Skip to content

Commit e1cec51

Browse files
oleg-nesterovkees
oleg-nesterov
authored and
kees
committed
seccomp: remove the 'sd' argument from __seccomp_filter()
After the previous change 'sd' is always NULL. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Kees Cook <kees@kernel.org> Link: https://lore.kernel.org/r/20250128150321.GA15343@redhat.com Signed-off-by: Kees Cook <kees@kernel.org>
1 parent 1027cd8 commit e1cec51

1 file changed

Lines changed: 8 additions & 13 deletions

File tree

kernel/seccomp.c

Lines changed: 8 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1230,26 +1230,22 @@ static int seccomp_do_user_notification(int this_syscall,
12301230
return -1;
12311231
}
12321232

1233-
static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd,
1234-
const bool recheck_after_trace)
1233+
static int __seccomp_filter(int this_syscall, const bool recheck_after_trace)
12351234
{
12361235
u32 filter_ret, action;
1236+
struct seccomp_data sd;
12371237
struct seccomp_filter *match = NULL;
12381238
int data;
1239-
struct seccomp_data sd_local;
12401239

12411240
/*
12421241
* Make sure that any changes to mode from another thread have
12431242
* been seen after SYSCALL_WORK_SECCOMP was seen.
12441243
*/
12451244
smp_rmb();
12461245

1247-
if (!sd) {
1248-
populate_seccomp_data(&sd_local);
1249-
sd = &sd_local;
1250-
}
1246+
populate_seccomp_data(&sd);
12511247

1252-
filter_ret = seccomp_run_filters(sd, &match);
1248+
filter_ret = seccomp_run_filters(&sd, &match);
12531249
data = filter_ret & SECCOMP_RET_DATA;
12541250
action = filter_ret & SECCOMP_RET_ACTION_FULL;
12551251

@@ -1307,13 +1303,13 @@ static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd,
13071303
* a reload of all registers. This does not goto skip since
13081304
* a skip would have already been reported.
13091305
*/
1310-
if (__seccomp_filter(this_syscall, NULL, true))
1306+
if (__seccomp_filter(this_syscall, true))
13111307
return -1;
13121308

13131309
return 0;
13141310

13151311
case SECCOMP_RET_USER_NOTIF:
1316-
if (seccomp_do_user_notification(this_syscall, match, sd))
1312+
if (seccomp_do_user_notification(this_syscall, match, &sd))
13171313
goto skip;
13181314

13191315
return 0;
@@ -1355,8 +1351,7 @@ static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd,
13551351
return -1;
13561352
}
13571353
#else
1358-
static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd,
1359-
const bool recheck_after_trace)
1354+
static int __seccomp_filter(int this_syscall, const bool recheck_after_trace)
13601355
{
13611356
BUG();
13621357

@@ -1380,7 +1375,7 @@ int __secure_computing(void)
13801375
__secure_computing_strict(this_syscall); /* may call do_exit */
13811376
return 0;
13821377
case SECCOMP_MODE_FILTER:
1383-
return __seccomp_filter(this_syscall, NULL, false);
1378+
return __seccomp_filter(this_syscall, false);
13841379
/* Surviving SECCOMP_RET_KILL_* must be proactively impossible. */
13851380
case SECCOMP_MODE_DEAD:
13861381
WARN_ON_ONCE(1);

0 commit comments

Comments
 (0)