174 static int seccomp_check_filter(struct sock_filter *filter, unsigned int flen)  in seccomp_check_filter()  argument
178 		struct sock_filter *ftest = &filter[pc];  in seccomp_check_filter()
260 			READ_ONCE(current->seccomp.filter);  in seccomp_run_filters()
355 		     is_ancestor(thread->seccomp.filter,  in seccomp_can_sync_threads()
356 				 caller->seccomp.filter)))  in seccomp_can_sync_threads()
400 		smp_store_release(&thread->seccomp.filter,  in seccomp_sync_threads()
401 				  caller->seccomp.filter);  in seccomp_sync_threads()
480 	struct seccomp_filter *filter = ERR_PTR(-EFAULT);  in seccomp_prepare_user_filter()  local
488 		fprog.filter = compat_ptr(fprog32.filter);  in seccomp_prepare_user_filter()
493 	filter = seccomp_prepare_filter(&fprog);  in seccomp_prepare_user_filter()
495 	return filter;  in seccomp_prepare_user_filter()
511 				  struct seccomp_filter *filter)  in seccomp_attach_filter()  argument
519 	total_insns = filter->prog->len;  in seccomp_attach_filter()
520 	for (walker = current->seccomp.filter; walker; walker = walker->prev)  in seccomp_attach_filter()
536 		filter->log = true;  in seccomp_attach_filter()
542 	filter->prev = current->seccomp.filter;  in seccomp_attach_filter()
543 	current->seccomp.filter = filter;  in seccomp_attach_filter()
552 static void __get_seccomp_filter(struct seccomp_filter *filter)  in __get_seccomp_filter()  argument
554 	refcount_inc(&filter->usage);  in __get_seccomp_filter()
560 	struct seccomp_filter *orig = tsk->seccomp.filter;  in get_seccomp_filter()
566 static inline void seccomp_filter_free(struct seccomp_filter *filter)  in seccomp_filter_free()  argument
568 	if (filter) {  in seccomp_filter_free()
569 		bpf_prog_destroy(filter->prog);  in seccomp_filter_free()
570 		kfree(filter);  in seccomp_filter_free()
587 	__put_seccomp_filter(tsk->seccomp.filter);  in put_seccomp_filter()
725 static u64 seccomp_next_notify_id(struct seccomp_filter *filter)  in seccomp_next_notify_id()  argument
731 	lockdep_assert_held(&filter->notify_lock);  in seccomp_next_notify_id()
732 	return filter->notif->next_id++;  in seccomp_next_notify_id()
981 	struct seccomp_filter *filter = file->private_data;  in seccomp_notify_release()  local
984 	if (!filter)  in seccomp_notify_release()
987 	mutex_lock(&filter->notify_lock);  in seccomp_notify_release()
993 	list_for_each_entry(knotif, &filter->notif->notifications, list) {  in seccomp_notify_release()
1004 	kfree(filter->notif);  in seccomp_notify_release()
1005 	filter->notif = NULL;  in seccomp_notify_release()
1006 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_release()
1007 	__put_seccomp_filter(filter);  in seccomp_notify_release()
1011 static long seccomp_notify_recv(struct seccomp_filter *filter,  in seccomp_notify_recv()  argument
1020 	ret = down_interruptible(&filter->notif->request);  in seccomp_notify_recv()
1024 	mutex_lock(&filter->notify_lock);  in seccomp_notify_recv()
1025 	list_for_each_entry(cur, &filter->notif->notifications, list) {  in seccomp_notify_recv()
1047 	wake_up_poll(&filter->notif->wqh, EPOLLOUT | EPOLLWRNORM);  in seccomp_notify_recv()
1050 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_recv()
1062 		mutex_lock(&filter->notify_lock);  in seccomp_notify_recv()
1063 		list_for_each_entry(cur, &filter->notif->notifications, list) {  in seccomp_notify_recv()
1072 			up(&filter->notif->request);  in seccomp_notify_recv()
1074 		mutex_unlock(&filter->notify_lock);  in seccomp_notify_recv()
1080 static long seccomp_notify_send(struct seccomp_filter *filter,  in seccomp_notify_send()  argument
1093 	ret = mutex_lock_interruptible(&filter->notify_lock);  in seccomp_notify_send()
1097 	list_for_each_entry(cur, &filter->notif->notifications, list) {  in seccomp_notify_send()
