seccomp: ignore secure_computing return values
This change is inspired by https://lkml.org/lkml/2012/4/16/14 which fixes the build warnings for arches that don't support CONFIG_HAVE_ARCH_SECCOMP_FILTER. In particular, there is no requirement for the return value of secure_computing() to be checked unless the architecture supports seccomp filter. Instead of silencing the warnings with (void) a new static inline is added to encode the expected behavior in a compiler and human friendly way. v2: - cleans things up with a static inline - removes sfr's signed-off-by since it is a different approach v1: - matches sfr's original change Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Will Drewry <wad@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
parent
b1fa650c7e
commit
e4da89d02f
|
@ -136,7 +136,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
|
||||||
{
|
{
|
||||||
long ret = 0;
|
long ret = 0;
|
||||||
|
|
||||||
secure_computing(regs->r12);
|
secure_computing_strict(regs->r12);
|
||||||
|
|
||||||
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
|
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
|
||||||
tracehook_report_syscall_entry(regs))
|
tracehook_report_syscall_entry(regs))
|
||||||
|
|
|
@ -535,7 +535,7 @@ static inline int audit_arch(void)
|
||||||
asmlinkage void syscall_trace_enter(struct pt_regs *regs)
|
asmlinkage void syscall_trace_enter(struct pt_regs *regs)
|
||||||
{
|
{
|
||||||
/* do the secure computing check first */
|
/* do the secure computing check first */
|
||||||
secure_computing(regs->regs[2]);
|
secure_computing_strict(regs->regs[2]);
|
||||||
|
|
||||||
if (!(current->ptrace & PT_PTRACED))
|
if (!(current->ptrace & PT_PTRACED))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
|
@ -1710,7 +1710,7 @@ long do_syscall_trace_enter(struct pt_regs *regs)
|
||||||
{
|
{
|
||||||
long ret = 0;
|
long ret = 0;
|
||||||
|
|
||||||
secure_computing(regs->gpr[0]);
|
secure_computing_strict(regs->gpr[0]);
|
||||||
|
|
||||||
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
|
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
|
||||||
tracehook_report_syscall_entry(regs))
|
tracehook_report_syscall_entry(regs))
|
||||||
|
|
|
@ -719,7 +719,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
|
||||||
long ret = 0;
|
long ret = 0;
|
||||||
|
|
||||||
/* Do the secure computing check first. */
|
/* Do the secure computing check first. */
|
||||||
secure_computing(regs->gprs[2]);
|
secure_computing_strict(regs->gprs[2]);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The sysc_tracesys code in entry.S stored the system
|
* The sysc_tracesys code in entry.S stored the system
|
||||||
|
|
|
@ -503,7 +503,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
|
||||||
{
|
{
|
||||||
long ret = 0;
|
long ret = 0;
|
||||||
|
|
||||||
secure_computing(regs->regs[0]);
|
secure_computing_strict(regs->regs[0]);
|
||||||
|
|
||||||
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
|
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
|
||||||
tracehook_report_syscall_entry(regs))
|
tracehook_report_syscall_entry(regs))
|
||||||
|
|
|
@ -522,7 +522,7 @@ asmlinkage long long do_syscall_trace_enter(struct pt_regs *regs)
|
||||||
{
|
{
|
||||||
long long ret = 0;
|
long long ret = 0;
|
||||||
|
|
||||||
secure_computing(regs->regs[9]);
|
secure_computing_strict(regs->regs[9]);
|
||||||
|
|
||||||
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
|
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
|
||||||
tracehook_report_syscall_entry(regs))
|
tracehook_report_syscall_entry(regs))
|
||||||
|
|
|
@ -1062,7 +1062,7 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs)
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
/* do the secure computing check first */
|
/* do the secure computing check first */
|
||||||
secure_computing(regs->u_regs[UREG_G1]);
|
secure_computing_strict(regs->u_regs[UREG_G1]);
|
||||||
|
|
||||||
if (test_thread_flag(TIF_SYSCALL_TRACE))
|
if (test_thread_flag(TIF_SYSCALL_TRACE))
|
||||||
ret = tracehook_report_syscall_entry(regs);
|
ret = tracehook_report_syscall_entry(regs);
|
||||||
|
|
|
@ -75,6 +75,12 @@ static inline int secure_computing(int this_syscall)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */
|
||||||
|
static inline void secure_computing_strict(int this_syscall)
|
||||||
|
{
|
||||||
|
BUG_ON(secure_computing(this_syscall) != 0);
|
||||||
|
}
|
||||||
|
|
||||||
extern long prctl_get_seccomp(void);
|
extern long prctl_get_seccomp(void);
|
||||||
extern long prctl_set_seccomp(unsigned long, char __user *);
|
extern long prctl_set_seccomp(unsigned long, char __user *);
|
||||||
|
|
||||||
|
@ -91,6 +97,7 @@ struct seccomp { };
|
||||||
struct seccomp_filter { };
|
struct seccomp_filter { };
|
||||||
|
|
||||||
static inline int secure_computing(int this_syscall) { return 0; }
|
static inline int secure_computing(int this_syscall) { return 0; }
|
||||||
|
static inline void secure_computing_strict(int this_syscall) { return; }
|
||||||
|
|
||||||
static inline long prctl_get_seccomp(void)
|
static inline long prctl_get_seccomp(void)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue