seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER - wireguard-linux

diff options

author	Oleg Nesterov <oleg@redhat.com>	2025-01-28 16:03:07 +0100
committer	Kees Cook <kees@kernel.org>	2025-02-10 09:26:22 -0800
commit	b37778bec82ba82058912ca069881397197cd3d5 (patch)
tree	e41ac9bde9d5596b962a40193337a012240b0bd4 /scripts/generate_rust_analyzer.py
parent	seccomp/mips: change syscall_trace_enter() to use secure_computing() (diff)
download	wireguard-linux-b37778bec82ba82058912ca069881397197cd3d5.tar.xz wireguard-linux-b37778bec82ba82058912ca069881397197cd3d5.zip

seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER

Depending on CONFIG_HAVE_ARCH_SECCOMP_FILTER, __secure_computing(NULL) will crash or not. This is not consistent/safe, especially considering that after the previous change __secure_computing(sd) is always called with sd == NULL. Fortunately, if CONFIG_HAVE_ARCH_SECCOMP_FILTER=n, __secure_computing() has no callers, these architectures use secure_computing_strict(). Yet it make sense make __secure_computing(NULL) safe in this case. Note also that with this change we can unexport secure_computing_strict() and change the current callers to use __secure_computing(NULL). Fixes: 8cf8dfceebda ("seccomp: Stub for !HAVE_ARCH_SECCOMP_FILTER") Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Link: https://lore.kernel.org/r/20250128150307.GA15325@redhat.com Signed-off-by: Kees Cook <kees@kernel.org>

Diffstat (limited to 'scripts/generate_rust_analyzer.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: