268 static int seccomp_check_filter(struct sock_filter *filter, unsigned int flen)  in seccomp_check_filter()  argument
272 		struct sock_filter *ftest = &filter[pc];  in seccomp_check_filter()
400 			READ_ONCE(current->seccomp.filter);  in seccomp_run_filters()
496 		     is_ancestor(thread->seccomp.filter,  in seccomp_can_sync_threads()
497 				 caller->seccomp.filter)))  in seccomp_can_sync_threads()
511 static inline void seccomp_filter_free(struct seccomp_filter *filter)  in seccomp_filter_free()  argument
513 	if (filter) {  in seccomp_filter_free()
514 		bpf_prog_destroy(filter->prog);  in seccomp_filter_free()
515 		kfree(filter);  in seccomp_filter_free()
557 	struct seccomp_filter *orig = tsk->seccomp.filter;  in seccomp_filter_release()
560 	tsk->seccomp.filter = NULL;  in seccomp_filter_release()
594 		__seccomp_filter_release(thread->seccomp.filter);  in seccomp_sync_threads()
597 		smp_store_release(&thread->seccomp.filter,  in seccomp_sync_threads()
598 				  caller->seccomp.filter);  in seccomp_sync_threads()
685 	struct seccomp_filter *filter = ERR_PTR(-EFAULT);  in seccomp_prepare_user_filter()  local
693 		fprog.filter = compat_ptr(fprog32.filter);  in seccomp_prepare_user_filter()
698 	filter = seccomp_prepare_filter(&fprog);  in seccomp_prepare_user_filter()
700 	return filter;  in seccomp_prepare_user_filter()
721 		struct sock_filter *insn = &fprog->filter[pc];  in seccomp_is_const_allow()
858 				  struct seccomp_filter *filter)  in seccomp_attach_filter()  argument
866 	total_insns = filter->prog->len;  in seccomp_attach_filter()
867 	for (walker = current->seccomp.filter; walker; walker = walker->prev)  in seccomp_attach_filter()
887 		filter->log = true;  in seccomp_attach_filter()
893 	filter->prev = current->seccomp.filter;  in seccomp_attach_filter()
894 	seccomp_cache_prepare(filter);  in seccomp_attach_filter()
895 	current->seccomp.filter = filter;  in seccomp_attach_filter()
905 static void __get_seccomp_filter(struct seccomp_filter *filter)  in __get_seccomp_filter()  argument
907 	refcount_inc(&filter->refs);  in __get_seccomp_filter()
913 	struct seccomp_filter *orig = tsk->seccomp.filter;  in get_seccomp_filter()
1056 static u64 seccomp_next_notify_id(struct seccomp_filter *filter)  in seccomp_next_notify_id()  argument
1062 	lockdep_assert_held(&filter->notify_lock);  in seccomp_next_notify_id()
1063 	return filter->notif->next_id++;  in seccomp_next_notify_id()
1360 static void seccomp_notify_free(struct seccomp_filter *filter)  in seccomp_notify_free()  argument
1362 	kfree(filter->notif);  in seccomp_notify_free()
1363 	filter->notif = NULL;  in seccomp_notify_free()
1366 static void seccomp_notify_detach(struct seccomp_filter *filter)  in seccomp_notify_detach()  argument
1370 	if (!filter)  in seccomp_notify_detach()
1373 	mutex_lock(&filter->notify_lock);  in seccomp_notify_detach()
1379 	list_for_each_entry(knotif, &filter->notif->notifications, list) {  in seccomp_notify_detach()
1395 	seccomp_notify_free(filter);  in seccomp_notify_detach()
1396 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_detach()
1401 	struct seccomp_filter *filter = file->private_data;  in seccomp_notify_release()  local
1403 	seccomp_notify_detach(filter);  in seccomp_notify_release()
1404 	__put_seccomp_filter(filter);  in seccomp_notify_release()
1410 find_notification(struct seccomp_filter *filter, u64 id)  in find_notification()  argument
1414 	lockdep_assert_held(&filter->notify_lock);  in find_notification()
1416 	list_for_each_entry(cur, &filter->notif->notifications, list) {  in find_notification()
1425 static long seccomp_notify_recv(struct seccomp_filter *filter,  in seccomp_notify_recv()  argument
1441 	ret = down_interruptible(&filter->notif->request);  in seccomp_notify_recv()
1445 	mutex_lock(&filter->notify_lock);  in seccomp_notify_recv()
1446 	list_for_each_entry(cur, &filter->notif->notifications, list) {  in seccomp_notify_recv()
1468 	wake_up_poll(&filter->wqh, EPOLLOUT | EPOLLWRNORM);  in seccomp_notify_recv()
1471 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_recv()
1482 		mutex_lock(&filter->notify_lock);  in seccomp_notify_recv()
1483 		knotif = find_notification(filter, unotif.id);  in seccomp_notify_recv()
1486 			up(&filter->notif->request);  in seccomp_notify_recv()
1488 		mutex_unlock(&filter->notify_lock);  in seccomp_notify_recv()
1494 static long seccomp_notify_send(struct seccomp_filter *filter,  in seccomp_notify_send()  argument
