Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp629535ybg; Mon, 1 Jun 2020 10:09:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyrm7kgYVJJs6W5/cEL9Fl96qKFjlGFLaOdASyNPSx02HUVFPLYT3rBtiHIE7aLx0ASQ3oG X-Received: by 2002:a17:907:9d8:: with SMTP id bx24mr19803602ejc.517.1591031395586; Mon, 01 Jun 2020 10:09:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591031395; cv=none; d=google.com; s=arc-20160816; b=SntEp0z3CI4E1wqXQwbzkcHVVvKFvlMc/2hgdiXXtJLF++9d/rJi6OMhPImvLnaE+9 EfLeAIKY4UJcC58yNEeXXaUB76kZFfELpvPPc+o+vT5OQfM0/JVaiB9+jaf7ur6Zj1J6 muxwa59gxOXXkn2U/Sb587DRVuFKxmr1j5xyMnJzplD3cl2nSS5RvO76+GpwwAdU+wid sBT21+ryI81neU9Qbrw9VclDk40MRibJE7AP4y9bo6eewK8wpL6lfbiXff2jWjBsTmPS imYlv/dLQdDeKC7fP2GqsocAOLYCcqaVVlIZLnJSfvbQ+Pfv+JfHID4JSDABBEQMhYFr ejkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=RCNZoB5OxQ7hnqTLfie1dXM/QF4pMxzLCuwCLG5Qfss=; b=0AHbZYhX+ihGnTGdrNmbsA7JT2CqIrfVjbGt1c0VT9AxaIlGpfBdi0JA0zhsxA5vPa 8QyL8YUw0WK6IDO3ot+9+QFTOrMAFyHYpYV3WjOfkiWlv2sRi08PXXck4hPtvY0OhrYv baUvPKoVsQohMUuNMrB8X7SrKND3MNhxBrX4Xpv+eaNllHLNy6Y2Pe4KmfRJVBgdCxkO QYn2LYicbn6ETUARpUmrr/Igh2Wz5PAyVps1qum6nPYYl5bapc5TcHgzJtV4A+itGcxM PARUqMk3doB+VusUoBbnTpnqRP+R8N8/4jfg1rxPkgKiGggI9r8KodHY2tM9jMIYmIpo 7ygA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=vegupm7j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g25si1916316edy.603.2020.06.01.10.09.32; Mon, 01 Jun 2020 10:09:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=vegupm7j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727935AbgFARFO (ORCPT + 99 others); Mon, 1 Jun 2020 13:05:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727803AbgFARFM (ORCPT ); Mon, 1 Jun 2020 13:05:12 -0400 Received: from mail-pj1-x1043.google.com (mail-pj1-x1043.google.com [IPv6:2607:f8b0:4864:20::1043]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A4D48C05BD43 for ; Mon, 1 Jun 2020 10:05:10 -0700 (PDT) Received: by mail-pj1-x1043.google.com with SMTP id m2so101759pjv.2 for ; Mon, 01 Jun 2020 10:05:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=RCNZoB5OxQ7hnqTLfie1dXM/QF4pMxzLCuwCLG5Qfss=; b=vegupm7j++bcQ7i5qomamK4/m4XhO1MABSaGH10ckRBmWq+grPaIgDahZjbqzvDWYc 3yf8QRVv7J4Y+Ud2phWybNxSOCMB67r+b6JJeBn8xlqsCQQZEVUmM5tSdFhJirSL/hOc Z8jCKNVR1wYBwqZACg2XqcaZOwqyEKYiJ6nls= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=RCNZoB5OxQ7hnqTLfie1dXM/QF4pMxzLCuwCLG5Qfss=; b=XSqJeLmOJRjjrS8W1ewu8sek+2Jfk7lYrYZ50rwAUqTnMBomNqCdWVLgS2EWcm3wW8 LTfR8fCoplS5rOAHINrEWJ75QwN9AVbUCi9p52ZK1b4q7y/Au5h041ZDHqveNPIBndvy x1yjngmwycm/3hWYM29BsSjVafmT7/qkTvswMPaeP8qgRYISEcT3c6trb4gEShnA/WBA aqkqsoc9C0/i5gFSsWlaeSCckBUs+Zowed29tXG8hi2Bh2eOtaNZ/vulUVLZSVtxKOGZ YC+S3FCl97wEfv5jIwbiUsVKJq4k6US/WMoK8qTkc/gi8s6/7M9UN9ldWWlehyWztyuE SLNQ== X-Gm-Message-State: AOAM532LHYE8y4EOVgiKoaTlUOppDTBVF/q7zmCFjYrgPAoBoOvlZlRf 9B+CFDKrPP152hA+F+eGTLo6gg== X-Received: by 2002:a17:90b:806:: with SMTP id bk6mr425484pjb.122.1591031109833; Mon, 01 Jun 2020 10:05:09 -0700 (PDT) Received: from ubuntu.netflix.com (203.20.25.136.in-addr.arpa. [136.25.20.203]) by smtp.gmail.com with ESMTPSA id m5sm12080pjn.56.2020.06.01.10.05.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2020 10:05:09 -0700 (PDT) From: Sargun Dhillon To: containers@lists.linux-foundation.org, keescook@chromium.