Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759416AbbFBPq0 (ORCPT ); Tue, 2 Jun 2015 11:46:26 -0400 Received: from mail-ie0-f179.google.com ([209.85.223.179]:33814 "EHLO mail-ie0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1759174AbbFBPqR (ORCPT ); Tue, 2 Jun 2015 11:46:17 -0400 Date: Tue, 2 Jun 2015 09:46:14 -0600 From: Tycho Andersen To: Andy Lutomirski Cc: "linux-kernel@vger.kernel.org" , Linux API , Kees Cook , Will Drewry , Roland McGrath , Oleg Nesterov , Pavel Emelyanov , "Serge E. Hallyn" Subject: Re: [PATCH] seccomp: add ptrace commands for suspend/resume Message-ID: <20150602154614.GG1823@hopstrocity> References: <1433186918-9626-1-git-send-email-tycho.andersen@canonical.com> <20150601194707.GA2818@hopstrocity> <20150601201233.GC2818@hopstrocity> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150601201233.GC2818@hopstrocity> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1864 Lines: 47 Hi Andy, On Mon, Jun 01, 2015 at 02:12:33PM -0600, Tycho Andersen wrote: > On Mon, Jun 01, 2015 at 12:51:12PM -0700, Andy Lutomirski wrote: > > On Mon, Jun 1, 2015 at 12:47 PM, Tycho Andersen > > wrote: > > > On Mon, Jun 01, 2015 at 12:38:57PM -0700, Andy Lutomirski wrote: > > >> On Mon, Jun 1, 2015 at 12:28 PM, Tycho Andersen > > >> > +int resume_seccomp(struct task_struct *task) > > >> > +{ > > >> > + int ret = -EACCES; > > >> > + > > >> > + spin_lock_irq(&task->sighand->siglock); > > >> > + > > >> > + if (!capable(CAP_SYS_ADMIN)) > > >> > + goto out; > > >> > + > > >> > + task->seccomp.suspended = false; > > >> > + > > >> > +#ifdef TIF_NOTSC > > >> > + if (task->seccomp.mode == SECCOMP_MODE_STRICT) > > >> > + set_tsk_thread_flag(task, TIF_NOTSC); > > >> > +#endif > > >> > > >> Ditto. Or can the task not be running here? > > > > > > It is stopped since ptrace requires it to be stopped; I don't know if > > > that's enough to guarantee correctness, though. Is there some > > > additional barrier that is needed? > > > > Dunno. Does ptrace actually guarantee that for new operations? > > It seems to; it kept giving me ESRCH when I didn't wait for it to > stop. I'll poke around and see if I can confirm this via the code. It looks to me like ptrace does guarantee this. The commands that don't require a task to be stopped are all special cases in the ptrace syscall definition, and anything that's not one of those is protected by a ptrace_check_attach(), which IIUC enforces that the task is stopped. Tycho -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/