Lines Matching +full:current +full:- +full:mode
1 // SPDX-License-Identifier: GPL-2.0
5 * Copyright 2004-2005 Andrea Arcangeli <andrea@cpushare.com>
10 * This defines a simple but solid secure-computing facility.
12 * Mode 1 uses a fixed list of allowed system calls.
13 * Mode 2 allows user-defined system call filters in the form
105 * struct seccomp_kaddfd - container for seccomp_addfd ioctl messages
108 * @fd: The fd number to install it at. If the fd number is -1, it means the
138 * struct notification - container for seccomp userspace notifications. Since
140 * structure is fairly large, we store the notification-specific stuff in a
145 * filter->notify_lock.
160 * struct action_cache - per-filter cache of seccomp actions per
191 * struct seccomp_filter - container for seccomp BPF programs
200 * and once for the dependent filter (tracked in filter->prev).
213 * @notify_lock: A lock for all notification-related accesses.
217 * pointer. For any task, it appears to be a singly-linked list starting
218 * with current->seccomp.filter, the most recently attached or inherited filter.
250 * to safely fetch "current", so just use "task" everywhere below. in populate_seccomp_data()
252 struct task_struct *task = current; in populate_seccomp_data()
256 sd->nr = syscall_get_nr(task, regs); in populate_seccomp_data()
257 sd->arch = syscall_get_arch(task); in populate_seccomp_data()
259 sd->args[0] = args[0]; in populate_seccomp_data()
260 sd->args[1] = args[1]; in populate_seccomp_data()
261 sd->args[2] = args[2]; in populate_seccomp_data()
262 sd->args[3] = args[3]; in populate_seccomp_data()
263 sd->args[4] = args[4]; in populate_seccomp_data()
264 sd->args[5] = args[5]; in populate_seccomp_data()
265 sd->instruction_pointer = KSTK_EIP(task); in populate_seccomp_data()
269 * seccomp_check_filter - verify seccomp filter code
278 * Returns 0 if the rule set is legal or -EINVAL if not.
285 u16 code = ftest->code; in seccomp_check_filter()
286 u32 k = ftest->k; in seccomp_check_filter()
290 ftest->code = BPF_LDX | BPF_W | BPF_ABS; in seccomp_check_filter()
291 /* 32-bit aligned and not out of bounds. */ in seccomp_check_filter()
293 return -EINVAL; in seccomp_check_filter()
296 ftest->code = BPF_LD | BPF_IMM; in seccomp_check_filter()
297 ftest->k = sizeof(struct seccomp_data); in seccomp_check_filter()
300 ftest->code = BPF_LDX | BPF_IMM; in seccomp_check_filter()
301 ftest->k = sizeof(struct seccomp_data); in seccomp_check_filter()
344 return -EINVAL; in seccomp_check_filter()
363 * seccomp_cache_check_allow - lookup seccomp cache
372 int syscall_nr = sd->nr; in seccomp_cache_check_allow()
373 const struct action_cache *cache = &sfilter->cache; in seccomp_cache_check_allow()
376 /* A native-only architecture doesn't need to check sd->arch. */ in seccomp_cache_check_allow()
377 return seccomp_cache_check_allow_bitmap(cache->allow_native, in seccomp_cache_check_allow()
381 if (likely(sd->arch == SECCOMP_ARCH_NATIVE)) in seccomp_cache_check_allow()
382 return seccomp_cache_check_allow_bitmap(cache->allow_native, in seccomp_cache_check_allow()
385 if (likely(sd->arch == SECCOMP_ARCH_COMPAT)) in seccomp_cache_check_allow()
386 return seccomp_cache_check_allow_bitmap(cache->allow_compat, in seccomp_cache_check_allow()
398 * seccomp_run_filters - evaluates all seccomp filters against @sd
410 /* Make sure cross-thread synced filter points somewhere sane. */ in seccomp_run_filters()
412 READ_ONCE(current->seccomp.filter); in seccomp_run_filters()
425 for (; f; f = f->prev) { in seccomp_run_filters()
426 u32 cur_ret = bpf_prog_run_pin_on_cpu(f->prog, sd); in seccomp_run_filters()
439 assert_spin_locked(¤t->sighand->siglock); in seccomp_may_assign_mode()
441 if (current->seccomp.mode && current->seccomp.mode != seccomp_mode) in seccomp_may_assign_mode()
453 assert_spin_locked(&task->sighand->siglock); in seccomp_assign_mode()
455 task->seccomp.mode = seccomp_mode; in seccomp_assign_mode()
