seccomp/mips: change syscall_trace_enter() to use secure_computing()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

arch/mips/Kconfig selects HAVE_ARCH_SECCOMP_FILTER so syscall_trace_enter()
can just use __secure_computing(NULL) and rely on populate_seccomp_data(sd)
and "sd == NULL" checks in __secure_computing(sd) paths.

With the change above syscall_trace_enter() can just use secure_computing()
and avoid #ifdef + test_thread_flag(TIF_SECCOMP). CONFIG_GENERIC_ENTRY is
not defined, so test_syscall_work(SECCOMP) will check TIF_SECCOMP.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Reviewed-by: Kees Cook <kees@kernel.org>
Link: https://lore.kernel.org/r/20250128150300.GA15318@redhat.com
Signed-off-by: Kees Cook <kees@kernel.org>

authored by

Oleg Nesterov and committed by

Kees Cook 1 year ago 0fe1ebf3 18f7686a

+2 -18

1 changed file

expand all

arch

mips

kernel

ptrace.c

+2 -18

arch/mips/kernel/ptrace.c

··· 1326 1326 return -1; 1327 1327 } 1328 1328 1329 - #ifdef CONFIG_SECCOMP 1330 - if (unlikely(test_thread_flag(TIF_SECCOMP))) { 1331 - int ret, i; 1332 - struct seccomp_data sd; 1333 - unsigned long args[6]; 1334 - 1335 - sd.nr = current_thread_info()->syscall; 1336 - sd.arch = syscall_get_arch(current); 1337 - syscall_get_arguments(current, regs, args); 1338 - for (i = 0; i < 6; i++) 1339 - sd.args[i] = args[i]; 1340 - sd.instruction_pointer = KSTK_EIP(current); 1341 - 1342 - ret = __secure_computing(&sd); 1343 - if (ret == -1) 1344 - return ret; 1345 - } 1346 - #endif 1329 + if (secure_computing()) 1330 + return -1; 1347 1331 1348 1332 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) 1349 1333 trace_sys_enter(regs, regs->regs[2]);

Configure Feed

Configure Feed