On 10/29, Tycho Andersen wrote:
>
> +static struct file *init_listener(struct seccomp_filter *filter)
> +{
> + struct file *ret = ERR_PTR(-EBUSY);
> + struct seccomp_filter *cur, *last_locked = NULL;
> + int filter_nesting = 0;
> +
> + for (cur = current->seccomp.filter; cur; cur = cur->prev) {
> + mutex_lock_nested(&cur->notify_lock, filter_nesting);
> + filter_nesting++;
> + last_locked = cur;
> + if (cur->notif)
> + goto out;
> + }
Somehow I no longer understand why do you need to take all locks. Isn't
the first filter's notify_lock enough? IOW,
for (cur = current->seccomp.filter; cur; cur = cur->prev) {
if (cur->notif)
return ERR_PTR(-EBUSY);
first = cur;
}
if (first)
mutex_lock(&first->notify_lock);
... initialize filter->notif ...
out:
if (first)
mutex_unlock(&first->notify_lock);
return ret;
Oleg.
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
