Patch "seccomp: Stub for !CONFIG_SECCOMP" has been added to the 6.12-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 27 Jan 2025 12:06:04 -0500

This is a note to let you know that I've just added the patch titled

    seccomp: Stub for !CONFIG_SECCOMP

to the 6.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     seccomp-stub-for-config_seccomp.patch
and it can be found in the queue-6.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 969a1a9391c92e431e6829d586c3f31ba6235bc1
Author: Linus Walleij <linus.walleij@xxxxxxxxxx>
Date:   Wed Jan 8 23:44:45 2025 +0100

    seccomp: Stub for !CONFIG_SECCOMP
    
    [ Upstream commit f90877dd7fb5085dd9abd6399daf63dd2969fc90 ]
    
    When using !CONFIG_SECCOMP with CONFIG_GENERIC_ENTRY, the
    randconfig bots found the following snag:
    
       kernel/entry/common.c: In function 'syscall_trace_enter':
    >> kernel/entry/common.c:52:23: error: implicit declaration
       of function '__secure_computing' [-Wimplicit-function-declaration]
          52 |                 ret = __secure_computing(NULL);
             |                       ^~~~~~~~~~~~~~~~~~
    
    Since generic entry calls __secure_computing() unconditionally,
    fix this by moving the stub out of the ifdef clause for
    CONFIG_HAVE_ARCH_SECCOMP_FILTER so it's always available.
    
    Link: https://lore.kernel.org/oe-kbuild-all/202501061240.Fzk9qiFZ-lkp@xxxxxxxxx/
    Signed-off-by: Linus Walleij <linus.walleij@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20250108-seccomp-stub-2-v2-1-74523d49420f@xxxxxxxxxx
    Signed-off-by: Kees Cook <kees@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index 709ad84809e1e..8934c7da47f4c 100644
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -50,10 +50,10 @@ struct seccomp_data;
 
 #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
 static inline int secure_computing(void) { return 0; }
-static inline int __secure_computing(const struct seccomp_data *sd) { return 0; }
 #else
 static inline void secure_computing_strict(int this_syscall) { return; }
 #endif
+static inline int __secure_computing(const struct seccomp_data *sd) { return 0; }
 
 static inline long prctl_get_seccomp(void)
 {







