diff options
| author | Oleg Nesterov <oleg@redhat.com> | 2025-01-28 16:03:07 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-04-10 14:43:55 +0200 |
| commit | 4e4346494654f71a91042f1567dac3744d53864d (patch) | |
| tree | 20d8713457a7866c6d0ec1b5e7eda24f741eb292 /kernel | |
| parent | 11769835a5da88572f0d5c26e9de803f7932e305 (diff) | |
| download | linux-4e4346494654f71a91042f1567dac3744d53864d.tar.gz linux-4e4346494654f71a91042f1567dac3744d53864d.tar.bz2 linux-4e4346494654f71a91042f1567dac3744d53864d.zip | |
seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER
[ Upstream commit b37778bec82ba82058912ca069881397197cd3d5 ]
Depending on CONFIG_HAVE_ARCH_SECCOMP_FILTER, __secure_computing(NULL)
will crash or not. This is not consistent/safe, especially considering
that after the previous change __secure_computing(sd) is always called
with sd == NULL.
Fortunately, if CONFIG_HAVE_ARCH_SECCOMP_FILTER=n, __secure_computing()
has no callers, these architectures use secure_computing_strict(). Yet
it make sense make __secure_computing(NULL) safe in this case.
Note also that with this change we can unexport secure_computing_strict()
and change the current callers to use __secure_computing(NULL).
Fixes: 8cf8dfceebda ("seccomp: Stub for !HAVE_ARCH_SECCOMP_FILTER")
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20250128150307.GA15325@redhat.com
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/seccomp.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 7bbb408431eb..3231f63d93d8 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -29,13 +29,11 @@ #include <linux/syscalls.h> #include <linux/sysctl.h> +#include <asm/syscall.h> + /* Not exposed in headers: strictly internal use only. */ #define SECCOMP_MODE_DEAD (SECCOMP_MODE_FILTER + 1) -#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER -#include <asm/syscall.h> -#endif - #ifdef CONFIG_SECCOMP_FILTER #include <linux/file.h> #include <linux/filter.h> @@ -1074,6 +1072,14 @@ void secure_computing_strict(int this_syscall) else BUG(); } +int __secure_computing(const struct seccomp_data *sd) +{ + int this_syscall = sd ? sd->nr : + syscall_get_nr(current, current_pt_regs()); + + secure_computing_strict(this_syscall); + return 0; +} #else #ifdef CONFIG_SECCOMP_FILTER |