seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
authorOleg Nesterov <oleg@redhat.com>
Wed, 27 Sep 2017 15:25:30 +0000 (09:25 -0600)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 5 Oct 2017 07:44:02 +0000 (09:44 +0200)
commitbe69c4c00a68210e6ca5eb669b6e8d7e1ac00cb8
tree7f0f37d7127bd9d3a191d27002a4ae3f365ebfbc
parent58052a74d9b0a8e2aaf6e258c94a32f7c2d3aae6
seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()

commit 66a733ea6b611aecf0119514d2dddab5f9d6c01e upstream.

As Chris explains, get_seccomp_filter() and put_seccomp_filter() can end
up using different filters. Once we drop ->siglock it is possible for
task->seccomp.filter to have been replaced by SECCOMP_FILTER_FLAG_TSYNC.

Fixes: f8e529ed941b ("seccomp, ptrace: add support for dumping seccomp filters")
Reported-by: Chris Salls <chrissalls5@gmail.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
[tycho: add __get_seccomp_filter vs. open coding refcount_inc()]
Signed-off-by: Tycho Andersen <tycho@docker.com>
[kees: tweak commit log]
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
kernel/seccomp.c