[PATCH 2/4] seccomp: kill the dead code in the !CONFIG_HAVE_ARCH_SECCOMP_FILTER version of __secure_computing()
Oleg Nesterov
oleg at redhat.com
Tue Jan 21 00:44:52 AEDT 2025
Depending on CONFIG_HAVE_ARCH_SECCOMP_FILTER, __secure_computing(NULL)
will crash or not, this is not consistent/safe.
Fortunately, if CONFIG_HAVE_ARCH_SECCOMP_FILTER=n, __secure_computing()
has no callers, these architectures use secure_computing_strict().
Also, after the previous change __secure_computing(sd) is always called
with sd == NULL, so it is clear that we can remove the code which makes
no sense.
Signed-off-by: Oleg Nesterov <oleg at redhat.com>
---
include/linux/seccomp.h | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index e45531455d3b..e01dfe57a884 100644
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -32,11 +32,7 @@ static inline int secure_computing(void)
}
#else
extern void secure_computing_strict(int this_syscall);
-static inline int __secure_computing(const struct seccomp_data *sd)
-{
- secure_computing_strict(sd->nr);
- return 0;
-}
+static inline int __secure_computing(const struct seccomp_data *sd) { return 0; }
#endif
extern long prctl_get_seccomp(void);
--
2.25.1.362.g51ebf55
More information about the Linuxppc-dev
mailing list