sched: move no_new_privs into new atomic flags

commit 1d4457f99928a968767f6405b4a1f50845aa15fd upstream. Since seccomp transitions between threads requires updates to the no_new_privs flag to be atomic, the flag must be part of an atomic flag set. This moves the nnp flag into a separate task field, and introduces accessors. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Andy Lutomirski <luto@amacapital.net> [bwh: Backported to 3.16: adjust context] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
author: Kees Cook <keescook@chromium.org> 2014-05-21 15:23:46 -0700
committer: Ben Hutchings <ben@decadent.org.uk> 2017-10-12 15:28:22 +0100
commit: 5f3333219189a3fe4bbbd2d67e636ed1bb74d243 (patch)
tree: e4078c65d51b66763aaaee24b3b9b14cb80771ca /kernel/sys.c
parent: 9e839401a65a30d15cbe9a1255640cd5ce2b548d (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/sys.c b/kernel/sys.c
index 6fe6c5986c59..0cb192dc4a93 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1989,12 +1989,12 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
 		if (arg2 != 1 || arg3 || arg4 || arg5)
 			return -EINVAL;
 
-		current->no_new_privs = 1;
+		task_set_no_new_privs(current);
 		break;
 	case PR_GET_NO_NEW_PRIVS:
 		if (arg2 || arg3 || arg4 || arg5)
 			return -EINVAL;
-		return current->no_new_privs ? 1 : 0;
+		return task_no_new_privs(current) ? 1 : 0;
 	case PR_GET_THP_DISABLE:
 		if (arg2 || arg3 || arg4 || arg5)
 			return -EINVAL;
author	Kees Cook <keescook@chromium.org>	2014-05-21 15:23:46 -0700
committer	Ben Hutchings <ben@decadent.org.uk>	2017-10-12 15:28:22 +0100
commit	5f3333219189a3fe4bbbd2d67e636ed1bb74d243 (patch)
tree	e4078c65d51b66763aaaee24b3b9b14cb80771ca /kernel/sys.c
parent	9e839401a65a30d15cbe9a1255640cd5ce2b548d (diff)