PKGBUILDs/core/linux-odroid-c2/0003-seccomp-create-internal-mode-setting-function.patch

From 73a08be22f457df505b9d2346b1e94b96e1ffae6 Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@chromium.org>
Date: Wed, 21 May 2014 15:02:11 -0700
Subject: [PATCH 03/16] seccomp: create internal mode-setting function

In preparation for having other callers of the seccomp mode setting
logic, split the prctl entry point away from the core logic that performs
seccomp mode setting.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
(cherry picked from commit d78ab02c2c194257a03355fbb79eb721b381d105)
---
 kernel/seccomp.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index e2eb71b1e970..ef24e22c3d14 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -473,7 +473,7 @@ long prctl_get_seccomp(void)
 }
 
 /**
- * prctl_set_seccomp: configures current->seccomp.mode
+ * seccomp_set_mode: internal function for setting seccomp mode
  * @seccomp_mode: requested mode to use
  * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER
  *
@@ -486,7 +486,7 @@ long prctl_get_seccomp(void)
  *
  * Returns 0 on success or -EINVAL on failure.
  */
-long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
+static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)
 {
 	long ret = -EINVAL;
 
@@ -517,3 +517,15 @@ long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
 out:
 	return ret;
 }
+
+/**
+ * prctl_set_seccomp: configures current->seccomp.mode
+ * @seccomp_mode: requested mode to use
+ * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER
+ *
+ * Returns 0 on success or -EINVAL on failure.
+ */
+long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
+{
+	return seccomp_set_mode(seccomp_mode, filter);
+}
-- 
2.18.0
core/linux-odroid-c2 to 3.16.57-2 2018-09-03 00:09:40 +00:00			`From 73a08be22f457df505b9d2346b1e94b96e1ffae6 Mon Sep 17 00:00:00 2001`
			`From: Kees Cook <keescook@chromium.org>`
			`Date: Wed, 21 May 2014 15:02:11 -0700`
			`Subject: [PATCH 03/16] seccomp: create internal mode-setting function`

			`In preparation for having other callers of the seccomp mode setting`
			`logic, split the prctl entry point away from the core logic that performs`
			`seccomp mode setting.`

			`Signed-off-by: Kees Cook <keescook@chromium.org>`
			`Reviewed-by: Oleg Nesterov <oleg@redhat.com>`
			`Reviewed-by: Andy Lutomirski <luto@amacapital.net>`
			`(cherry picked from commit d78ab02c2c194257a03355fbb79eb721b381d105)`
			`---`
			`kernel/seccomp.c \| 16 ++++++++++++++--`
			`1 file changed, 14 insertions(+), 2 deletions(-)`

			`diff --git a/kernel/seccomp.c b/kernel/seccomp.c`
			`index e2eb71b1e970..ef24e22c3d14 100644`
			`--- a/kernel/seccomp.c`
			`+++ b/kernel/seccomp.c`
			`@@ -473,7 +473,7 @@ long prctl_get_seccomp(void)`
			`}`

			`/**`
			`- * prctl_set_seccomp: configures current->seccomp.mode`
			`+ * seccomp_set_mode: internal function for setting seccomp mode`
			`* @seccomp_mode: requested mode to use`
			`* @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER`
			`*`
			`@@ -486,7 +486,7 @@ long prctl_get_seccomp(void)`
			`*`
			`* Returns 0 on success or -EINVAL on failure.`
			`*/`
			`-long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)`
			`+static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter)`
			`{`
			`long ret = -EINVAL;`

			`@@ -517,3 +517,15 @@ long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)`
			`out:`
			`return ret;`
			`}`
			`+`
			`+/**`
			`+ * prctl_set_seccomp: configures current->seccomp.mode`
			`+ * @seccomp_mode: requested mode to use`
			`+ * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER`
			`+ *`
			`+ * Returns 0 on success or -EINVAL on failure.`
			`+ */`
			`+long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)`
			`+{`
			`+ return seccomp_set_mode(seccomp_mode, filter);`
			`+}`
			`--`
			`2.18.0`