From nobody Mon Feb 9 21:38:23 2026 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8191E312834 for ; Tue, 2 Dec 2025 11:52:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764676344; cv=none; b=sVhx729Ertfrn8o6tSxHlsUQRt0YkkX/aIB8fnwTgoRZR3WJGb121Bt/Ur7qjFa8Kew7FSVHc5SZ1Qs18aS6PSDpG9Qg5M3OyhQ5tG7qyegCXcIhKWcI98yfxD6Mnm8H4i254fr8nQ7vUY13cMKnsxqsqBvvwE72hIgh7EDvMjA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764676344; c=relaxed/simple; bh=57o/qqVOjaIf+LNLr7Mou5cYOVwMnRafqEReYb5z9+k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=HBgh/UZ4jNL4EPIFiYnU6FUqhtQShr2NOzYYLVsN+vJTGJXR0bdyvz684beCJSEiyjRn8PTDlsglY/4LK2ZbG210HrTLiqaTZQqiUSbF5EutcBn6N4JCqAAVKrsbEAc9Wi2wYs/Dk4OI9hZj9AnXPr3/Qi6uA84m/awxgYE3JNY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com header.b=beG93V8X; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com header.b="beG93V8X" Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 7BF2F4012E for ; Tue, 2 Dec 2025 11:52:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20251003; t=1764676335; bh=Ct2y+0nl7LmSeBKQ01gBVrV3RhFreqHSexhQZDjqMFQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=beG93V8XouB+9/b6STHwrR/ISoJXpN07SInfH/nwoVkRL+uft4JuobZ85xKx+gS1r H7ppnRS3OPKsGSPqEfl0kyBc0PCOVTyGsMz5EANxpg+5L13etZD+CYVbX8DlU1JV2X se4Z5aGbkcfKv0iy0hSrzBMgKAQbHKbt6u7ECQ18Tlc+aWRtUegIdjAc8QorKc/wAU 0ODQWDEtKbV6TA3beGXJ75vh3y6B9+dTn+nIECF/uwx669cChfMCSJatBjwtBLomzk 09Yyby40zXhs6+GF7Lb0ZpAWyjIvrD3j3O+FNF0UZhfk3eLiAbztOmsU/LxP3b5NPP a5fu8vBcQ6CthTc0YCVVDl1xLk60EBJJTO3GwWXkZVP5kFVL3FqSi6jplRJvUrvAJE Q6SxB9bPlp63Anhu/alngJh3LzcMj+6D6MhXjqhS4P8bBLGajXcwpDfO7EAlY5IELf I3FyeTtlR0WoCGuk6YIxwld2sVijOYvc0ldXwik90ud6o40+MiHkmGWLswFoe52GUE QmJa2rd8NXHbRZdSzAZVIQ1r41SP4eHLuR+NBxs96/CRzW795pT+AeFzLe9C3kiw// u9nP4wGqYioYi7oxN0l/utY9BfeiXHaqAl1HGR/tXlL04lK19O7HggWX/KvhmPKLvi 3vHKJ8Dfzef05I4QDOPa6f1w= Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-b739f418149so567500966b.1 for ; Tue, 02 Dec 2025 03:52:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764676335; x=1765281135; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Ct2y+0nl7LmSeBKQ01gBVrV3RhFreqHSexhQZDjqMFQ=; b=cOLFypeVBascqbMJjSV147VrTND/uLPMYZ4xOx2W0W0gP52V2lapBlpKeR+j//owGe mkcd8optN4hd+QQqKIgg/aPU397QbLdWyP1kuqVOUmsidu+0rb5GfReeACqnVg75wbMP 6EfjJuQKVJt4BQrXVt1ervCQtX7knfzwSOL+i1LcAeuAu0NpY/J1QXuEt1wOAxyOHCUm IgpHgrECw53SV+gr9ixgv16G3NK444TIBfDi+Z4mhqfah1oYpeAnJFguYI+lnzvkj33/ xhJoKclXy7CvslZwLJP8Pwy2V53+d6X6f6Mptv7ncced0GM8v/cDky/ecthgw/EoFF1M B88w== X-Forwarded-Encrypted: i=1; AJvYcCWZzhg4DnRXfXm1QYmKtcA6OWgVNbPY/4dtKlVpfge77F9Zt/qg93s02YgavixBfzA1UchndK9PYKJD7DM=@vger.kernel.org X-Gm-Message-State: AOJu0Yzz7zoHNFgFEkbW0gAAHag5UFDsS9qajMl7SRbwge+K6u/ky056 j9LUOMZZLuWwBmroU8pvb81Qgvgmlcfmp9umfxNK6jrjeUdB5Kbkf+IQfLtqoqQAjR4X4BoTTHo W8bQD0z5GYCVHWIEqXJKVCsZ4s6CST1sLthQIjvn3OOqGsGnFYEJIfYeSFhez8dm1z3MEgZug7s amPlx/lQ== X-Gm-Gg: ASbGncuoR4i06U2WUy2h1Dm4AN/p9mPjJ+YfaPunTof+MZedJ8J8zOel5aTNICKRrYc jUJgvvTlEuVtDTb3sg2boHf9zeM2mIhJGsp/qc//IoZvY0x0oP3NFUsVNGCfPg999ixdyx9AZ/K QfMC2xpDj1jxZ/LDDJ1BOed9qhvQkvqJx3ON2/GJ9DIsVuxz8T6kw+tRZ/3k1WVTqto/k+wOftO UZ739kURkCGu4VWLv0ji0wiPqzrNTdKwj0E4zlm7DDr3NvKlz79NIt96zKzep4To+ZtBWAfkCuh YVlDmANnuSz9TXp5cZ0rlqYfV6HpgjnU1DS56uMa5+M80Hjz859YLuduQJV1gqPb8zRzPSDixDb 09T7S5krPzj17zrvEdwE0NhSz1PHzSUsMpcf9Vi9IFP1W1ZRgSN+BYqFI/vrq62jLWMN1VvKJMK YMFrVtGQ/UlKk2XjPC4cQx9zs= X-Received: by 2002:a17:907:940e:b0:b74:352d:6dc1 with SMTP id a640c23a62f3a-b7671695438mr3600110366b.28.1764676334755; Tue, 02 Dec 2025 03:52:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IHhyNyJbaiZ5UDTQ2O9lnsJpd6wOQNiwjdEavIHe0j5tnxsWXE4HOlcA5oZg+I9yQNdF6zJVw== X-Received: by 2002:a17:907:940e:b0:b74:352d:6dc1 with SMTP id a640c23a62f3a-b7671695438mr3600108366b.28.1764676334380; Tue, 02 Dec 2025 03:52:14 -0800 (PST) Received: from amikhalitsyn.lan (p200300cf5702200011ee99ed0f378a51.dip0.t-ipconnect.de. [2003:cf:5702:2000:11ee:99ed:f37:8a51]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-647510519efsm15206765a12.29.2025.12.02.03.52.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Dec 2025 03:52:14 -0800 (PST) From: Alexander Mikhalitsyn To: kees@kernel.org Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Andy Lutomirski , Will Drewry , Jonathan Corbet , Shuah Khan , Aleksa Sarai , Tycho Andersen , Andrei Vagin , Christian Brauner , =?UTF-8?q?St=C3=A9phane=20Graber?= , Alexander Mikhalitsyn Subject: [PATCH v2 2/6] seccomp: prepare seccomp_run_filters() to support more than one listener Date: Tue, 2 Dec 2025 12:51:54 +0100 Message-ID: <20251202115200.110646-3-aleksandr.mikhalitsyn@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251202115200.110646-1-aleksandr.mikhalitsyn@canonical.com> References: <20251202115200.110646-1-aleksandr.mikhalitsyn@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Prepare seccomp_run_filters() function to support more than one listener in the seccomp tree. In this patch, we only introduce a new struct seccomp_filter_matches with kdoc and modify seccomp_run_filters() signature correspondingly. No functional change intended. Cc: linux-doc@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: Kees Cook Cc: Andy Lutomirski Cc: Will Drewry Cc: Jonathan Corbet Cc: Shuah Khan Cc: Aleksa Sarai Cc: Tycho Andersen Cc: Andrei Vagin Cc: Christian Brauner Cc: St=C3=A9phane Graber Signed-off-by: Alexander Mikhalitsyn --- kernel/seccomp.c | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index f944ea5a2716..c9a1062a53bd 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -237,6 +237,9 @@ struct seccomp_filter { /* Limit any path through the tree to 256KB worth of instructions. */ #define