457 * Make sure SYSCALL_WORK_SECCOMP cannot be set before the mode (and in seccomp_assign_mode()
475 for (; child; child = child->prev) in is_ancestor()
486 * Returns 0 on success, -ve on error, or the pid of a thread which was
487 * either not in the correct seccomp mode or did not have an ancestral
494 BUG_ON(!mutex_is_locked(¤t->signal->cred_guard_mutex)); in seccomp_can_sync_threads()
495 assert_spin_locked(¤t->sighand->siglock); in seccomp_can_sync_threads()
498 caller = current; in seccomp_can_sync_threads()
502 /* Skip current, since it is initiating the sync. */ in seccomp_can_sync_threads()
506 if (thread->flags & PF_EXITING) in seccomp_can_sync_threads()
509 if (thread->seccomp.mode == SECCOMP_MODE_DISABLED || in seccomp_can_sync_threads()
510 (thread->seccomp.mode == SECCOMP_MODE_FILTER && in seccomp_can_sync_threads()
511 is_ancestor(thread->seccomp.filter, in seccomp_can_sync_threads()
512 caller->seccomp.filter))) in seccomp_can_sync_threads()
517 /* If the pid cannot be resolved, then return -ESRCH */ in seccomp_can_sync_threads()
519 failed = -ESRCH; in seccomp_can_sync_threads()
529 bpf_prog_destroy(filter->prog); in seccomp_filter_free()
536 while (orig && refcount_dec_and_test(&orig->users)) { in __seccomp_filter_orphan()
537 if (waitqueue_active(&orig->wqh)) in __seccomp_filter_orphan()
538 wake_up_poll(&orig->wqh, EPOLLHUP); in __seccomp_filter_orphan()
539 orig = orig->prev; in __seccomp_filter_orphan()
545 /* Clean up single-reference branches iteratively. */ in __put_seccomp_filter()
546 while (orig && refcount_dec_and_test(&orig->refs)) { in __put_seccomp_filter()
548 orig = orig->prev; in __put_seccomp_filter()
562 * seccomp_filter_release - Detach the task from its filter tree,
576 if (WARN_ON((tsk->flags & PF_EXITING) == 0)) in seccomp_filter_release()
579 spin_lock_irq(&tsk->sighand->siglock); in seccomp_filter_release()
580 orig = tsk->seccomp.filter; in seccomp_filter_release()
582 tsk->seccomp.filter = NULL; in seccomp_filter_release()
583 spin_unlock_irq(&tsk->sighand->siglock); in seccomp_filter_release()
588 * seccomp_sync_threads: sets all threads to use current's filter
601 BUG_ON(!mutex_is_locked(¤t->signal->cred_guard_mutex)); in seccomp_sync_threads()
602 assert_spin_locked(¤t->sighand->siglock); in seccomp_sync_threads()
605 caller = current; in seccomp_sync_threads()
607 /* Skip current, since it needs no changes. */ in seccomp_sync_threads()
615 if (thread->flags & PF_EXITING) in seccomp_sync_threads()
623 * current's path will hold a reference. (This also in seccomp_sync_threads()
626 __seccomp_filter_release(thread->seccomp.filter); in seccomp_sync_threads()
629 smp_store_release(&thread->seccomp.filter, in seccomp_sync_threads()
630 caller->seccomp.filter); in seccomp_sync_threads()
631 atomic_set(&thread->seccomp.filter_count, in seccomp_sync_threads()
632 atomic_read(&caller->seccomp.filter_count)); in seccomp_sync_threads()
645 * As threads are considered to be trust-realm in seccomp_sync_threads()
649 if (thread->seccomp.mode == SECCOMP_MODE_DISABLED) in seccomp_sync_threads()
672 if (fprog->len == 0 || fprog->len > BPF_MAXINSNS) in seccomp_prepare_filter()
673 return ERR_PTR(-EINVAL); in seccomp_prepare_filter()
675 BUG_ON(INT_MAX / fprog->len < sizeof(struct sock_filter)); in seccomp_prepare_filter()
683 if (!task_no_new_privs(current) && in seccomp_prepare_filter()
685 return ERR_PTR(-EACCES); in seccomp_prepare_filter()
690 return ERR_PTR(-ENOMEM); in seccomp_prepare_filter()
692 mutex_init(&sfilter->notify_lock); in seccomp_prepare_filter()
693 ret = bpf_prog_create_from_user(&sfilter->prog, fprog, in seccomp_prepare_filter()
700 refcount_set(&sfilter->refs, 1); in seccomp_prepare_filter()
701 refcount_set(&sfilter->users, 1); in seccomp_prepare_filter()
702 init_waitqueue_head(&sfilter->wqh); in seccomp_prepare_filter()
708 * seccomp_prepare_user_filter - prepares a user-supplied sock_fprog
711 * Returns 0 on success and non-zero otherwise.
