@chromium.org>
All CRIU tests passed with this patch. Thanks!
Acked-by: Andrei Vagin <ava...@virtuozzo.com>
> ---
> kernel/seccomp.c | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
> index f8f88ebcb3ba..e15185c28de5 100644
> --- a/kernel/seccomp.c
> +++ b/kernel/seccomp.c
> @@ -643,11 +643,14 @@ static int __seccomp_filter(int this_syscall, const
> struct seccomp_data *sd,
> default: {
> siginfo_t info;
> audit_seccomp(this_syscall, SIGSYS, action);
> - /* Show the original registers in the dump. */
> - syscall_rollback(current, task_pt_regs(current));
> - /* Trigger a manual coredump since do_exit skips it. */
> - seccomp_init_siginfo(&info, this_syscall, data);
> - do_coredump(&info);
> + /* Dump core only if this is the last remaining thread. */
> + if (get_nr_threads(current) == 1) {
> + /* Show the original registers in the dump. */
> + syscall_rollback(current, task_pt_regs(current));
> + /* Trigger a manual coredump since do_exit skips it. */
> + seccomp_init_siginfo(&info, this_syscall, data);
> + do_coredump(&info);
> + }
> do_exit(SIGSYS);
> }
> }
> --
> 2.7.4
>
>
> --
> Kees Cook
> Pixel Security
