On Thu, Oct 12, 2017 at 7:20 AM, Colin Ian King <colin.king@xxxxxxxxxxxxx> wrote: > On 12/10/17 15:18, Kees Cook wrote: >> On Thu, Oct 12, 2017 at 4:45 AM, Colin Ian King >> <colin.king@xxxxxxxxxxxxx> wrote: >>> On 12/10/17 12:39, gregkh@xxxxxxxxxxxxxxxxxxx wrote: >>>> The patch below was submitted to be applied to the 4.13-stable tree. >>>> >>>> I fail to see how this patch meets the stable kernel rules as found at >>>> Documentation/process/stable-kernel-rules.rst. >>>> >>>> I could be totally wrong, and if so, please respond to >>>> <stable@xxxxxxxxxxxxxxx> and let me know why this patch should be >>>> applied. Otherwise, it is now dropped from my patch queues, never to be >>>> seen again. >>> >>> I'm fairly sure my original patch didn't cc stable, so not sure why it >>> ended up here either. >>> >>> Colin >>> >>>> >>>> thanks, >>>> >>>> greg k-h >>>> >>>> ------------------ original commit in Linus's tree ------------------ >>>> >>>> From 084f5601c357e4ee59cf0712200d3f5c4710ba40 Mon Sep 17 00:00:00 2001 >>>> From: Colin Ian King <colin.king@xxxxxxxxxxxxx> >>>> Date: Fri, 29 Sep 2017 14:26:48 +0100 >>>> Subject: [PATCH] seccomp: make function __get_seccomp_filter static >>>> >>>> The function __get_seccomp_filter is local to the source and does >>>> not need to be in global scope, so make it static. >>>> >>>> Cleans up sparse warning: >>>> symbol '__get_seccomp_filter' was not declared. Should it be static? >>>> >>>> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx> >>>> Fixes: 66a733ea6b61 ("seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()") >>>> Cc: stable@xxxxxxxxxxxxxxx >>>> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> >>>> >>>> diff --git a/kernel/seccomp.c b/kernel/seccomp.c >>>> index bb3a38005b9c..0ae832e13b97 100644 >>>> --- a/kernel/seccomp.c >>>> +++ b/kernel/seccomp.c >>>> @@ -473,7 +473,7 @@ static long seccomp_attach_filter(unsigned int flags, >>>> return 0; >>>> } >>>> >>>> -void __get_seccomp_filter(struct seccomp_filter *filter) >>>> +static void __get_seccomp_filter(struct seccomp_filter *filter) >>>> { >>>> /* Reference count is bounded by the number of total processes. */ >>>> refcount_inc(&filter->usage); >>>> >> >> I added this to -stable because the prior patch (66a733ea6b61) that >> went to stable introduced a regression for Sparse. Is this not okay? >> > I don't think it's a regression per-se, it's just a warning found by > static analysis tools and it won't show up in normal gcc builds. If this isn't okay, I'm fine to drop it from -stable. Sorry for the noise Greg! I was considering it a build regression, since there are people running analyzers on -stable, etc. -Kees -- Kees Cook Pixel Security