717 struct seccomp_filter *filter = ERR_PTR(-EFAULT); in seccomp_prepare_user_filter()
737 * seccomp_is_const_allow - check if filter is constant allow with given data
755 if (sd->arch == SECCOMP_ARCH_NATIVE) in seccomp_is_const_allow()
757 if (sd->nr == __NR_uretprobe) in seccomp_is_const_allow()
761 for (pc = 0; pc < fprog->len; pc++) { in seccomp_is_const_allow()
762 struct sock_filter *insn = &fprog->filter[pc]; in seccomp_is_const_allow()
763 u16 code = insn->code; in seccomp_is_const_allow()
764 u32 k = insn->k; in seccomp_is_const_allow()
770 reg_value = sd->nr; in seccomp_is_const_allow()
773 reg_value = sd->arch; in seccomp_is_const_allow()
776 /* can't optimize (non-constant value load) */ in seccomp_is_const_allow()
784 pc += insn->k; in seccomp_is_const_allow()
808 pc += op_res ? insn->jt : insn->jf; in seccomp_is_const_allow()
828 struct sock_fprog_kern *fprog = sfilter->prog->orig_prog; in seccomp_cache_prepare_bitmap()
861 * seccomp_cache_prepare - emulate the filter to find cacheable syscalls
864 * Returns 0 if successful or -errno if error occurred.
868 struct action_cache *cache = &sfilter->cache; in seccomp_cache_prepare()
870 sfilter->prev ? &sfilter->prev->cache : NULL; in seccomp_cache_prepare()
872 seccomp_cache_prepare_bitmap(sfilter, cache->allow_native, in seccomp_cache_prepare()
873 cache_prev ? cache_prev->allow_native : NULL, in seccomp_cache_prepare()
878 seccomp_cache_prepare_bitmap(sfilter, cache->allow_compat, in seccomp_cache_prepare()
879 cache_prev ? cache_prev->allow_compat : NULL, in seccomp_cache_prepare()
889 * @filter: seccomp filter to add to the current process
891 * Caller must be holding current->sighand->siglock lock.
893 * Returns 0 on success, -ve on error, or
894 * - in TSYNC mode: the pid of a thread which was either not in the correct
895 * seccomp mode or did not have an ancestral seccomp filter
896 * - in NEW_LISTENER mode: the fd of the new listener
904 assert_spin_locked(¤t->sighand->siglock); in seccomp_attach_filter()
907 total_insns = filter->prog->len; in seccomp_attach_filter()
908 for (walker = current->seccomp.filter; walker; walker = walker->prev) in seccomp_attach_filter()
909 total_insns += walker->prog->len + 4; /* 4 instr penalty */ in seccomp_attach_filter()
911 return -ENOMEM; in seccomp_attach_filter()
920 return -ESRCH; in seccomp_attach_filter()
928 filter->log = true; in seccomp_attach_filter()
932 filter->wait_killable_recv = true; in seccomp_attach_filter()
938 filter->prev = current->seccomp.filter; in seccomp_attach_filter()
940 current->seccomp.filter = filter; in seccomp_attach_filter()
941 atomic_inc(¤t->seccomp.filter_count); in seccomp_attach_filter()
952 refcount_inc(&filter->refs); in __get_seccomp_filter()
955 /* get_seccomp_filter - increments the reference count of the filter on @tsk */
958 struct seccomp_filter *orig = tsk->seccomp.filter; in get_seccomp_filter()
962 refcount_inc(&orig->users); in get_seccomp_filter()
1029 * Secure computing mode 1 allows only read/write/exit/sigreturn.
