Skip to content
Commit ddc47391 authored by Sargun Dhillon's avatar Sargun Dhillon Committed by Kees Cook
Browse files

seccomp: Refactor notification handler to prepare for new semantics

This refactors the user notification code to have a do / while loop around
the completion condition. This has a small change in semantic, in that
previously we ignored addfd calls upon wakeup if the notification had been
responded to, but instead with the new change we check for an outstanding
addfd calls prior to returning to userspace.

Rodrigo Campos also identified a bug that can result in addfd causing
an early return, when the supervisor didn't actually handle the
syscall [1].

[1]: https://lore.kernel.org/lkml/20210413160151.3301-1-rodrigo@kinvolk.io/



Fixes: 7cf97b12 ("seccomp: Introduce addfd ioctl to seccomp user notifier")
Signed-off-by: default avatarSargun Dhillon <sargun@sargun.me>
Acked-by: default avatarTycho Andersen <tycho@tycho.pizza>
Acked-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Tested-by: default avatarRodrigo Campos <rodrigo@kinvolk.io>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210517193908.3113-3-sargun@sargun.me
parent aac90292
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment