commit e4da89d02f369450996cfd04f64b1cce4d8afaea
author Will Drewry <wad@chromium.org> Tue Apr 17 14:48:57 2012 -0500
committer James Morris <james.l.morris@oracle.com> Wed Apr 18 12:24:50 2012 +1000
tree 93d5e48347bb6c47ef10741d225969cacd57f77e
parent b1fa650c7e6e81ca788fef52b1659295eb82ffdd

seccomp: ignore secure_computing return values

This change is inspired by
  https://lkml.org/lkml/2012/4/16/14
which fixes the build warnings for arches that don't support
CONFIG_HAVE_ARCH_SECCOMP_FILTER.

In particular, there is no requirement for the return value of
secure_computing() to be checked unless the architecture supports
seccomp filter.  Instead of silencing the warnings with (void)
a new static inline is added to encode the expected behavior
in a compiler and human friendly way.

v2: - cleans things up with a static inline
    - removes sfr's signed-off-by since it is a different approach
v1: - matches sfr's original change

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>

include/linux/seccomp.h

diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index 60f2b35..84f6320d 100644
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -75,6 +75,12 @@
 	return 0;
 }
 
+/* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */
+static inline void secure_computing_strict(int this_syscall)
+{
+	BUG_ON(secure_computing(this_syscall) != 0);
+}
+
 extern long prctl_get_seccomp(void);
 extern long prctl_set_seccomp(unsigned long, char __user *);
 
@@ -91,6 +97,7 @@
 struct seccomp_filter { };
 
 static inline int secure_computing(int this_syscall) { return 0; }
+static inline void secure_computing_strict(int this_syscall) { return; }
 
 static inline long prctl_get_seccomp(void)
 {