tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

seccomp: ignore secure_computing return values

This change is inspired by
https://lkml.org/lkml/2012/4/16/14
which fixes the build warnings for arches that don't support
CONFIG_HAVE_ARCH_SECCOMP_FILTER.

In particular, there is no requirement for the return value of
secure_computing() to be checked unless the architecture supports
seccomp filter. Instead of silencing the warnings with (void)
a new static inline is added to encode the expected behavior
in a compiler and human friendly way.

v2: - cleans things up with a static inline
- removes sfr's signed-off-by since it is a different approach
v1: - matches sfr's original change

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>

authored by

Will Drewry and committed by
James Morris e4da89d0 b1fa650c

+14 -7
+1 -1
arch/microblaze/kernel/ptrace.c
··· 136 136 { 137 137 long ret = 0; 138 138 139 - secure_computing(regs->r12); 139 + secure_computing_strict(regs->r12); 140 140 141 141 if (test_thread_flag(TIF_SYSCALL_TRACE) && 142 142 tracehook_report_syscall_entry(regs))
+1 -1
arch/mips/kernel/ptrace.c
··· 535 535 asmlinkage void syscall_trace_enter(struct pt_regs *regs) 536 536 { 537 537 /* do the secure computing check first */ 538 - secure_computing(regs->regs[2]); 538 + secure_computing_strict(regs->regs[2]); 539 539 540 540 if (!(current->ptrace & PT_PTRACED)) 541 541 goto out;
+1 -1
arch/powerpc/kernel/ptrace.c
··· 1710 1710 { 1711 1711 long ret = 0; 1712 1712 1713 - secure_computing(regs->gpr[0]); 1713 + secure_computing_strict(regs->gpr[0]); 1714 1714 1715 1715 if (test_thread_flag(TIF_SYSCALL_TRACE) && 1716 1716 tracehook_report_syscall_entry(regs))
+1 -1
arch/s390/kernel/ptrace.c
··· 719 719 long ret = 0; 720 720 721 721 /* Do the secure computing check first. */ 722 - secure_computing(regs->gprs[2]); 722 + secure_computing_strict(regs->gprs[2]); 723 723 724 724 /* 725 725 * The sysc_tracesys code in entry.S stored the system
+1 -1
arch/sh/kernel/ptrace_32.c
··· 503 503 { 504 504 long ret = 0; 505 505 506 - secure_computing(regs->regs[0]); 506 + secure_computing_strict(regs->regs[0]); 507 507 508 508 if (test_thread_flag(TIF_SYSCALL_TRACE) && 509 509 tracehook_report_syscall_entry(regs))
+1 -1
arch/sh/kernel/ptrace_64.c
··· 522 522 { 523 523 long long ret = 0; 524 524 525 - secure_computing(regs->regs[9]); 525 + secure_computing_strict(regs->regs[9]); 526 526 527 527 if (test_thread_flag(TIF_SYSCALL_TRACE) && 528 528 tracehook_report_syscall_entry(regs))
+1 -1
arch/sparc/kernel/ptrace_64.c
··· 1062 1062 int ret = 0; 1063 1063 1064 1064 /* do the secure computing check first */ 1065 - secure_computing(regs->u_regs[UREG_G1]); 1065 + secure_computing_strict(regs->u_regs[UREG_G1]); 1066 1066 1067 1067 if (test_thread_flag(TIF_SYSCALL_TRACE)) 1068 1068 ret = tracehook_report_syscall_entry(regs);
+7
include/linux/seccomp.h
··· 75 75 return 0; 76 76 } 77 77 78 + /* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */ 79 + static inline void secure_computing_strict(int this_syscall) 80 + { 81 + BUG_ON(secure_computing(this_syscall) != 0); 82 + } 83 + 78 84 extern long prctl_get_seccomp(void); 79 85 extern long prctl_set_seccomp(unsigned long, char __user *); 80 86 ··· 97 91 struct seccomp_filter { }; 98 92 99 93 static inline int secure_computing(int this_syscall) { return 0; } 94 + static inline void secure_computing_strict(int this_syscall) { return; } 100 95 101 96 static inline long prctl_get_seccomp(void) 102 97 {