Lines Matching refs:filter
278 static int seccomp_check_filter(struct sock_filter *filter, unsigned int flen) in seccomp_check_filter() argument
282 struct sock_filter *ftest = &filter[pc]; in seccomp_check_filter()
410 READ_ONCE(current->seccomp.filter); in seccomp_run_filters()
509 is_ancestor(thread->seccomp.filter, in seccomp_can_sync_threads()
510 caller->seccomp.filter))) in seccomp_can_sync_threads()
524 static inline void seccomp_filter_free(struct seccomp_filter *filter) in seccomp_filter_free() argument
526 if (filter) { in seccomp_filter_free()
527 bpf_prog_destroy(filter->prog); in seccomp_filter_free()
528 kfree(filter); in seccomp_filter_free()
577 if (READ_ONCE(tsk->seccomp.filter) == NULL) in seccomp_filter_release()
581 orig = tsk->seccomp.filter; in seccomp_filter_release()
583 tsk->seccomp.filter = NULL; in seccomp_filter_release()
634 __seccomp_filter_release(thread->seccomp.filter); in seccomp_sync_threads()
637 smp_store_release(&thread->seccomp.filter, in seccomp_sync_threads()
638 caller->seccomp.filter); in seccomp_sync_threads()
725 struct seccomp_filter *filter = ERR_PTR(-EFAULT); in seccomp_prepare_user_filter() local
733 fprog.filter = compat_ptr(fprog32.filter); in seccomp_prepare_user_filter()
738 filter = seccomp_prepare_filter(&fprog); in seccomp_prepare_user_filter()
740 return filter; in seccomp_prepare_user_filter()
785 struct sock_filter *insn = &fprog->filter[pc]; in seccomp_is_const_allow()
922 struct seccomp_filter *filter) in seccomp_attach_filter() argument
930 total_insns = filter->prog->len; in seccomp_attach_filter()
931 for (walker = current->seccomp.filter; walker; walker = walker->prev) in seccomp_attach_filter()
951 filter->log = true; in seccomp_attach_filter()
955 filter->wait_killable_recv = true; in seccomp_attach_filter()
961 filter->prev = current->seccomp.filter; in seccomp_attach_filter()
962 seccomp_cache_prepare(filter); in seccomp_attach_filter()
963 current->seccomp.filter = filter; in seccomp_attach_filter()
973 static void __get_seccomp_filter(struct seccomp_filter *filter) in __get_seccomp_filter() argument
975 refcount_inc(&filter->refs); in __get_seccomp_filter()
981 struct seccomp_filter *orig = tsk->seccomp.filter; in get_seccomp_filter()
1113 static u64 seccomp_next_notify_id(struct seccomp_filter *filter) in seccomp_next_notify_id() argument
1119 lockdep_assert_held(&filter->notify_lock); in seccomp_next_notify_id()
1120 return filter->notif->next_id++; in seccomp_next_notify_id()
1451 static void seccomp_notify_free(struct seccomp_filter *filter) in seccomp_notify_free() argument
1453 kfree(filter->notif); in seccomp_notify_free()
1454 filter->notif = NULL; in seccomp_notify_free()
1457 static void seccomp_notify_detach(struct seccomp_filter *filter) in seccomp_notify_detach() argument
1461 if (!filter) in seccomp_notify_detach()
1464 mutex_lock(&filter->notify_lock); in seccomp_notify_detach()
1470 list_for_each_entry(knotif, &filter->notif->notifications, list) { in seccomp_notify_detach()
1486 seccomp_notify_free(filter); in seccomp_notify_detach()
1487 mutex_unlock(&filter->notify_lock); in seccomp_notify_detach()
1492 struct seccomp_filter *filter = file->private_data; in seccomp_notify_release() local
1494 seccomp_notify_detach(filter); in seccomp_notify_release()
1495 __put_seccomp_filter(filter); in seccomp_notify_release()
