From: Oleg Nesterov <oleg@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org,
Andy Lutomirski <luto@amacapital.net>,
"Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
Alexei Starovoitov <ast@plumgrid.com>,
Andrew Morton <akpm@linux-foundation.org>,
Daniel Borkmann <dborkman@redhat.com>,
Will Drewry <wad@chromium.org>, Julien Tinnes <jln@chromium.org>,
David Drysdale <drysdale@google.com>,
linux-api@vger.kernel.org, x86@kernel.org,
linux-arm-kernel@lists.infradead.org, linux-mips@linux-mips.org,
linux-arch@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v9 09/11] seccomp: introduce writer locking
Date: Wed, 9 Jul 2014 20:42:15 +0200 [thread overview]
Message-ID: <20140709184215.GA4866@redhat.com> (raw)
In-Reply-To: <1403911380-27787-10-git-send-email-keescook@chromium.org>
On 06/27, Kees Cook wrote:
>
> static u32 seccomp_run_filters(int syscall)
> {
> - struct seccomp_filter *f;
> + struct seccomp_filter *f = ACCESS_ONCE(current->seccomp.filter);
I am not sure...
This is fine if this ->filter is the 1st (and only) one, in this case
we can rely on rmb() in the caller.
But the new filter can be installed at any moment. Say, right after that
rmb() although this doesn't matter. Either we need smp_read_barrier_depends()
after that, or smp_load_acquire() like the previous version did?
Oleg.
next prev parent reply other threads:[~2014-07-09 18:42 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-27 23:22 [PATCH v9 0/11] seccomp: add thread sync ability Kees Cook
2014-06-27 23:22 ` Kees Cook
2014-06-27 23:22 ` [PATCH v9 01/11] seccomp: create internal mode-setting function Kees Cook
2014-06-27 23:22 ` Kees Cook
2014-06-27 23:22 ` [PATCH v9 02/11] seccomp: extract check/assign mode helpers Kees Cook
2014-06-27 23:22 ` Kees Cook
2014-06-27 23:22 ` [PATCH v9 03/11] seccomp: split mode setting routines Kees Cook
2014-06-27 23:22 ` Kees Cook
2014-06-27 23:22 ` [PATCH v9 04/11] seccomp: add "seccomp" syscall Kees Cook
2014-06-27 23:22 ` Kees Cook
2014-06-27 23:22 ` [PATCH v9 05/11] ARM: add seccomp syscall Kees Cook
2014-06-27 23:22 ` Kees Cook
2014-06-27 23:22 ` [PATCH v9 06/11] MIPS: " Kees Cook
2014-06-27 23:22 ` Kees Cook
2014-06-27 23:22 ` [PATCH v9 07/11] sched: move no_new_privs into new atomic flags Kees Cook
2014-06-27 23:22 ` Kees Cook
2014-06-27 23:22 ` [PATCH v9 08/11] seccomp: split filter prep from check and apply Kees Cook
2014-06-27 23:22 ` Kees Cook
2014-06-27 23:22 ` [PATCH v9 09/11] seccomp: introduce writer locking Kees Cook
2014-06-27 23:22 ` Kees Cook
2014-07-09 18:42 ` Oleg Nesterov [this message]
2014-07-09 18:42 ` Oleg Nesterov
2014-07-09 18:55 ` Oleg Nesterov
2014-07-09 18:55 ` Oleg Nesterov
2014-07-10 9:25 ` Kees Cook
2014-07-10 15:24 ` Oleg Nesterov
2014-07-10 15:24 ` Oleg Nesterov
2014-07-10 16:54 ` Kees Cook
2014-07-10 16:54 ` Kees Cook
2014-07-10 17:35 ` Oleg Nesterov
2014-07-10 17:35 ` Oleg Nesterov
2014-07-09 18:59 ` Oleg Nesterov
2014-07-09 18:59 ` Oleg Nesterov
2014-06-27 23:22 ` [PATCH v9 10/11] seccomp: allow mode setting across threads Kees Cook
2014-06-27 23:22 ` Kees Cook
2014-06-27 23:23 ` [PATCH v9 11/11] seccomp: implement SECCOMP_FILTER_FLAG_TSYNC Kees Cook
2014-06-27 23:23 ` Kees Cook
2014-07-09 18:05 ` Oleg Nesterov
2014-07-09 18:05 ` Oleg Nesterov
2014-07-10 9:17 ` Kees Cook
2014-07-10 9:17 ` Kees Cook
2014-07-10 15:08 ` Oleg Nesterov
2014-07-10 15:08 ` Oleg Nesterov
[not found] ` <20140710150832.GA20861-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-07-10 16:03 ` Kees Cook
2014-07-10 16:03 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140709184215.GA4866@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=ast@plumgrid.com \
--cc=dborkman@redhat.com \
--cc=drysdale@google.com \
--cc=jln@chromium.org \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mtk.manpages@gmail.com \
--cc=wad@chromium.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).