1038 -1, /* negative terminated */
1051 } while (*++allowed_syscalls != -1); in __secure_computing_strict()
1056 current->seccomp.mode = SECCOMP_MODE_DEAD; in __secure_computing_strict()
1064 int mode = current->seccomp.mode; in secure_computing_strict() local
1067 unlikely(current->ptrace & PT_SUSPEND_SECCOMP)) in secure_computing_strict()
1070 if (mode == SECCOMP_MODE_DISABLED) in secure_computing_strict()
1072 else if (mode == SECCOMP_MODE_STRICT) in secure_computing_strict()
1086 lockdep_assert_held(&filter->notify_lock); in seccomp_next_notify_id()
1087 return filter->notif->next_id++; in seccomp_next_notify_id()
1098 list_del_init(&addfd->list); in seccomp_handle_addfd()
1099 if (!addfd->setfd) in seccomp_handle_addfd()
1100 fd = receive_fd(addfd->file, NULL, addfd->flags); in seccomp_handle_addfd()
1102 fd = receive_fd_replace(addfd->fd, addfd->file, addfd->flags); in seccomp_handle_addfd()
1103 addfd->ret = fd; in seccomp_handle_addfd()
1105 if (addfd->ioctl_flags & SECCOMP_ADDFD_FLAG_SEND) { in seccomp_handle_addfd()
1108 n->state = SECCOMP_NOTIFY_SENT; in seccomp_handle_addfd()
1111 n->flags = 0; in seccomp_handle_addfd()
1112 n->error = 0; in seccomp_handle_addfd()
1113 n->val = fd; in seccomp_handle_addfd()
1121 complete(&addfd->completion); in seccomp_handle_addfd()
1127 return match->wait_killable_recv && n->state == SECCOMP_NOTIFY_SENT; in should_sleep_killable()
1140 mutex_lock(&match->notify_lock); in seccomp_do_user_notification()
1141 err = -ENOSYS; in seccomp_do_user_notification()
1142 if (!match->notif) in seccomp_do_user_notification()
1145 n.task = current; in seccomp_do_user_notification()
1150 list_add_tail(&n.list, &match->notif->notifications); in seccomp_do_user_notification()
1153 atomic_inc(&match->notif->requests); in seccomp_do_user_notification()
1154 if (match->notif->flags & SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP) in seccomp_do_user_notification()
1155 wake_up_poll_on_current_cpu(&match->wqh, EPOLLIN | EPOLLRDNORM); in seccomp_do_user_notification()
1157 wake_up_poll(&match->wqh, EPOLLIN | EPOLLRDNORM); in seccomp_do_user_notification()
1165 mutex_unlock(&match->notify_lock); in seccomp_do_user_notification()
1170 mutex_lock(&match->notify_lock); in seccomp_do_user_notification()
1199 addfd->ret = -ESRCH; in seccomp_do_user_notification()
1200 list_del_init(&addfd->list); in seccomp_do_user_notification()
1201 complete(&addfd->completion); in seccomp_do_user_notification()
1207 * re-acquire the lock, so only delete from the list if the in seccomp_do_user_notification()
1214 if (match->notif) in seccomp_do_user_notification()
1217 mutex_unlock(&match->notify_lock); in seccomp_do_user_notification()
1223 syscall_set_return_value(current, current_pt_regs(), in seccomp_do_user_notification()
1225 return -1; in seccomp_do_user_notification()
1237 * Make sure that any changes to mode from another thread have in __seccomp_filter()
1253 /* Set low-order bits as an errno, capped at MAX_ERRNO. */ in __seccomp_filter()
1256 syscall_set_return_value(current, current_pt_regs(), in __seccomp_filter()
1257 -data, 0); in __seccomp_filter()
1262 syscall_rollback(current, current_pt_regs()); in __seccomp_filter()
1273 if (!ptrace_event_enabled(current, PTRACE_EVENT_SECCOMP)) { in __seccomp_filter()
