diff options
author | Sargun Dhillon <sargun@sargun.me> | 2022-04-28 03:54:46 +0200 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2022-04-29 20:30:54 +0200 |
commit | 4cbf6f621150e4fca78543067260f68fab0ee328 (patch) | |
tree | df273ffd6f69e1fd7f6862a48c36a7002174b5cb /kernel/seccomp.c | |
parent | selftests/seccomp: Add SKIP for failed unshare() (diff) | |
download | linux-4cbf6f621150e4fca78543067260f68fab0ee328.tar.xz linux-4cbf6f621150e4fca78543067260f68fab0ee328.zip |
seccomp: Use FIFO semantics to order notifications
Previously, the seccomp notifier used LIFO semantics, where each
notification would be added on top of the stack, and notifications
were popped off the top of the stack. This could result one process
that generates a large number of notifications preventing other
notifications from being handled. This patch moves from LIFO (stack)
semantics to FIFO (queue semantics).
Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220428015447.13661-1-sargun@sargun.me
Diffstat (limited to 'kernel/seccomp.c')
-rw-r--r-- | kernel/seccomp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index b5ac87f6dbd4..3caa0fe85235 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1100,7 +1100,7 @@ static int seccomp_do_user_notification(int this_syscall, n.data = sd; n.id = seccomp_next_notify_id(match); init_completion(&n.ready); - list_add(&n.list, &match->notif->notifications); + list_add_tail(&n.list, &match->notif->notifications); INIT_LIST_HEAD(&n.addfd); up(&match->notif->request); |