1511 	ret = mutex_lock_interruptible(&filter->notify_lock);  in seccomp_notify_send()
1515 	knotif = find_notification(filter, resp.id);  in seccomp_notify_send()
1534 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_send()
1538 static long seccomp_notify_id_valid(struct seccomp_filter *filter,  in seccomp_notify_id_valid()  argument
1548 	ret = mutex_lock_interruptible(&filter->notify_lock);  in seccomp_notify_id_valid()
1552 	knotif = find_notification(filter, id);  in seccomp_notify_id_valid()
1558 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_id_valid()
1562 static long seccomp_notify_addfd(struct seccomp_filter *filter,  in seccomp_notify_addfd()  argument
1599 	ret = mutex_lock_interruptible(&filter->notify_lock);  in seccomp_notify_addfd()
1603 	knotif = find_notification(filter, addfd.id);  in seccomp_notify_addfd()
1621 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_addfd()
1637 	mutex_lock(&filter->notify_lock);  in seccomp_notify_addfd()
1651 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_addfd()
1661 	struct seccomp_filter *filter = file->private_data;  in seccomp_notify_ioctl()  local
1667 		return seccomp_notify_recv(filter, buf);  in seccomp_notify_ioctl()
1669 		return seccomp_notify_send(filter, buf);  in seccomp_notify_ioctl()
1672 		return seccomp_notify_id_valid(filter, buf);  in seccomp_notify_ioctl()
1679 		return seccomp_notify_addfd(filter, buf, _IOC_SIZE(cmd));  in seccomp_notify_ioctl()
1688 	struct seccomp_filter *filter = file->private_data;  in seccomp_notify_poll()  local
1692 	poll_wait(file, &filter->wqh, poll_tab);  in seccomp_notify_poll()
1694 	if (mutex_lock_interruptible(&filter->notify_lock) < 0)  in seccomp_notify_poll()
1697 	list_for_each_entry(cur, &filter->notif->notifications, list) {  in seccomp_notify_poll()
1706 	mutex_unlock(&filter->notify_lock);  in seccomp_notify_poll()
1708 	if (refcount_read(&filter->users) == 0)  in seccomp_notify_poll()
1721 static struct file *init_listener(struct seccomp_filter *filter)  in init_listener()  argument
1726 	filter->notif = kzalloc(sizeof(*(filter->notif)), GFP_KERNEL);  in init_listener()
1727 	if (!filter->notif)  in init_listener()
1730 	sema_init(&filter->notif->request, 0);  in init_listener()
1731 	filter->notif->next_id = get_random_u64();  in init_listener()
1732 	INIT_LIST_HEAD(&filter->notif->notifications);  in init_listener()
1735 				 filter, O_RDWR);  in init_listener()
1740 	__get_seccomp_filter(filter);  in init_listener()
1744 		seccomp_notify_free(filter);  in init_listener()
1766 	for (cur = current->seccomp.filter; cur; cur = cur->prev) {  in has_duplicate_listener()
1788 				    const char __user *filter)  in seccomp_set_mode_filter()  argument
1813 	prepared = seccomp_prepare_user_filter(filter);  in seccomp_set_mode_filter()
1879 					   const char __user *filter)  in seccomp_set_mode_filter()  argument
1962 long prctl_set_seccomp(unsigned long seccomp_mode, void __user *filter)  in prctl_set_seccomp()  argument
1979 		uargs = filter;  in prctl_set_seccomp()
1993 	struct seccomp_filter *orig, *filter;  in get_nth_filter()  local
2007 	orig = task->seccomp.filter;  in get_nth_filter()
2012 	for (filter = orig; filter; filter = filter->prev)  in get_nth_filter()
2016 		filter = ERR_PTR(-ENOENT);  in get_nth_filter()
2021 	for (filter = orig; filter && count > 1; filter = filter->prev)  in get_nth_filter()
2024 	if (WARN_ON(count != 1 || !filter)) {  in get_nth_filter()
2025 		filter = ERR_PTR(-ENOENT);  in get_nth_filter()
2029 	__get_seccomp_filter(filter);  in get_nth_filter()
2033 	return filter;  in get_nth_filter()
2039 	struct seccomp_filter *filter;  in seccomp_get_filter()  local
2048 	filter = get_nth_filter(task, filter_off);  in seccomp_get_filter()
2049 	if (IS_ERR(filter))  in seccomp_get_filter()
2050 		return PTR_ERR(filter);  in seccomp_get_filter()
2052 	fprog = filter->prog->orig_prog;  in seccomp_get_filter()
2066 	if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog)))  in seccomp_get_filter()
2070 	__put_seccomp_filter(filter);  in seccomp_get_filter()
2078 	struct seccomp_filter *filter;  in seccomp_get_metadata()  local
2094 	filter = get_nth_filter(task, kmd.filter_off);  in seccomp_get_metadata()
2095 	if (IS_ERR(filter))  in seccomp_get_metadata()
2096 		return PTR_ERR(filter);  in seccomp_get_metadata()
2098 	if (filter->log)  in seccomp_get_metadata()
2105 	__put_seccomp_filter(filter);  in seccomp_get_metadata()