1501 find_notification(struct seccomp_filter *filter, u64 id) in find_notification() argument
1505 lockdep_assert_held(&filter->notify_lock); in find_notification()
1507 list_for_each_entry(cur, &filter->notif->notifications, list) { in find_notification()
1524 static int recv_wait_event(struct seccomp_filter *filter) in recv_wait_event() argument
1529 if (refcount_read(&filter->users) == 0) in recv_wait_event()
1532 if (atomic_dec_if_positive(&filter->notif->requests) >= 0) in recv_wait_event()
1536 ret = prepare_to_wait_event(&filter->wqh, &wait, TASK_INTERRUPTIBLE); in recv_wait_event()
1538 if (atomic_dec_if_positive(&filter->notif->requests) >= 0) in recv_wait_event()
1540 if (refcount_read(&filter->users) == 0) in recv_wait_event()
1548 finish_wait(&filter->wqh, &wait); in recv_wait_event()
1552 static long seccomp_notify_recv(struct seccomp_filter *filter, in seccomp_notify_recv() argument
1568 ret = recv_wait_event(filter); in seccomp_notify_recv()
1572 mutex_lock(&filter->notify_lock); in seccomp_notify_recv()
1573 list_for_each_entry(cur, &filter->notif->notifications, list) { in seccomp_notify_recv()
1595 wake_up_poll(&filter->wqh, EPOLLOUT | EPOLLWRNORM); in seccomp_notify_recv()
1598 mutex_unlock(&filter->notify_lock); in seccomp_notify_recv()
1609 mutex_lock(&filter->notify_lock); in seccomp_notify_recv()
1610 knotif = find_notification(filter, unotif.id); in seccomp_notify_recv()
1613 if (should_sleep_killable(filter, knotif)) in seccomp_notify_recv()
1616 atomic_inc(&filter->notif->requests); in seccomp_notify_recv()
1617 wake_up_poll(&filter->wqh, EPOLLIN | EPOLLRDNORM); in seccomp_notify_recv()
1619 mutex_unlock(&filter->notify_lock); in seccomp_notify_recv()
1625 static long seccomp_notify_send(struct seccomp_filter *filter, in seccomp_notify_send() argument
1642 ret = mutex_lock_interruptible(&filter->notify_lock); in seccomp_notify_send()
1646 knotif = find_notification(filter, resp.id); in seccomp_notify_send()
1663 if (filter->notif->flags & SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP) in seccomp_notify_send()
1668 mutex_unlock(&filter->notify_lock); in seccomp_notify_send()
1672 static long seccomp_notify_id_valid(struct seccomp_filter *filter, in seccomp_notify_id_valid() argument
1682 ret = mutex_lock_interruptible(&filter->notify_lock); in seccomp_notify_id_valid()
1686 knotif = find_notification(filter, id); in seccomp_notify_id_valid()
1692 mutex_unlock(&filter->notify_lock); in seccomp_notify_id_valid()
1696 static long seccomp_notify_set_flags(struct seccomp_filter *filter, in seccomp_notify_set_flags() argument
1704 ret = mutex_lock_interruptible(&filter->notify_lock); in seccomp_notify_set_flags()
1707 filter->notif->flags = flags; in seccomp_notify_set_flags()
1708 mutex_unlock(&filter->notify_lock); in seccomp_notify_set_flags()
1712 static long seccomp_notify_addfd(struct seccomp_filter *filter, in seccomp_notify_addfd() argument
1750 ret = mutex_lock_interruptible(&filter->notify_lock); in seccomp_notify_addfd()
1754 knotif = find_notification(filter, addfd.id); in seccomp_notify_addfd()
1789 mutex_unlock(&filter->notify_lock); in seccomp_notify_addfd()
1805 mutex_lock(&filter->notify_lock); in seccomp_notify_addfd()
1819 mutex_unlock(&filter->notify_lock); in seccomp_notify_addfd()
