| From d64e1b98d1cc1c00a335b765dbbf0d888c35727f Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Sun, 21 Mar 2021 15:52:19 +0000 |
| Subject: seccomp: Fix CONFIG tests for Seccomp_filters |
| |
| From: Kenta.Tada@sony.com <Kenta.Tada@sony.com> |
| |
| [ Upstream commit 64bdc0244054f7d4bb621c8b4455e292f4e421bc ] |
| |
| Strictly speaking, seccomp filters are only used |
| when CONFIG_SECCOMP_FILTER. |
| This patch fixes the condition to enable "Seccomp_filters" |
| in /proc/$pid/status. |
| |
| Signed-off-by: Kenta Tada <Kenta.Tada@sony.com> |
| Fixes: c818c03b661c ("seccomp: Report number of loaded filters in /proc/$pid/status") |
| Signed-off-by: Kees Cook <keescook@chromium.org> |
| Link: https://lore.kernel.org/r/OSBPR01MB26772D245E2CF4F26B76A989F5669@OSBPR01MB2677.jpnprd01.prod.outlook.com |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| fs/proc/array.c | 2 ++ |
| init/init_task.c | 2 +- |
| 2 files changed, 3 insertions(+), 1 deletion(-) |
| |
| diff --git a/fs/proc/array.c b/fs/proc/array.c |
| index bb87e4d89cd8..7ec59171f197 100644 |
| --- a/fs/proc/array.c |
| +++ b/fs/proc/array.c |
| @@ -342,8 +342,10 @@ static inline void task_seccomp(struct seq_file *m, struct task_struct *p) |
| seq_put_decimal_ull(m, "NoNewPrivs:\t", task_no_new_privs(p)); |
| #ifdef CONFIG_SECCOMP |
| seq_put_decimal_ull(m, "\nSeccomp:\t", p->seccomp.mode); |
| +#ifdef CONFIG_SECCOMP_FILTER |
| seq_put_decimal_ull(m, "\nSeccomp_filters:\t", |
| atomic_read(&p->seccomp.filter_count)); |
| +#endif |
| #endif |
| seq_puts(m, "\nSpeculation_Store_Bypass:\t"); |
| switch (arch_prctl_spec_ctrl_get(p, PR_SPEC_STORE_BYPASS)) { |
| diff --git a/init/init_task.c b/init/init_task.c |
| index 3711cdaafed2..8b08c2e19cbb 100644 |
| --- a/init/init_task.c |
| +++ b/init/init_task.c |
| @@ -210,7 +210,7 @@ struct task_struct init_task |
| #ifdef CONFIG_SECURITY |
| .security = NULL, |
| #endif |
| -#ifdef CONFIG_SECCOMP |
| +#ifdef CONFIG_SECCOMP_FILTER |
| .seccomp = { .filter_count = ATOMIC_INIT(0) }, |
| #endif |
| }; |
| -- |
| 2.30.2 |
| |