Re: [PATCH 3/7] seccomp_filter: Enable ftrace-based system callfiltering

From: Serge E. Hallyn
Date: Thu Apr 28 2011 - 12:20:23 EST

Next message: Michal Marek: "Re: [PATCH v3.1] kbuild: implement several W= levels"
Previous message: Michal Marek: "Re: [PATCH v3.2] kbuild: implement several W= levels"
In reply to: Will Drewry: "Re: [PATCH 3/7] seccomp_filter: Enable ftrace-based system call filtering"
Next in thread: Steven Rostedt: "Re: [PATCH 3/7] seccomp_filter: Enable ftrace-based system callfiltering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Will Drewry (wad@xxxxxxxxxxxx):
> >> void __secure_computing(int this_syscall)
> >> {
> >> - int mode = current->seccomp.mode;
> >> + int mode = -1;
> >> int * syscall;
> >> -
> >> + /* Do we need an RCU read lock to access current's state? */
> >
> > I'm actually confused to why you are using RCU. What are you protecting.
> > Currently, I see the state is always accessed from current->seccomp. But
> > current should not be fighting with itself.
> >
> > Maybe I'm missing something.
>
> I'm sure it's me that's missing something. I believe the seccomp
> pointer can be accessed from:
> - current
> - via /proc/<pid>/seccomp_filter (read-only)
>
> Given those cases, would it make sense to ditch the RCU interface for it?

ISTM you need them to protect the reader.

-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michal Marek: "Re: [PATCH v3.1] kbuild: implement several W= levels"
Previous message: Michal Marek: "Re: [PATCH v3.2] kbuild: implement several W= levels"
In reply to: Will Drewry: "Re: [PATCH 3/7] seccomp_filter: Enable ftrace-based system call filtering"
Next in thread: Steven Rostedt: "Re: [PATCH 3/7] seccomp_filter: Enable ftrace-based system callfiltering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]