1274 syscall_set_return_value(current, in __seccomp_filter()
1276 -ENOSYS, 0); in __seccomp_filter()
1292 if (fatal_signal_pending(current)) in __seccomp_filter()
1295 this_syscall = syscall_get_nr(current, current_pt_regs()); in __seccomp_filter()
1306 return -1; in __seccomp_filter()
1331 current->seccomp.mode = SECCOMP_MODE_DEAD; in __seccomp_filter()
1335 (atomic_read(¤t->signal->live) == 1)) { in __seccomp_filter()
1337 syscall_rollback(current, current_pt_regs()); in __seccomp_filter()
1343 return -1; /* skip the syscall go directly to signal handling */ in __seccomp_filter()
1349 seccomp_log(this_syscall, 0, action, match ? match->log : false); in __seccomp_filter()
1350 return -1; in __seccomp_filter()
1358 return -1; in __seccomp_filter()
1364 int mode = current->seccomp.mode; in __secure_computing() local
1368 unlikely(current->ptrace & PT_SUSPEND_SECCOMP)) in __secure_computing()
1371 this_syscall = sd ? sd->nr : in __secure_computing()
1372 syscall_get_nr(current, current_pt_regs()); in __secure_computing()
1374 switch (mode) { in __secure_computing()
1384 return -1; in __secure_computing()
1393 return current->seccomp.mode; in prctl_get_seccomp()
1399 * Once current->seccomp.mode is non-zero, it may not be changed.
1401 * Returns 0 on success or -EINVAL on failure.
1406 long ret = -EINVAL; in seccomp_set_mode_strict()
1408 spin_lock_irq(¤t->sighand->siglock); in seccomp_set_mode_strict()
1416 seccomp_assign_mode(current, seccomp_mode, 0); in seccomp_set_mode_strict()
1420 spin_unlock_irq(¤t->sighand->siglock); in seccomp_set_mode_strict()
1428 kfree(filter->notif); in seccomp_notify_free()
1429 filter->notif = NULL; in seccomp_notify_free()
1439 mutex_lock(&filter->notify_lock); in seccomp_notify_detach()
1445 list_for_each_entry(knotif, &filter->notif->notifications, list) { in seccomp_notify_detach()
1446 if (knotif->state == SECCOMP_NOTIFY_REPLIED) in seccomp_notify_detach()
1449 knotif->state = SECCOMP_NOTIFY_REPLIED; in seccomp_notify_detach()
1450 knotif->error = -ENOSYS; in seccomp_notify_detach()
1451 knotif->val = 0; in seccomp_notify_detach()
1458 complete(&knotif->ready); in seccomp_notify_detach()
1462 mutex_unlock(&filter->notify_lock); in seccomp_notify_detach()
1467 struct seccomp_filter *filter = file->private_data; in seccomp_notify_release()
1480 lockdep_assert_held(&filter->notify_lock); in find_notification()
1482 list_for_each_entry(cur, &filter->notif->notifications, list) { in find_notification()
1483 if (cur->id == id) in find_notification()
1490 static int recv_wake_function(wait_queue_entry_t *wait, unsigned int mode, int sync, in recv_wake_function() argument
1496 return autoremove_wake_function(wait, mode, sync, key); in recv_wake_function()
1504 if (refcount_read(&filter->users) == 0) in recv_wait_event()
1507 if (atomic_dec_if_positive(&filter->notif->requests) >= 0) in recv_wait_event()
1511 ret = prepare_to_wait_event(&filter->wqh, &wait, TASK_INTERRUPTIBLE); in recv_wait_event()
1513 if (atomic_dec_if_positive(&filter->notif->requests) >= 0) in recv_wait_event()
1515 if (refcount_read(&filter->users) == 0) in recv_wait_event()
1523 finish_wait(&filter->wqh, &wait); in recv_wait_event()
1539 return -EINVAL; in seccomp_notify_recv()
1547 mutex_lock(&filter->notify_lock); in seccomp_notify_recv()
1548 list_for_each_entry(cur, &filter->notif->notifications, list) { in seccomp_notify_recv()
1549 if (cur->state == SECCOMP_NOTIFY_INIT) { in seccomp_notify_recv()
1561 ret = -ENOENT; in seccomp_notify_recv()
1565 unotif.id = knotif->id; in seccomp_notify_recv()
1566 unotif.pid = task_pid_vnr(knotif->task); in seccomp_notify_recv()
1567 unotif.data = *(knotif->data); in seccomp_notify_recv()
1569 knotif->state = SECCOMP_NOTIFY_SENT; in seccomp_notify_recv()
1570 wake_up_poll(&filter->wqh, EPOLLOUT | EPOLLWRNORM); in seccomp_notify_recv()
1573 mutex_unlock(&filter->notify_lock); in seccomp_notify_recv()
1576 ret = -EFAULT; in seccomp_notify_recv()
1584 mutex_lock(&filter->notify_lock); in seccomp_notify_recv()
1589 complete(&knotif->ready); in seccomp_notify_recv()
1590 knotif->state = SECCOMP_NOTIFY_INIT; in seccomp_notify_recv()
1591 atomic_inc(&filter->notif->requests); in seccomp_notify_recv()
1592 wake_up_poll(&filter->wqh, EPOLLIN | EPOLLRDNORM); in seccomp_notify_recv()
1594 mutex_unlock(&filter->notify_lock); in seccomp_notify_recv()
1608 return -EFAULT; in seccomp_notify_send()
1611 return -EINVAL; in seccomp_notify_send()
1615 return -EINVAL; in seccomp_notify_send()
1617 ret = mutex_lock_interruptible(&filter->notify_lock); in seccomp_notify_send()
1623 ret = -ENOENT; in seccomp_notify_send()
1628 if (knotif->state != SECCOMP_NOTIFY_SENT) { in seccomp_notify_send()
1629 ret = -EINPROGRESS; in seccomp_notify_send()
1634 knotif->state = SECCOMP_NOTIFY_REPLIED; in seccomp_notify_send()
1635 knotif->error = resp.error; in seccomp_notify_send()
1636 knotif->val = resp.val; in seccomp_notify_send()
1637 knotif->flags = resp.flags; in seccomp_notify_send()
1638 if (filter->notif->flags & SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP) in seccomp_notify_send()
1639 complete_on_current_cpu(&knotif->ready); in seccomp_notify_send()
1641 complete(&knotif->ready); in seccomp_notify_send()
1643 mutex_unlock(&filter->notify_lock); in seccomp_notify_send()
1655 return -EFAULT; in seccomp_notify_id_valid()
1657 ret = mutex_lock_interruptible(&filter->notify_lock); in seccomp_notify_id_valid()
1662 if (knotif && knotif->state == SECCOMP_NOTIFY_SENT) in seccomp_notify_id_valid()
1665 ret = -ENOENT; in seccomp_notify_id_valid()
1667 mutex_unlock(&filter->notify_lock); in seccomp_notify_id_valid()
1677 return -EINVAL; in seccomp_notify_set_flags()
1679 ret = mutex_lock_interruptible(&filter->notify_lock); in seccomp_notify_set_flags()
1682 filter->notif->flags = flags; in seccomp_notify_set_flags()
1683 mutex_unlock(&filter->notify_lock); in seccomp_notify_set_flags()
1700 return -EINVAL; in seccomp_notify_addfd()
1707 return -EINVAL; in seccomp_notify_addfd()
1710 return -EINVAL; in seccomp_notify_addfd()
1713 return -EINVAL; in seccomp_notify_addfd()
1717 return -EBADF; in seccomp_notify_addfd()
1725 ret = mutex_lock_interruptible(&filter->notify_lock); in seccomp_notify_addfd()
1731 ret = -ENOENT; in seccomp_notify_addfd()
1740 if (knotif->state != SECCOMP_NOTIFY_SENT) { in seccomp_notify_addfd()
1741 ret = -EINPROGRESS; in seccomp_notify_addfd()
1751 * the loop on the other side straight-forward. in seccomp_notify_addfd()
1753 if (!list_empty(&knotif->addfd)) { in seccomp_notify_addfd()
1754 ret = -EBUSY; in seccomp_notify_addfd()
