summaryrefslogtreecommitdiffstats
path: root/kernel/seccomp.c
diff options
context:
space:
mode:
authorSargun Dhillon <sargun@sargun.me>2022-04-28 03:54:46 +0200
committerKees Cook <keescook@chromium.org>2022-04-29 20:30:54 +0200
commit4cbf6f621150e4fca78543067260f68fab0ee328 (patch)
treedf273ffd6f69e1fd7f6862a48c36a7002174b5cb /kernel/seccomp.c
parentselftests/seccomp: Add SKIP for failed unshare() (diff)
downloadlinux-4cbf6f621150e4fca78543067260f68fab0ee328.tar.xz
linux-4cbf6f621150e4fca78543067260f68fab0ee328.zip
seccomp: Use FIFO semantics to order notifications
Previously, the seccomp notifier used LIFO semantics, where each notification would be added on top of the stack, and notifications were popped off the top of the stack. This could result one process that generates a large number of notifications preventing other notifications from being handled. This patch moves from LIFO (stack) semantics to FIFO (queue semantics). Signed-off-by: Sargun Dhillon <sargun@sargun.me> Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220428015447.13661-1-sargun@sargun.me
Diffstat (limited to 'kernel/seccomp.c')
-rw-r--r--kernel/seccomp.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index b5ac87f6dbd4..3caa0fe85235 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1100,7 +1100,7 @@ static int seccomp_do_user_notification(int this_syscall,
n.data = sd;
n.id = seccomp_next_notify_id(match);
init_completion(&n.ready);
- list_add(&n.list, &match->notif->notifications);
+ list_add_tail(&n.list, &match->notif->notifications);
INIT_LIST_HEAD(&n.addfd);
up(&match->notif->request);