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Sargun Dhillon , viro@zeniv.linux.org.uk, christian.brauner@ubuntu.com, cyphar@cyphar.com, jannh@google.com, jeffv@google.com, palmer@google.com, rsesek@google.com, tycho@tycho.ws, Matt Denton , Kees Cook Subject: [PATCH v3] seccomp: Add find_notification helper Date: Mon, 1 Jun 2020 04:25:32 -0700 Message-Id: <20200601112532.150158-1-sargun@sargun.me> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This adds a helper which can iterate through a seccomp_filter to find a notification matching an ID. It removes several replicated chunks of code. Signed-off-by: Sargun Dhillon Acked-by: Christian Brauner Reviewed-by: Tycho Andersen Cc: Matt Denton Cc: Kees Cook , Cc: Jann Horn , Cc: Robert Sesek , Cc: Chris Palmer Cc: Christian Brauner Cc: Tycho Andersen --- kernel/seccomp.c | 55 ++++++++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 55a6184f5990..cc6b47173a95 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -41,6 +41,7 @@ #include #include #include +#include enum notify_state { SECCOMP_NOTIFY_INIT, @@ -1021,10 +1022,27 @@ static int seccomp_notify_release(struct inode *inode, struct file *file) return 0; } +/* must be called with notif_lock held */ +static inline struct seccomp_knotif * +find_notification(struct seccomp_filter *filter, u64 id) +{ + struct seccomp_knotif *cur; + + lockdep_assert_held(&filter->notify_lock); + + list_for_each_entry(cur, &filter->notif->notifications, list) { + if (cur->id == id) + return cur; + } + + return NULL; +} + + static long seccomp_notify_recv(struct seccomp_filter *filter, void __user *buf) { - struct seccomp_knotif *knotif = NULL, *cur; + struct seccomp_knotif *knotif, *cur; struct seccomp_notif unotif; ssize_t ret; @@ -1078,15 +1096,8 @@ static long seccomp_notify_recv(struct seccomp_filter *filter, * may have died when we released the lock, so we need to make * sure it's still around. */ - knotif = NULL; mutex_lock(&filter->notify_lock); - list_for_each_entry(cur, &filter->notif->notifications, list) { - if (cur->id == unotif.id) { - knotif = cur; - break; - } - } - + knotif = find_notification(filter, unotif.id); if (knotif) { knotif->state = SECCOMP_NOTIFY_INIT; up(&filter->notif->request); @@ -1101,7 +1112,7 @@ static long seccomp_notify_send(struct seccomp_filter *filter, void __user *buf) { struct seccomp_notif_resp resp = {}; - struct seccomp_knotif *knotif = NULL, *cur; + struct seccomp_knotif *knotif; long ret; if (copy_from_user(&resp, buf, sizeof(resp))) @@ -1118,13 +1129,7 @@ static long seccomp_notify_send(struct seccomp_filter *filter, if (ret < 0) return ret; - list_for_each_entry(cur, &filter->notif->notifications, list) { - if (cur->id == resp.id) { - knotif = cur; - break; - } - } - + knotif = find_notification(filter, resp.id); if (!knotif) { ret = -ENOENT; goto out; @@ -1150,7 +1155,7 @@ static long seccomp_notify_send(struct seccomp_filter *filter, static long seccomp_notify_id_valid(struct seccomp_filter *filter, void __user *buf) { - struct seccomp_knotif *knotif = NULL; + struct seccomp_knotif *knotif; u64 id; long ret; @@ -1161,16 +1166,12 @@ static long seccomp_notify_id_valid(struct seccomp_filter *filter, if (ret < 0) return ret; - ret = -ENOENT; - list_for_each_entry(knotif, &filter->notif->notifications, list) { - if (knotif->id == id) { - if (knotif->state == SECCOMP_NOTIFY_SENT) - ret = 0; - goto out; - } - } + knotif = find_notification(filter, id); + if (knotif && knotif->state == SECCOMP_NOTIFY_SENT) + ret = 0; + else + ret = -ENOENT; -out: mutex_unlock(&filter->notify_lock); return ret; } -- 2.25.1