1759 knotif->state = SECCOMP_NOTIFY_REPLIED; in seccomp_notify_addfd()
1762 list_add(&kaddfd.list, &knotif->addfd); in seccomp_notify_addfd()
1763 complete(&knotif->ready); in seccomp_notify_addfd()
1764 mutex_unlock(&filter->notify_lock); in seccomp_notify_addfd()
1780 mutex_lock(&filter->notify_lock); in seccomp_notify_addfd()
1794 mutex_unlock(&filter->notify_lock); in seccomp_notify_addfd()
1804 struct seccomp_filter *filter = file->private_data; in seccomp_notify_ioctl()
1807 /* Fixed-size ioctls */ in seccomp_notify_ioctl()
1826 return -EINVAL; in seccomp_notify_ioctl()
1833 struct seccomp_filter *filter = file->private_data; in seccomp_notify_poll()
1837 poll_wait(file, &filter->wqh, poll_tab); in seccomp_notify_poll()
1839 if (mutex_lock_interruptible(&filter->notify_lock) < 0) in seccomp_notify_poll()
1842 list_for_each_entry(cur, &filter->notif->notifications, list) { in seccomp_notify_poll()
1843 if (cur->state == SECCOMP_NOTIFY_INIT) in seccomp_notify_poll()
1845 if (cur->state == SECCOMP_NOTIFY_SENT) in seccomp_notify_poll()
1851 mutex_unlock(&filter->notify_lock); in seccomp_notify_poll()
1853 if (refcount_read(&filter->users) == 0) in seccomp_notify_poll()
1870 ret = ERR_PTR(-ENOMEM); in init_listener()
1871 filter->notif = kzalloc(sizeof(*(filter->notif)), GFP_KERNEL); in init_listener()
1872 if (!filter->notif) in init_listener()
1875 filter->notif->next_id = get_random_u64(); in init_listener()
1876 INIT_LIST_HEAD(&filter->notif->notifications); in init_listener()
1896 * This only has to be tested for the current process, even in the TSYNC case,
1899 * we use current->seccomp.filter.
1906 lockdep_assert_held(¤t->sighand->siglock); in has_duplicate_listener()
1908 if (!new_child->notif) in has_duplicate_listener()
1910 for (cur = current->seccomp.filter; cur; cur = cur->prev) { in has_duplicate_listener()
1911 if (cur->notif) in has_duplicate_listener()
1927 * Once current->seccomp.mode is non-zero, it may not be changed.
1929 * Returns 0 on success or -EINVAL on failure.
1936 long ret = -EINVAL; in seccomp_set_mode_filter()
1937 int listener = -1; in seccomp_set_mode_filter()
1942 return -EINVAL; in seccomp_set_mode_filter()
1954 return -EINVAL; in seccomp_set_mode_filter()
1962 return -EINVAL; in seccomp_set_mode_filter()
1989 mutex_lock_killable(¤t->signal->cred_guard_mutex)) in seccomp_set_mode_filter()
1992 spin_lock_irq(¤t->sighand->siglock); in seccomp_set_mode_filter()
1998 ret = -EBUSY; in seccomp_set_mode_filter()
2008 seccomp_assign_mode(current, seccomp_mode, flags); in seccomp_set_mode_filter()
2010 spin_unlock_irq(¤t->sighand->siglock); in seccomp_set_mode_filter()
2012 mutex_unlock(¤t->signal->cred_guard_mutex); in seccomp_set_mode_filter()
2016 listener_f->private_data = NULL; in seccomp_set_mode_filter()
2033 return -EINVAL; in seccomp_set_mode_filter()
2042 return -EFAULT; in seccomp_get_action_avail()
2055 return -EOPNOTSUPP; in seccomp_get_action_avail()
2070 return -EFAULT; in seccomp_get_notif_sizes()
2082 return -EINVAL; in do_seccomp()
2088 return -EINVAL; in do_seccomp()
2093 return -EINVAL; in do_seccomp()
2097 return -EINVAL; in do_seccomp()
2108 * prctl_set_seccomp: configures current->seccomp.mode
2109 * @seccomp_mode: requested mode to use
2112 * Returns 0 on success or -EINVAL on failure.
