[PATCH] seccomp: Stub for !CONFIG_SECCOMP

[PATCH] seccomp: Stub for !CONFIG_SECCOMP

[Linus Walleij]

When using !CONFIG_SECCOMP with CONFIG_GENERIC_ENTRY, the
randconfig bots found the following snag:

   kernel/entry/common.c: In function 'syscall_trace_enter':
>> kernel/entry/common.c:52:23: error: implicit declaration
   of function '__secure_computing' [-Wimplicit-function-declaration]
      52 |                 ret = __secure_computing(NULL);
         |                       ^~~~~~~~~~~~~~~~~~

Since generic entry calls __secure_computing() unconditionally,
fix this by adding another static inline stub.

Link: https://lore.kernel.org/oe-kbuild-all/202501061240.Fzk9qiFZ-lkp@intel.com/
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
---
 include/linux/seccomp.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index 341980599c71242d3bb95b544c954278efcc65b9..622a8d8899085b204c449e101de7fe59e26e15a2 100644
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -58,6 +58,10 @@ static inline int secure_computing(void) { return 0; }
 static inline int __secure_computing(const struct seccomp_data *sd) { return 0; }
 #else
 static inline void secure_computing_strict(int this_syscall) { return; }
+static inline int __secure_computing(const struct seccomp_data *sd)
+{
+	return 0;
+}
 #endif
 
 static inline long prctl_get_seccomp(void)

---
base-commit: 40384c840ea1944d7c5a392e8975ed088ecf0b37
change-id: 20250107-seccomp-stub-2-a2e8cbe1f949

Best regards,
-- 
Linus Walleij <linus.walleij@linaro.org>

Re: [PATCH] seccomp: Stub for !CONFIG_SECCOMP

[Kees Cook]

On Tue, Jan 07, 2025 at 09:46:48AM +0100, Linus Walleij wrote:
> When using !CONFIG_SECCOMP with CONFIG_GENERIC_ENTRY, the
> randconfig bots found the following snag:
> 
>    kernel/entry/common.c: In function 'syscall_trace_enter':
> >> kernel/entry/common.c:52:23: error: implicit declaration
>    of function '__secure_computing' [-Wimplicit-function-declaration]
>       52 |                 ret = __secure_computing(NULL);
>          |                       ^~~~~~~~~~~~~~~~~~
> 
> Since generic entry calls __secure_computing() unconditionally,
> fix this by adding another static inline stub.
> 
> Link: https://lore.kernel.org/oe-kbuild-all/202501061240.Fzk9qiFZ-lkp@intel.com/
> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
> ---
>  include/linux/seccomp.h | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
> index 341980599c71242d3bb95b544c954278efcc65b9..622a8d8899085b204c449e101de7fe59e26e15a2 100644
> --- a/include/linux/seccomp.h
> +++ b/include/linux/seccomp.h
> @@ -58,6 +58,10 @@ static inline int secure_computing(void) { return 0; }
>  static inline int __secure_computing(const struct seccomp_data *sd) { return 0; }
^^^^

>  #else
>  static inline void secure_computing_strict(int this_syscall) { return; }
> +static inline int __secure_computing(const struct seccomp_data *sd)
> +{
> +	return 0;
> +}
>  #endif

Let's just move the existing __secure_computing() no-op out of the ifdef
there.

-Kees

>  
>  static inline long prctl_get_seccomp(void)
> 
> ---
> base-commit: 40384c840ea1944d7c5a392e8975ed088ecf0b37
> change-id: 20250107-seccomp-stub-2-a2e8cbe1f949
> 
> Best regards,
> -- 
> Linus Walleij <linus.walleij@linaro.org>
> 

-- 
Kees Cook