Revert "CHROMIUM: seccomp_filter: remove "skip" from copy and add drop helper"

This reverts commit 496eb439bde047aaf331bb00ec1928abeacd25df.

https://lists.ubuntu.com/archives/kernel-team/2012-January/018695.html

"At this point, since there are no consumers of the old API, and it
will be almost certainly replaced by the BPF API, I think in the face
of the 5-year support of the LTS release, we should probably just
remove all of the seccomp_filter patches from Ubuntu." - Kees Cook

Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>

diff --git a/kernel/seccomp_filter.c b/kernel/seccomp_filter.c
index 00a081e..cfb90ab 100644 (file)
--- a/kernel/seccomp_filter.c
+++ b/kernel/seccomp_filter.c
@@ -371,12 +371,6 @@ fail:
        return ERR_PTR(err);
 }
 
-static void seccomp_filters_drop(struct seccomp_filters *filters, int nr)
-{
-       struct event_filter *filter = btree_remove32(&filters->tree, nr);
-       free_event_filter(filter);
-}
-
 /**
  * seccomp_filters_copy - copies filters from src to dst.
  *
@@ -390,7 +384,8 @@ static void seccomp_filters_drop(struct seccomp_filters *filters, int nr)
  * If @skip is < 0, it is ignored.
  */
 static int seccomp_filters_copy(struct seccomp_filters *dst,
-                               struct seccomp_filters *src)
+                               struct seccomp_filters *src,
+                               int skip)
 {
        int ret = 0, nr;
        struct event_filter *ef;
@@ -398,6 +393,8 @@ static int seccomp_filters_copy(struct seccomp_filters *dst,
 
        btree_for_each_safe32(&src->tree, nr, ef) {
                struct event_filter *filter = ALLOW_FILTER;
+               if (nr == skip)
+                       continue;
                if (!IS_ALLOW_FILTER(ef)) {
                        filter = alloc_event_filter(nr, get_filter_string(ef));
                        if (IS_ERR(filter)) {
@@ -793,10 +790,9 @@ long seccomp_clear_filter(int syscall_nr)
        }
 
        /* Copy, but drop the requested entry. */
-       ret = seccomp_filters_copy(filters, orig_filters);
+       ret = seccomp_filters_copy(filters, orig_filters, syscall_nr);
        if (ret)
                goto out;
-       seccomp_filters_drop(filters, syscall_nr);
        get_seccomp_filters(filters);  /* simplify the out: path */
 
        current->seccomp.filters = filters;
@@ -863,7 +859,7 @@ long seccomp_set_filter(int syscall_nr, char *filter)
 
        filters_set_compat(filters);
        if (orig_filters) {
-               ret = seccomp_filters_copy(filters, orig_filters);
+               ret = seccomp_filters_copy(filters, orig_filters, -1);
                if (ret)
                        goto out;
        }