From 319deec7db6c0aab276d2447f778e7cffed24c7c Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Wed, 12 Dec 2018 19:46:54 -0700 Subject: [PATCH 1/2] seccomp: fix poor type promotion sparse complains, kernel/seccomp.c:1172:13: warning: incorrect type in assignment (different base types) kernel/seccomp.c:1172:13: expected restricted __poll_t [usertype] ret kernel/seccomp.c:1172:13: got int kernel/seccomp.c:1173:13: warning: restricted __poll_t degrades to integer Instead of assigning this to ret, since we don't use this anywhere, let's just test it against 0 directly. Signed-off-by: Tycho Andersen Reported-by: 0day robot Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Signed-off-by: Kees Cook --- kernel/seccomp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 15b6be97fc09..d7f538847b84 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1169,8 +1169,7 @@ static __poll_t seccomp_notify_poll(struct file *file, poll_wait(file, &filter->notif->wqh, poll_tab); - ret = mutex_lock_interruptible(&filter->notify_lock); - if (ret < 0) + if (mutex_lock_interruptible(&filter->notify_lock) < 0) return EPOLLERR; list_for_each_entry(cur, &filter->notif->notifications, list) { From 4fc96ee9085d39ceeaa7b60cd475d0a474e7062f Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Thu, 13 Dec 2018 13:10:30 -0700 Subject: [PATCH 2/2] seccomp, s390: fix build for syscall type change A recent patch landed in the security tree [1] that changed the type of the seccomp syscall. Unfortunately, I didn't quite get every instance of the forward declarations, and thus there is a build failure. Here's the last one that I could find, for s390. It should go through the security tree, although hopefully some s390 people can check and make sure it looks reasonable? The only oddity is the trailing semicolon; some lines around this patch have it, and some lines don't. I've left this one as-is. [1]: https://lore.kernel.org/lkml/20181212231630.GA31584@beast/T/#u Signed-off-by: Tycho Andersen Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Signed-off-by: Kees Cook --- arch/s390/kernel/compat_wrapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/kernel/compat_wrapper.c b/arch/s390/kernel/compat_wrapper.c index 2ce28bf0c5ec..48c4ce668244 100644 --- a/arch/s390/kernel/compat_wrapper.c +++ b/arch/s390/kernel/compat_wrapper.c @@ -164,7 +164,7 @@ COMPAT_SYSCALL_WRAP3(finit_module, int, fd, const char __user *, uargs, int, fla COMPAT_SYSCALL_WRAP3(sched_setattr, pid_t, pid, struct sched_attr __user *, attr, unsigned int, flags); COMPAT_SYSCALL_WRAP4(sched_getattr, pid_t, pid, struct sched_attr __user *, attr, unsigned int, size, unsigned int, flags); COMPAT_SYSCALL_WRAP5(renameat2, int, olddfd, const char __user *, oldname, int, newdfd, const char __user *, newname, unsigned int, flags); -COMPAT_SYSCALL_WRAP3(seccomp, unsigned int, op, unsigned int, flags, const char __user *, uargs) +COMPAT_SYSCALL_WRAP3(seccomp, unsigned int, op, unsigned int, flags, void __user *, uargs) COMPAT_SYSCALL_WRAP3(getrandom, char __user *, buf, size_t, count, unsigned int, flags) COMPAT_SYSCALL_WRAP2(memfd_create, const char __user *, uname, unsigned int, flags) COMPAT_SYSCALL_WRAP3(bpf, int, cmd, union bpf_attr *, attr, unsigned int, size);