From db29fd281a7555698472bf86a92d0c5a6827db96 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 21 Jun 2023 13:06:37 +1000 Subject: seccomp: Make seccomp.sh re-entrancy safe seccomp.sh generates seccomp.h piece by piece using >> directives. This means that if two instances of seccomp.h are run concurrently a corrupted version of seccomp.h will be generated. Amongst other problems this can cause spurious failures on clang-tidy. Alter seccomp.sh to build the output in a temporary file and atomic move it to seccomp.h, so concurrent invocations will still result in valud output. Signed-off-by: David Gibson Signed-off-by: Stefano Brivio --- seccomp.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/seccomp.sh b/seccomp.sh index 092c24e..e1224e0 100755 --- a/seccomp.sh +++ b/seccomp.sh @@ -15,7 +15,7 @@ TMP="$(mktemp)" IN="$@" -OUT="seccomp.h" +OUT="$(mktemp)" [ -z "${ARCH}" ] && ARCH="$(uname -m)" [ -z "${CC}" ] && CC="cc" @@ -53,7 +53,7 @@ BST=' BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, @NR@, @R@, @L@),' # cleanup() - Remove temporary file if it exists cleanup() { - rm -f "${TMP}" + rm -f "${TMP}" "${OUT}" } trap "cleanup" EXIT @@ -254,3 +254,5 @@ for __p in ${__profiles}; do gen_profile "${__p}" ${__calls} done + +mv "${OUT}" seccomp.h -- cgit v1.2.3