MAX_INSNS_PER_PATH ((1 << 18) / sizeof(struct sock_filter)) =20 +/* Limit number of listeners through the tree. */ +#define MAX_LISTENERS_PER_PATH 8 + /* * Endianness is explicitly ignored and left for BPF program authors to ma= nage * as per the specific architecture. @@ -391,18 +394,38 @@ static inline bool seccomp_cache_check_allow(const st= ruct seccomp_filter *sfilte } #endif /* SECCOMP_ARCH_NATIVE */ =20 +/** + * struct seccomp_filter_matches - container for seccomp filter match resu= lts + * + * @n: A number of filters matched. + * @filters: An array of (struct seccomp_filter) pointers. + * Holds pointers to filters that matched during evaluation. + * A first one in the array is the one with the least permissive + * action result. + * + * If final action result is less (or more) permissive than SECCOMP_RET_US= ER_NOTIF, + * only the most restrictive filter is stored in the array's first element. + * If final action result is SECCOMP_RET_USER_NOTIF, we need to track + * all filters that resulted in the same action to support multiple listen= ers + * in seccomp tree. + */ +struct seccomp_filter_matches { + unsigned char n; + struct seccomp_filter *filters[MAX_LISTENERS_PER_PATH]; +}; + #define ACTION_ONLY(ret) ((s32)((ret) & (SECCOMP_RET_ACTION_FULL))) /** * seccomp_run_filters - evaluates all seccomp filters against @sd * @sd: optional seccomp data to be passed to filters - * @match: stores struct seccomp_filter that resulted in the return value, + * @matches: array of struct seccomp_filter pointers that resulted in the = return value, * unless filter returned SECCOMP_RET_ALLOW, in which case it will * be unchanged. * * Returns valid seccomp BPF response codes. */ static u32 seccomp_run_filters(const struct seccomp_data *sd, - struct seccomp_filter **match) + struct seccomp_filter_matches *matches) { u32 ret =3D SECCOMP_RET_ALLOW; /* Make sure cross-thread synced filter points somewhere sane. */ @@ -425,7 +448,8 @@ static u32 seccomp_run_filters(const struct seccomp_dat= a *sd, =20 if (ACTION_ONLY(cur_ret) < ACTION_ONLY(ret)) { ret =3D cur_ret; - *match =3D f; + matches->n =3D 1; + matches->filters[0] =3D f; } } return ret; @@ -1252,6 +1276,7 @@ static int __seccomp_filter(int this_syscall, const b= ool recheck_after_trace) { u32 filter_ret, action; struct seccomp_data sd; + struct seccomp_filter_matches matches =3D {}; struct seccomp_filter *match =3D NULL; int data; =20 @@ -1263,7 +1288,9 @@ static int __seccomp_filter(int this_syscall, const b= ool recheck_after_trace) =20 populate_seccomp_data(&sd); =20 - filter_ret =3D seccomp_run_filters(&sd, &match); + filter_ret =3D seccomp_run_filters(&sd, &matches); + + match =3D matches.filters[0]; data =3D filter_ret & SECCOMP_RET_DATA; action =3D filter_ret & SECCOMP_RET_ACTION_FULL; =20 --=20 2.43.0