CHROMIUM: seccomp_filters: guard all ftrace wrapper code

Ensures all code that is tainted by ftrace's use of NR_syscalls
is guarded.

Signed-off-by: Will Drewry <wad@chromium.org>

TEST=see deps
BUG=chromium-os:14496

Change-Id: I161d915c557bdd5e40b595aed8adb185df359052
Reviewed-on: http://gerrit.chromium.org/gerrit/6307
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>

diff --git a/kernel/seccomp_filter.c b/kernel/seccomp_filter.c
index cdb4f79..6953c73 100644 (file)
--- a/kernel/seccomp_filter.c
+++ b/kernel/seccomp_filter.c
@@ -32,7 +32,6 @@
 #include <linux/uaccess.h>
 #include <linux/btree.h>
 
-#include <asm/syscall.h>
 #include <trace/syscall.h>
 
 /* Pull in *just* to access event_filter->filter_string. */
@@ -72,6 +71,13 @@ struct seccomp_filters {
        struct btree_head32 tree;
 };
 
+/*
+ * Make ftrace support optional
+ */
+
+#if defined(CONFIG_FTRACE_SYSCALLS) && defined(CONFIG_PERF_EVENTS)
+#include <asm/syscall.h>
+
 /* Make sure we can get to the syscall metadata that ftrace hordes. */
 extern struct syscall_metadata *__start_syscalls_metadata[];
 extern struct syscall_metadata *__stop_syscalls_metadata[];
@@ -85,12 +91,6 @@ static struct syscall_metadata *syscall_nr_to_meta(int nr)
        return syscalls_metadata[nr];
 }
 
-/*
- * Make ftrace support optional
- */
-
-#if defined(CONFIG_FTRACE_SYSCALLS) && defined(CONFIG_PERF_EVENTS)
-
 /* Fix up buffer creation to allow the ftrace filter engine to
  * work with seccomp filter events.
  * Lifted from kernel/trace/trace_syscalls.c
@@ -266,11 +266,39 @@ static int ftrace_syscall_enter_state(u8 *buf, size_t available,
        return 0;
 }
 
+/* Encodes translation from sys_enter events to system call numbers.
+ * Returns -ENOSYS when the event doesn't match a system call or if
+ * current is_compat_task().  ftrace has no awareness of CONFIG_COMPAT
+ * yet.
+ */
+static int event_to_syscall_nr(int event_id)
+{
+       int nr, nosys = 1;
+#ifdef CONFIG_COMPAT
+       if (is_compat_task())
+               return -ENOSYS;
+#endif
+       for (nr = 0; nr < NR_syscalls; ++nr) {
+               struct syscall_metadata *data = syscall_nr_to_meta(nr);
+               if (!data)
+                       continue;
+               nosys = 0;
+               if (data->enter_event->event.type == event_id)
+                       return nr;
+       }
+       if (nosys)
+               return -ENOSYS;
+       return -EINVAL;
+}
+
+
 #else  /*  defined(CONFIG_FTRACE_SYSCALLS) && defined(CONFIG_PERF_EVENTS) */
 
 #define create_event_filter(_ef_pptr, _event_type, _str) (-ENOSYS)
 #define get_filter_string(_ef) (NULL)
 #define free_event_filter(_f) do { } while (0)
+#define event_to_syscall_nr(x) (-ENOSYS)
+#define syscall_nr_to_meta(x) (NULL)
 
 #endif
 
@@ -542,31 +570,6 @@ static const char *syscall_nr_to_name(int syscall)
        return syscall_name;
 }
 
-/* Encodes translation from sys_enter events to system call numbers.
- * Returns -ENOSYS when the event doesn't match a system call or if
- * current is_compat_task().  ftrace has no awareness of CONFIG_COMPAT
- * yet.
- */
-static int event_to_syscall_nr(int event_id)
-{
-       int nr, nosys = 1;
-#ifdef CONFIG_COMPAT
-       if (is_compat_task())
-               return -ENOSYS;
-#endif
-       for (nr = 0; nr < NR_syscalls; ++nr) {
-               struct syscall_metadata *data = syscall_nr_to_meta(nr);
-               if (!data)
-                       continue;
-               nosys = 0;
-               if (data->enter_event->event.type == event_id)
-                       return nr;
-       }
-       if (nosys)
-               return -ENOSYS;
-       return -EINVAL;
-}
-
 static void filters_set_compat(struct seccomp_filters *filters)
 {
 #ifdef CONFIG_COMPAT