1829 struct seccomp_filter *filter = file->private_data; in seccomp_notify_ioctl() local
1835 return seccomp_notify_recv(filter, buf); in seccomp_notify_ioctl()
1837 return seccomp_notify_send(filter, buf); in seccomp_notify_ioctl()
1840 return seccomp_notify_id_valid(filter, buf); in seccomp_notify_ioctl()
1842 return seccomp_notify_set_flags(filter, arg); in seccomp_notify_ioctl()
1849 return seccomp_notify_addfd(filter, buf, _IOC_SIZE(cmd)); in seccomp_notify_ioctl()
1858 struct seccomp_filter *filter = file->private_data; in seccomp_notify_poll() local
1862 poll_wait(file, &filter->wqh, poll_tab); in seccomp_notify_poll()
1864 if (mutex_lock_interruptible(&filter->notify_lock) < 0) in seccomp_notify_poll()
1867 list_for_each_entry(cur, &filter->notif->notifications, list) { in seccomp_notify_poll()
1876 mutex_unlock(&filter->notify_lock); in seccomp_notify_poll()
1878 if (refcount_read(&filter->users) == 0) in seccomp_notify_poll()
1891 static struct file *init_listener(struct seccomp_filter *filter) in init_listener() argument
1896 filter->notif = kzalloc(sizeof(*(filter->notif)), GFP_KERNEL); in init_listener()
1897 if (!filter->notif) in init_listener()
1900 filter->notif->next_id = get_random_u64(); in init_listener()
1901 INIT_LIST_HEAD(&filter->notif->notifications); in init_listener()
1904 filter, O_RDWR); in init_listener()
1909 __get_seccomp_filter(filter); in init_listener()
1913 seccomp_notify_free(filter); in init_listener()
1935 for (cur = current->seccomp.filter; cur; cur = cur->prev) { in has_duplicate_listener()
1957 const char __user *filter) in seccomp_set_mode_filter() argument
1990 prepared = seccomp_prepare_user_filter(filter); in seccomp_set_mode_filter()
2056 const char __user *filter) in seccomp_set_mode_filter() argument
2139 long prctl_set_seccomp(unsigned long seccomp_mode, void __user *filter) in prctl_set_seccomp() argument
2156 uargs = filter; in prctl_set_seccomp()
2170 struct seccomp_filter *orig, *filter; in get_nth_filter() local
2184 orig = task->seccomp.filter; in get_nth_filter()
2189 for (filter = orig; filter; filter = filter->prev) in get_nth_filter()
2193 filter = ERR_PTR(-ENOENT); in get_nth_filter()
2198 for (filter = orig; filter && count > 1; filter = filter->prev) in get_nth_filter()
2201 if (WARN_ON(count != 1 || !filter)) { in get_nth_filter()
2202 filter = ERR_PTR(-ENOENT); in get_nth_filter()
2206 __get_seccomp_filter(filter); in get_nth_filter()
2210 return filter; in get_nth_filter()
2216 struct seccomp_filter *filter; in seccomp_get_filter() local
2225 filter = get_nth_filter(task, filter_off); in seccomp_get_filter()
2226 if (IS_ERR(filter)) in seccomp_get_filter()
2227 return PTR_ERR(filter); in seccomp_get_filter()
2229 fprog = filter->prog->orig_prog; in seccomp_get_filter()
2243 if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog))) in seccomp_get_filter()
2247 __put_seccomp_filter(filter); in seccomp_get_filter()
2255 struct seccomp_filter *filter; in seccomp_get_metadata() local
2271 filter = get_nth_filter(task, kmd.filter_off); in seccomp_get_metadata()
2272 if (IS_ERR(filter)) in seccomp_get_metadata()
2273 return PTR_ERR(filter); in seccomp_get_metadata()
2275 if (filter->log) in seccomp_get_metadata()
2282 __put_seccomp_filter(filter); in seccomp_get_metadata()
2546 f = READ_ONCE(task->seccomp.filter); in proc_pid_seccomp_cache()