Google Git
Sign in
kernel/pub/scm/linux/kernel/git/ast/bpf/refs/heads/seccomp^!/.
commit
3438c4d2a1bb4fa4a701abfeb099be57dde79354
[log]
author
Alexei Starovoitov <ast@kernel.org>
Thu Feb 21 10:40:14 2019 -0800
committer
Alexei Starovoitov <ast@kernel.org>
Thu Feb 21 11:13:43 2019 -0800
tree
b6484e87e9077adc485a55d7a2baf92640dd9660
parent
74e31ca850c1cddeca03503171dd145b6ce293b6 [diff]
seccomp, bpf: disable preemption before calling into bpf prog

All BPF programs must be called with preemption disabled.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index e815781..a43c601 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c

@@ -267,6 +267,7 @@ static u32 seccomp_run_filters(const struct seccomp_data *sd,
 	 * All filters in the list are evaluated and the lowest BPF return
 	 * value always takes priority (ignoring the DATA).
 	 */
+	preempt_disable();
 	for (; f; f = f->prev) {
 		u32 cur_ret = BPF_PROG_RUN(f->prog, sd);
 
@@ -275,6 +276,7 @@ static u32 seccomp_run_filters(const struct seccomp_data *sd,
 			*match = f;
 		}
 	}
+	preempt_enable();
 	return ret;
 }
 #endif /* CONFIG_SECCOMP_FILTER */