From 0ce60fdb85b97f627f5bc84ba33b702991ffbbb5 Mon Sep 17 00:00:00 2001
From: Andrew Vagin <avagin@virtuozzo.com>
Date: Tue, 9 Feb 2016 00:47:00 +0300
Subject: [PATCH] pie: print an error and notify criu in error cases

Cc: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
---
 pie/restorer.c | 33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/pie/restorer.c b/pie/restorer.c
index d99c92ddf..8cec7f9c4 100644
--- a/pie/restorer.c
+++ b/pie/restorer.c
@@ -344,15 +344,20 @@ static int restore_signals(siginfo_t *ptr, int nr, bool group)
 	return 0;
 }
 
-static void restore_seccomp(struct task_restore_args *args)
+static int restore_seccomp(struct task_restore_args *args)
 {
+	int ret;
+
 	switch (args->seccomp_mode) {
 	case SECCOMP_MODE_DISABLED:
-		return;
+		return 0;
 	case SECCOMP_MODE_STRICT:
-		if (sys_prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT, 0, 0, 0))
+		ret = sys_prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT, 0, 0, 0);
+		if (ret < 0) {
+			pr_err("prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT) returned %d\n", ret);
 			goto die;
-		return;
+		}
+		return 0;
 	case SECCOMP_MODE_FILTER: {
 		int i;
 		void *filter_data;
@@ -369,27 +374,24 @@ static void restore_seccomp(struct task_restore_args *args)
 			 * don't have to restore_seccomp() in threads, and that
 			 * future TSYNC behavior will be correct.
 			 */
-			if (sys_seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC, (char *) fprog) < 0)
+			ret = sys_seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC, (char *) fprog);
+			if (ret < 0) {
+				pr_err("sys_seccomp() returned %d\n", ret);
 				goto die;
+			}
 
 			filter_data += fprog->len * sizeof(struct sock_filter);
 		}
 
-		return;
+		return 0;
 	}
 	default:
 		goto die;
 	}
 
+	return 0;
 die:
-	/*
-	 * If preparing any seccomp state failed, we should make sure this
-	 * process doesn't continue so that it can't do things outside the
-	 * sandbox. Unfortunately, the rest of the restore has to continue
-	 * since we're too late in the process to stop it and have unlocked the
-	 * network.
-	 */
-	sys_exit_group(1);
+	return -1;
 }
 
 static int restore_thread_common(struct rt_sigframe *sigframe,
@@ -1268,7 +1270,8 @@ long __export_restore_task(struct task_restore_args *args)
 	 * ns, so we must do this before restore_creds.
 	 */
 	pr_info("restoring seccomp mode %d for %ld\n", args->seccomp_mode, sys_getpid());
-	restore_seccomp(args);
+	if (restore_seccomp(args))
+		goto core_restore_end;
 
 	/*
 	 * Writing to last-pid is CAP_SYS_ADMIN protected,