On Sun, May 31, 2020 at 01:50:29PM +0200, Christian Brauner wrote: > The seccomp filter used to be released in free_task() which is called > asynchronously via call_rcu() and assorted mechanisms. Since we need > to inform tasks waiting on the seccomp notifier when a filter goes empty > we will notify them as soon as a task has been marked fully dead in > release_task(). To not split seccomp cleanup into two parts, move > filter release out of free_task() and into release_task() after we've > unhashed struct task from struct pid, exited signals, and unlinked it > from the threadgroups' thread list. We'll put the empty filter > notification infrastructure into it in a follow up patch. > > This also renames put_seccomp_filter() to seccomp_filter_release() which > is a more descriptive name of what we're doing here especially once > we've added the empty filter notification mechanism in there. > > We're also NULL-ing the task's filter tree entrypoint which seems > cleaner than leaving a dangling pointer in there. Note that this shouldn't > need any memory barriers since we're calling this when the task is in > release_task() which means it's EXIT_DEAD. So it can't modify it's seccomp > filters anymore. You can also see this from the point where we're calling > seccomp_filter_release(). It's after __exit_signal() and at this point, > tsk->sighand will already have been NULLed which is required for > thread-sync and filter installation alike. > > Cc: Tycho Andersen <ty...@tycho.ws> > Cc: Kees Cook <keesc...@chromium.org> > Cc: Matt Denton <mpden...@google.com> > Cc: Sargun Dhillon <sar...@sargun.me> > Cc: Jann Horn <ja...@google.com> > Cc: Chris Palmer <pal...@google.com> > Cc: Aleksa Sarai <cyp...@cyphar.com> > Cc: Robert Sesek <rse...@google.com> > Cc: Jeffrey Vander Stoep <je...@google.com> > Cc: Linux Containers <contain...@lists.linux-foundation.org> > Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
Thanks! Applied with typo fixes to the commit log, a slightly expanded comment on seccomp_filter_release() to just drive home the reason we don't need barriers, and a variable renaming to avoid some needless churn in the coming patches... -- Kees Cook
