Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...

[sfrench/cifs-2.6.git] / kernel / seccomp.c

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index e815781ed751b912d67348aa9cb7d23b561e503b..54a0347ca8128f09cdbbcc83e2e8f8eea633a7ab 100644 (file)
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -267,6 +267,7 @@ static u32 seccomp_run_filters(const struct seccomp_data *sd,
         * All filters in the list are evaluated and the lowest BPF return
         * value always takes priority (ignoring the DATA).
         */
+       preempt_disable();
        for (; f; f = f->prev) {
                u32 cur_ret = BPF_PROG_RUN(f->prog, sd);
 
@@ -275,6 +276,7 @@ static u32 seccomp_run_filters(const struct seccomp_data *sd,
                        *match = f;
                }
        }
+       preempt_enable();
        return ret;
 }
 #endif /* CONFIG_SECCOMP_FILTER */
@@ -443,8 +445,8 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog)
         * behavior of privileged children.
         */
        if (!task_no_new_privs(current) &&
-           security_capable_noaudit(current_cred(), current_user_ns(),
-                                    CAP_SYS_ADMIN) != 0)
+           security_capable(current_cred(), current_user_ns(),
+                                    CAP_SYS_ADMIN, CAP_OPT_NOAUDIT) != 0)
                return ERR_PTR(-EACCES);
 
        /* Allocate a new seccomp_filter */