Revert "CHROMIUM: seccomp_filter: kill NR_syscall references"

This reverts commit a7ef8ea9dbb1c125ecdeb00bcdd668eb5091413a.

https://lists.ubuntu.com/archives/kernel-team/2012-January/018695.html

"At this point, since there are no consumers of the old API, and it
will be almost certainly replaced by the BPF API, I think in the face
of the 5-year support of the LTS release, we should probably just
remove all of the seccomp_filter patches from Ubuntu." - Kees Cook

Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index e0df4ad..06e7b57 100644 (file)
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -52,6 +52,9 @@ void __secure_computing(int this_syscall)
                break;
 #ifdef CONFIG_SECCOMP_FILTER
        case 13:
+               if (this_syscall >= NR_syscalls || this_syscall < 0)
+                       break;
+
                if (!seccomp_test_filters(this_syscall))
                        return;
 

diff --git a/kernel/seccomp_filter.c b/kernel/seccomp_filter.c
index cdb4f79..80a5be0 100644 (file)
--- a/kernel/seccomp_filter.c
+++ b/kernel/seccomp_filter.c
@@ -903,6 +903,9 @@ long prctl_set_seccomp_filter(unsigned long id_type,
                goto out;
        }
 
+       if (nr >= NR_syscalls)
+               goto out;
+
        ret = -EFAULT;
        if (!user_filter)
                goto out;
@@ -945,7 +948,11 @@ long prctl_clear_seccomp_filter(unsigned long id_type, unsigned long id)
                goto out;
        }
 
+       if (nr >= NR_syscalls)
+               goto out;
+
        ret = seccomp_clear_filter(nr);
+
 out:
        return ret;
 }
@@ -980,6 +987,9 @@ long prctl_get_seccomp_filter(unsigned long id_type, unsigned long id,
                goto out;
        }
 
+       if (nr >= NR_syscalls)
+               goto out;
+
        ret = -ENOMEM;
        buf = kzalloc(available, GFP_KERNEL);
        if (!buf)