On Mon, Jan 20, 2025 at 02:44:45PM +0100, Oleg Nesterov wrote:
> arch/mips/Kconfig selects HAVE_ARCH_SECCOMP_FILTER so syscall_trace_enter()
> can just use __secure_computing(NULL) and rely on populate_seccomp_data(sd)
> and "sd == NULL" checks in __secure_computing(sd) paths.
>
> With the change above syscall_trace_enter() can just use secure_computing()
> and avoid #ifdef + test_thread_flag(TIF_SECCOMP). CONFIG_GENERIC_ENTRY is
> not defined, so test_syscall_work(SECCOMP) will check TIF_SECCOMP.
>
> Signed-off-by: Oleg Nesterov <o...@redhat.com>
> ---
> arch/mips/kernel/ptrace.c | 20 ++------------------
> 1 file changed, 2 insertions(+), 18 deletions(-)
>
> diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
> index 61503a36067e..f7107479c7fa 100644
> --- a/arch/mips/kernel/ptrace.c
> +++ b/arch/mips/kernel/ptrace.c
> @@ -1326,24 +1326,8 @@ asmlinkage long syscall_trace_enter(struct pt_regs
> *regs)
> return -1;
> }
>
> -#ifdef CONFIG_SECCOMP
> - if (unlikely(test_thread_flag(TIF_SECCOMP))) {
> - int ret, i;
> - struct seccomp_data sd;
> - unsigned long args[6];
> -
> - sd.nr = current_thread_info()->syscall;
> - sd.arch = syscall_get_arch(current);
> - syscall_get_arguments(current, regs, args);
> - for (i = 0; i < 6; i++)
> - sd.args[i] = args[i];
> - sd.instruction_pointer = KSTK_EIP(current);
> -
> - ret = __secure_computing(&sd);
> - if (ret == -1)
> - return ret;
> - }
> -#endif
> + if (secure_computing())
> + return -1;
>
> if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
> trace_sys_enter(regs, regs->regs[2]);
> --
> 2.25.1.362.g51ebf55
Acked-by: Thomas Bogendoerfer <tsbog...@alpha.franken.de>
--
Crap can work. Given enough thrust pigs will fly, but it's not necessarily a
good idea. [ RFC1925, 2.3 ]
