Hi Andy,
On Mon, Jun 01, 2015 at 02:12:33PM -0600, Tycho Andersen wrote:
> On Mon, Jun 01, 2015 at 12:51:12PM -0700, Andy Lutomirski wrote:
> > On Mon, Jun 1, 2015 at 12:47 PM, Tycho Andersen
> > <tycho.andersen@xxxxxxxxxxxxx> wrote:
> > > On Mon, Jun 01, 2015 at 12:38:57PM -0700, Andy Lutomirski wrote:
> > >> On Mon, Jun 1, 2015 at 12:28 PM, Tycho Andersen
> > >> > +int resume_seccomp(struct task_struct *task)
> > >> > +{
> > >> > + int ret = -EACCES;
> > >> > +
> > >> > + spin_lock_irq(&task->sighand->siglock);
> > >> > +
> > >> > + if (!capable(CAP_SYS_ADMIN))
> > >> > + goto out;
> > >> > +
> > >> > + task->seccomp.suspended = false;
> > >> > +
> > >> > +#ifdef TIF_NOTSC
> > >> > + if (task->seccomp.mode == SECCOMP_MODE_STRICT)
> > >> > + set_tsk_thread_flag(task, TIF_NOTSC);
> > >> > +#endif
> > >>
> > >> Ditto. Or can the task not be running here?
> > >
> > > It is stopped since ptrace requires it to be stopped; I don't know if
> > > that's enough to guarantee correctness, though. Is there some
> > > additional barrier that is needed?
> >
> > Dunno. Does ptrace actually guarantee that for new operations?
>
> It seems to; it kept giving me ESRCH when I didn't wait for it to
> stop. I'll poke around and see if I can confirm this via the code.
It looks to me like ptrace does guarantee this. The commands that
don't require a task to be stopped are all special cases in the ptrace
syscall definition, and anything that's not one of those is protected
by a ptrace_check_attach(), which IIUC enforces that the task is
stopped.
Tycho
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
