www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Oleg Nesterov <oleg@redhat.com>
	Tue, 28 Jan 2025 15:03:07 +0000 (16:03 +0100)
committer	Kees Cook <kees@kernel.org>
	Mon, 10 Feb 2025 17:26:22 +0000 (09:26 -0800)
commit	b37778bec82ba82058912ca069881397197cd3d5
tree	e41ac9bde9d5596b962a40193337a012240b0bd4	tree
parent	0fe1ebf3f056d99ef4835dc5d88b9c3bb12e44c1	commit \| diff

seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER

Depending on CONFIG_HAVE_ARCH_SECCOMP_FILTER, __secure_computing(NULL)
will crash or not. This is not consistent/safe, especially considering
that after the previous change __secure_computing(sd) is always called
with sd == NULL.

Fortunately, if CONFIG_HAVE_ARCH_SECCOMP_FILTER=n, __secure_computing()
has no callers, these architectures use secure_computing_strict(). Yet
it make sense make __secure_computing(NULL) safe in this case.

Note also that with this change we can unexport secure_computing_strict()
and change the current callers to use __secure_computing(NULL).

Fixes: 8cf8dfceebda ("seccomp: Stub for !HAVE_ARCH_SECCOMP_FILTER")
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20250128150307.GA15325@redhat.com
Signed-off-by: Kees Cook <kees@kernel.org>

include/linux/seccomp.h		diff \| blob \| history
kernel/seccomp.c		diff \| blob \| history