tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

seccomp: remove the 'sd' argument from __secure_computing()

After the previous changes 'sd' is always NULL.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Kees Cook <kees@kernel.org>
Link: https://lore.kernel.org/r/20250128150313.GA15336@redhat.com
Signed-off-by: Kees Cook <kees@kernel.org>

authored by

Oleg Nesterov and committed by
Kees Cook 1027cd80 b37778be

+10 -12
+1 -1
arch/powerpc/kernel/ptrace/ptrace.c
··· 215 215 * have already loaded -ENOSYS into r3, or seccomp has put 216 216 * something else in r3 (via SECCOMP_RET_ERRNO/TRACE). 217 217 */ 218 - if (__secure_computing(NULL)) 218 + if (__secure_computing()) 219 219 return -1; 220 220 221 221 /*
+3 -3
include/linux/seccomp.h
··· 22 22 #include <linux/atomic.h> 23 23 #include <asm/seccomp.h> 24 24 25 - extern int __secure_computing(const struct seccomp_data *sd); 25 + extern int __secure_computing(void); 26 26 27 27 #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER 28 28 static inline int secure_computing(void) 29 29 { 30 30 if (unlikely(test_syscall_work(SECCOMP))) 31 - return __secure_computing(NULL); 31 + return __secure_computing(); 32 32 return 0; 33 33 } 34 34 #else ··· 54 54 #else 55 55 static inline void secure_computing_strict(int this_syscall) { return; } 56 56 #endif 57 - static inline int __secure_computing(const struct seccomp_data *sd) { return 0; } 57 + static inline int __secure_computing(void) { return 0; } 58 58 59 59 static inline long prctl_get_seccomp(void) 60 60 {
+1 -1
kernel/entry/common.c
··· 49 49 50 50 /* Do seccomp after ptrace, to catch any tracer changes. */ 51 51 if (work & SYSCALL_WORK_SECCOMP) { 52 - ret = __secure_computing(NULL); 52 + ret = __secure_computing(); 53 53 if (ret == -1L) 54 54 return ret; 55 55 }
+5 -7
kernel/seccomp.c
··· 1072 1072 else 1073 1073 BUG(); 1074 1074 } 1075 - int __secure_computing(const struct seccomp_data *sd) 1075 + int __secure_computing(void) 1076 1076 { 1077 - int this_syscall = sd ? sd->nr : 1078 - syscall_get_nr(current, current_pt_regs()); 1077 + int this_syscall = syscall_get_nr(current, current_pt_regs()); 1079 1078 1080 1079 secure_computing_strict(this_syscall); 1081 1080 return 0; ··· 1364 1365 } 1365 1366 #endif 1366 1367 1367 - int __secure_computing(const struct seccomp_data *sd) 1368 + int __secure_computing(void) 1368 1369 { 1369 1370 int mode = current->seccomp.mode; 1370 1371 int this_syscall; ··· 1373 1374 unlikely(current->ptrace & PT_SUSPEND_SECCOMP)) 1374 1375 return 0; 1375 1376 1376 - this_syscall = sd ? sd->nr : 1377 - syscall_get_nr(current, current_pt_regs()); 1377 + this_syscall = syscall_get_nr(current, current_pt_regs()); 1378 1378 1379 1379 switch (mode) { 1380 1380 case SECCOMP_MODE_STRICT: 1381 1381 __secure_computing_strict(this_syscall); /* may call do_exit */ 1382 1382 return 0; 1383 1383 case SECCOMP_MODE_FILTER: 1384 - return __seccomp_filter(this_syscall, sd, false); 1384 + return __seccomp_filter(this_syscall, NULL, false); 1385 1385 /* Surviving SECCOMP_RET_KILL_* must be proactively impossible. */ 1386 1386 case SECCOMP_MODE_DEAD: 1387 1387 WARN_ON_ONCE(1);