2123 * Setting strict mode through prctl always ignored filter, in prctl_set_seccomp()
2134 return -EINVAL; in prctl_set_seccomp()
2152 spin_lock_irq(&task->sighand->siglock); in get_nth_filter()
2154 if (task->seccomp.mode != SECCOMP_MODE_FILTER) { in get_nth_filter()
2155 spin_unlock_irq(&task->sighand->siglock); in get_nth_filter()
2156 return ERR_PTR(-EINVAL); in get_nth_filter()
2159 orig = task->seccomp.filter; in get_nth_filter()
2161 spin_unlock_irq(&task->sighand->siglock); in get_nth_filter()
2164 for (filter = orig; filter; filter = filter->prev) in get_nth_filter()
2168 filter = ERR_PTR(-ENOENT); in get_nth_filter()
2172 count -= filter_off; in get_nth_filter()
2173 for (filter = orig; filter && count > 1; filter = filter->prev) in get_nth_filter()
2174 count--; in get_nth_filter()
2177 filter = ERR_PTR(-ENOENT); in get_nth_filter()
2196 current->seccomp.mode != SECCOMP_MODE_DISABLED) { in seccomp_get_filter()
2197 return -EACCES; in seccomp_get_filter()
2204 fprog = filter->prog->orig_prog; in seccomp_get_filter()
2206 /* This must be a new non-cBPF filter, since we save in seccomp_get_filter()
2210 ret = -EMEDIUMTYPE; in seccomp_get_filter()
2214 ret = fprog->len; in seccomp_get_filter()
2218 if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog))) in seccomp_get_filter()
2219 ret = -EFAULT; in seccomp_get_filter()
2234 current->seccomp.mode != SECCOMP_MODE_DISABLED) { in seccomp_get_metadata()
2235 return -EACCES; in seccomp_get_metadata()
2241 return -EINVAL; in seccomp_get_metadata()
2244 return -EFAULT; in seccomp_get_metadata()
2250 if (filter->log) in seccomp_get_metadata()
2255 ret = -EFAULT; in seccomp_get_metadata()
2308 for (cur = seccomp_log_names; cur->name && size; cur++) { in seccomp_names_from_actions_logged()
2311 if (!(actions_logged & cur->log)) in seccomp_names_from_actions_logged()
2320 size -= ret; in seccomp_names_from_actions_logged()
2324 ret = strscpy(names, cur->name, size); in seccomp_names_from_actions_logged()
2329 size -= ret; in seccomp_names_from_actions_logged()
2340 for (cur = seccomp_log_names; cur->name; cur++) { in seccomp_action_logged_from_name()
2341 if (!strcmp(cur->name, name)) { in seccomp_action_logged_from_name()
2342 *action_logged = cur->log; in seccomp_action_logged_from_name()
2377 return -EINVAL; in read_actions_logged()
2393 return -EPERM; in write_actions_logged()
2405 return -EINVAL; in write_actions_logged()
2408 return -EINVAL; in write_actions_logged()
2470 .mode = 0444,
2475 .mode = 0644,
2515 if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) in proc_pid_seccomp_cache()
2516 return -EACCES; in proc_pid_seccomp_cache()
2519 return -ESRCH; in proc_pid_seccomp_cache()
2521 f = READ_ONCE(task->seccomp.filter); in proc_pid_seccomp_cache()
2532 f->cache.allow_native, in proc_pid_seccomp_cache()
2537 f->cache.allow_compat, in proc_pid_seccomp_cache()