|
|
@@ -194,7 +194,23 @@ static u32 seccomp_run_filters(int syscall)
|
|
|
}
|
|
|
return ret;
|
|
|
}
|
|
|
+#endif /* CONFIG_SECCOMP_FILTER */
|
|
|
|
|
|
+static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode)
|
|
|
+{
|
|
|
+ if (current->seccomp.mode && current->seccomp.mode != seccomp_mode)
|
|
|
+ return false;
|
|
|
+
|
|
|
+ return true;
|
|
|
+}
|
|
|
+
|
|
|
+static inline void seccomp_assign_mode(unsigned long seccomp_mode)
|
|
|
+{
|
|
|
+ current->seccomp.mode = seccomp_mode;
|
|
|
+ set_tsk_thread_flag(current, TIF_SECCOMP);
|
|
|
+}
|
|
|
+
|
|
|
+#ifdef CONFIG_SECCOMP_FILTER
|
|
|
/**
|
|
|
* seccomp_attach_filter: Attaches a seccomp filter to current.
|
|
|
* @fprog: BPF program to install
|
|
|
@@ -490,8 +506,7 @@ static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
|
|
|
{
|
|
|
long ret = -EINVAL;
|
|
|
|
|
|
- if (current->seccomp.mode &&
|
|
|
- current->seccomp.mode != seccomp_mode)
|
|
|
+ if (!seccomp_may_assign_mode(seccomp_mode))
|
|
|
goto out;
|
|
|
|
|
|
switch (seccomp_mode) {
|
|
|
@@ -512,8 +527,7 @@ static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
|
|
|
goto out;
|
|
|
}
|
|
|
|
|
|
- current->seccomp.mode = seccomp_mode;
|
|
|
- set_thread_flag(TIF_SECCOMP);
|
|
|
+ seccomp_assign_mode(seccomp_mode);
|
|
|
out:
|
|
|
return ret;
|
|
|
}
|
Kees Cook