tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER

Depending on CONFIG_HAVE_ARCH_SECCOMP_FILTER, __secure_computing(NULL)
will crash or not. This is not consistent/safe, especially considering
that after the previous change __secure_computing(sd) is always called
with sd == NULL.

Fortunately, if CONFIG_HAVE_ARCH_SECCOMP_FILTER=n, __secure_computing()
has no callers, these architectures use secure_computing_strict(). Yet
it make sense make __secure_computing(NULL) safe in this case.

Note also that with this change we can unexport secure_computing_strict()
and change the current callers to use __secure_computing(NULL).

Fixes: 8cf8dfceebda ("seccomp: Stub for !HAVE_ARCH_SECCOMP_FILTER")
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20250128150307.GA15325@redhat.com
Signed-off-by: Kees Cook <kees@kernel.org>

authored by

Oleg Nesterov and committed by
Kees Cook b37778be 0fe1ebf3

+12 -10
+2 -6
include/linux/seccomp.h
··· 22 22 #include <linux/atomic.h> 23 23 #include <asm/seccomp.h> 24 24 25 - #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER 26 25 extern int __secure_computing(const struct seccomp_data *sd); 26 + 27 + #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER 27 28 static inline int secure_computing(void) 28 29 { 29 30 if (unlikely(test_syscall_work(SECCOMP))) ··· 33 32 } 34 33 #else 35 34 extern void secure_computing_strict(int this_syscall); 36 - static inline int __secure_computing(const struct seccomp_data *sd) 37 - { 38 - secure_computing_strict(sd->nr); 39 - return 0; 40 - } 41 35 #endif 42 36 43 37 extern long prctl_get_seccomp(void);
+10 -4
kernel/seccomp.c
··· 29 29 #include <linux/syscalls.h> 30 30 #include <linux/sysctl.h> 31 31 32 + #include <asm/syscall.h> 33 + 32 34 /* Not exposed in headers: strictly internal use only. */ 33 35 #define SECCOMP_MODE_DEAD (SECCOMP_MODE_FILTER + 1) 34 - 35 - #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER 36 - #include <asm/syscall.h> 37 - #endif 38 36 39 37 #ifdef CONFIG_SECCOMP_FILTER 40 38 #include <linux/file.h> ··· 1071 1073 __secure_computing_strict(this_syscall); 1072 1074 else 1073 1075 BUG(); 1076 + } 1077 + int __secure_computing(const struct seccomp_data *sd) 1078 + { 1079 + int this_syscall = sd ? sd->nr : 1080 + syscall_get_nr(current, current_pt_regs()); 1081 + 1082 + secure_computing_strict(this_syscall); 1083 + return 0; 1074 1084 } 1075 1085 #else 1076 1086