On Thu, Sep 21, 2017 at 3:57 AM, Oleg Nesterov <o...@redhat.com> wrote: > On 09/20, Kees Cook wrote: >> >> On Wed, Sep 20, 2017 at 5:56 AM, Oleg Nesterov <o...@redhat.com> wrote: >> > @@ -908,13 +912,13 @@ long seccomp_get_filter(struct task_struct *task, >> > unsigned long filter_off, >> > if (!data) >> > goto out; >> > >> > - get_seccomp_filter(task); >> > + refcount_inc(&filter->usage); >> > spin_unlock_irq(&task->sighand->siglock); >> > >> > if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog))) >> > ret = -EFAULT; >> > >> > - put_seccomp_filter(task); >> > + __put_seccomp_filter(filter); >> > return ret; >> >> Given how reference counting is done for filters, I'd be happier with >> leaving the get_seccomp_filter() as-is, > > No, please note that filter != tsk->seccomp.filter, get_seccomp_filter() > won't work.
Ah yes, sorry, you're right. >> (i.e. don't open-code >> the refcount_inc()). > > agreed, probably another __get_seccomp_filter(filter) makes sense, especially > if we do other changes like get_nth(). > > But imo not in this fix. Regardless, whatever lands will need backport adjustment for refcount_*/atomic_* in -stable. Can you resend the two patches; I can send the backport to -stable manually... -Kees -- Kees Cook Pixel Security
