On Fri, Nov 21, 2014 at 7:06 AM, Pranith Kumar <bobby.pr...@gmail.com> wrote:
> Recently lockless_dereference() was added which can be used in place of
> hard-coding smp_read_barrier_depends(). The following PATCH makes the change.
>
> Signed-off-by: Pranith Kumar <bobby.pr...@gmail.com>
> ---
> kernel/seccomp.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
Thanks!
Acked-by: Kees Cook <keesc...@chromium.org>
Do you need me to carry this patch in the seccomp tree, or will
someone else be taking your entire series?
-Kees
>
> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
> index 4ef9687..3729b06 100644
> --- a/kernel/seccomp.c
> +++ b/kernel/seccomp.c
> @@ -175,17 +175,16 @@ static int seccomp_check_filter(struct sock_filter
> *filter, unsigned int flen)
> */
> static u32 seccomp_run_filters(struct seccomp_data *sd)
> {
> - struct seccomp_filter *f = ACCESS_ONCE(current->seccomp.filter);
> struct seccomp_data sd_local;
> u32 ret = SECCOMP_RET_ALLOW;
> + /* Make sure cross-thread synced filter points somewhere sane. */
> + struct seccomp_filter *f =
> + lockless_dereference(current->seccomp.filter);
>
> /* Ensure unexpected behavior doesn't result in failing open. */
> if (unlikely(WARN_ON(f == NULL)))
> return SECCOMP_RET_KILL;
>
> - /* Make sure cross-thread synced filter points somewhere sane. */
> - smp_read_barrier_depends();
> -
> if (!sd) {
> populate_seccomp_data(&sd_local);
> sd = &sd_local;
> --
> 1.9.1
>
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