1121 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_send()
1125 static long seccomp_notify_id_valid(struct seccomp_filter *filter,  in seccomp_notify_id_valid()  argument
1135 	ret = mutex_lock_interruptible(&filter->notify_lock);  in seccomp_notify_id_valid()
1140 	list_for_each_entry(knotif, &filter->notif->notifications, list) {  in seccomp_notify_id_valid()
1149 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_id_valid()
1156 	struct seccomp_filter *filter = file->private_data;  in seccomp_notify_ioctl()  local
1161 		return seccomp_notify_recv(filter, buf);  in seccomp_notify_ioctl()
1163 		return seccomp_notify_send(filter, buf);  in seccomp_notify_ioctl()
1165 		return seccomp_notify_id_valid(filter, buf);  in seccomp_notify_ioctl()
1174 	struct seccomp_filter *filter = file->private_data;  in seccomp_notify_poll()  local
1178 	poll_wait(file, &filter->notif->wqh, poll_tab);  in seccomp_notify_poll()
1180 	if (mutex_lock_interruptible(&filter->notify_lock) < 0)  in seccomp_notify_poll()
1183 	list_for_each_entry(cur, &filter->notif->notifications, list) {  in seccomp_notify_poll()
1192 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_poll()
1203 static struct file *init_listener(struct seccomp_filter *filter)  in init_listener()  argument
1208 	for (cur = current->seccomp.filter; cur; cur = cur->prev) {  in init_listener()
1214 	filter->notif = kzalloc(sizeof(*(filter->notif)), GFP_KERNEL);  in init_listener()
1215 	if (!filter->notif)  in init_listener()
1218 	sema_init(&filter->notif->request, 0);  in init_listener()
1219 	filter->notif->next_id = get_random_u64();  in init_listener()
1220 	INIT_LIST_HEAD(&filter->notif->notifications);  in init_listener()
1221 	init_waitqueue_head(&filter->notif->wqh);  in init_listener()
1224 				 filter, O_RDWR);  in init_listener()
1229 	__get_seccomp_filter(filter);  in init_listener()
1233 		kfree(filter->notif);  in init_listener()
1252 				    const char __user *filter)  in seccomp_set_mode_filter()  argument
1275 	prepared = seccomp_prepare_user_filter(filter);  in seccomp_set_mode_filter()
1335 					   const char __user *filter)  in seccomp_set_mode_filter()  argument
1418 long prctl_set_seccomp(unsigned long seccomp_mode, void __user *filter)  in prctl_set_seccomp()  argument
1435 		uargs = filter;  in prctl_set_seccomp()
1449 	struct seccomp_filter *orig, *filter;  in get_nth_filter()  local
1463 	orig = task->seccomp.filter;  in get_nth_filter()
1468 	for (filter = orig; filter; filter = filter->prev)  in get_nth_filter()
1472 		filter = ERR_PTR(-ENOENT);  in get_nth_filter()
1477 	for (filter = orig; filter && count > 1; filter = filter->prev)  in get_nth_filter()
1480 	if (WARN_ON(count != 1 || !filter)) {  in get_nth_filter()
1481 		filter = ERR_PTR(-ENOENT);  in get_nth_filter()
1485 	__get_seccomp_filter(filter);  in get_nth_filter()
1489 	return filter;  in get_nth_filter()
1495 	struct seccomp_filter *filter;  in seccomp_get_filter()  local
1504 	filter = get_nth_filter(task, filter_off);  in seccomp_get_filter()
1505 	if (IS_ERR(filter))  in seccomp_get_filter()
1506 		return PTR_ERR(filter);  in seccomp_get_filter()
1508 	fprog = filter->prog->orig_prog;  in seccomp_get_filter()
1522 	if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog)))  in seccomp_get_filter()
1526 	__put_seccomp_filter(filter);  in seccomp_get_filter()
1534 	struct seccomp_filter *filter;  in seccomp_get_metadata()  local
1550 	filter = get_nth_filter(task, kmd.filter_off);  in seccomp_get_metadata()
1551 	if (IS_ERR(filter))  in seccomp_get_metadata()
1552 		return PTR_ERR(filter);  in seccomp_get_metadata()
1554 	if (filter->log)  in seccomp_get_metadata()
1561 	__put_seccomp_filter(filter);  in seccomp_get_metadata()