On 12/10/17 15:18, Kees Cook wrote: > On Thu, Oct 12, 2017 at 4:45 AM, Colin Ian King > <colin.king@xxxxxxxxxxxxx> wrote: >> On 12/10/17 12:39, gregkh@xxxxxxxxxxxxxxxxxxx wrote: >>> The patch below was submitted to be applied to the 4.13-stable tree. >>> >>> I fail to see how this patch meets the stable kernel rules as found at >>> Documentation/process/stable-kernel-rules.rst. >>> >>> I could be totally wrong, and if so, please respond to >>> <stable@xxxxxxxxxxxxxxx> and let me know why this patch should be >>> applied. Otherwise, it is now dropped from my patch queues, never to be >>> seen again. >> >> I'm fairly sure my original patch didn't cc stable, so not sure why it >> ended up here either. >> >> Colin >> >>> >>> thanks, >>> >>> greg k-h >>> >>> ------------------ original commit in Linus's tree ------------------ >>> >>> From 084f5601c357e4ee59cf0712200d3f5c4710ba40 Mon Sep 17 00:00:00 2001 >>> From: Colin Ian King <colin.king@xxxxxxxxxxxxx> >>> Date: Fri, 29 Sep 2017 14:26:48 +0100 >>> Subject: [PATCH] seccomp: make function __get_seccomp_filter static >>> >>> The function __get_seccomp_filter is local to the source and does >>> not need to be in global scope, so make it static. >>> >>> Cleans up sparse warning: >>> symbol '__get_seccomp_filter' was not declared. Should it be static? >>> >>> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx> >>> Fixes: 66a733ea6b61 ("seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()") >>> Cc: stable@xxxxxxxxxxxxxxx >>> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> >>> >>> diff --git a/kernel/seccomp.c b/kernel/seccomp.c >>> index bb3a38005b9c..0ae832e13b97 100644 >>> --- a/kernel/seccomp.c >>> +++ b/kernel/seccomp.c >>> @@ -473,7 +473,7 @@ static long seccomp_attach_filter(unsigned int flags, >>> return 0; >>> } >>> >>> -void __get_seccomp_filter(struct seccomp_filter *filter) >>> +static void __get_seccomp_filter(struct seccomp_filter *filter) >>> { >>> /* Reference count is bounded by the number of total processes. */ >>> refcount_inc(&filter->usage); >>> > > I added this to -stable because the prior patch (66a733ea6b61) that > went to stable introduced a regression for Sparse. Is this not okay? > > -Kees > I don't think it's a regression per-se, it's just a warning found by static analysis tools and it won't show up in normal gcc builds. Colin