From nobody Mon Feb  9 10:49:59 2026
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B1AA311C16
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:46:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1765457212; cv=none;
 b=hHGYHEjoU5DlrOXvK154I1XXLFabvPjgiTPXAth+xdg6u0KaxltUTBw3BUuucSlg/00JmtywM2nVzghPS3i1YG5av478c5+gFhQb+68VmjUyEV0bcOgJfzF50K878x1h1yx/NyXy/7Dhh/YOHW0TIhijq0IgE0sM33QuX/VAl6w=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1765457212; c=relaxed/simple;
	bh=V4Bvd9VY65MocuCApZ0Pr2bmECNZD3Q72vd97oHmSWc=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=OpKfNNG/Tkhm20nY8KI4YWzlME3xVgYZmosN7yOaPPxCMKr4yPL9EqCn2Rr1UPBmdw9+LlajfY/GSYL3uVDz41rIY5VaDHX8Wz3uptcOyp+mv+5oYT1uskjEpNRDKjGOn+vU2ZULKxNwbhvitS78o+lWqaiANZf/yIA3rhOMZNg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=Vvxz3OgT; arc=none smtp.client-ip=185.125.188.122
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="Vvxz3OgT"
Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com
 [209.85.128.71])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 1D4123FAE8
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:46:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20251003; t=1765457195;
	bh=jrSDM+QC2oL05uTUTk5zoPRDP1WyTidIGQybjJRxrbw=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
	b=Vvxz3OgTL4G08eeyMAbcy3qET/OyFJPM0dQ71xMK4BPRMZOjrXJWZEAWqin2mjaQ4
	 2xnbssqNoqxmCdtw0xT9q/LLsYKjncesRikI43E4aV4p2IrSvl3nghpevSLr6bAniV
	 YvN81F2pGtrGtsqCHS8KGggE5Sp5LbL6pgU4VQ3/9yjxZxUrx4xeRnz1DArFtrKtzl
	 g2ZZeBxauuCSlTN9PwBuvUkaIpIIxXhtkQJ+FYZxa9RKLlVU0qMrQR1iiv/dP7j727
	 U6iBhmOoPu0bbY//FPDTcXv0jNI4pKOFYizNfrC6qXwVS4kQzEQjv6oG6+CM0ppceX
	 wGdOaEeqVVedfZIrBN6FYnfXXXJEYyo1/FAVAWbh+l/8zbH9YEYZfCbVUCPQ8vMcu5
	 5D6uGbXTkA8nGWBAKF7wE5tTkFdA+DZVl6YSKxD/K6WmxZmQY87413/vDNNzeDBZGy
	 nnhk1LJS5cKZj+hJSw5DlbQj86gUsBLdHbOkrNZJ8M51oS7pyodnhUeig35L+zGQOF
	 sJJI6s5by21uRpUjFbNHmKgeM5I+bGvJBoyeIrB2ZmIHmB0JJ/EdpSwHM/vSq3KOiW
	 cnqw7aECWpNOshrAGQUaiAwrFn+Jh4oGTlZ5UhfGSHYNU5TkT4Ca0AcOv8A1qmrv5Q
	 eYSDJAT63p7AXiKky1XPNoMs=
Received: by mail-wm1-f71.google.com with SMTP id
 5b1f17b1804b1-47910af0c8bso246005e9.2
        for <linux-kernel@vger.kernel.org>;
 Thu, 11 Dec 2025 04:46:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1765457189; x=1766061989;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=jrSDM+QC2oL05uTUTk5zoPRDP1WyTidIGQybjJRxrbw=;
        b=V6/F/E1nO7mGo6cbrGiZi/OsmsUq6LQU/yq4vTxLrV2MnbJnXSy2517oqvzS/+SH6l
         jYiUgV/xINeVjW9lrMz16TYiJeT+0sF3vfXYoIQtdBZapRHDer8izbuYvLrDrQ/37f7N
         GrJqpYn4PDw6ucCZYNC0kkD+3c1HW2eGKIP1prBPLP2qUi/IatkrVdcKN2EiOIHVLKgT
         mycMotr1kksPsUFkoiwf+lG2HqlJmz4AxVQm2FXaWeBOyM1xR00LkWotUh6NSW5pKTr3
         3I32OsL+9TgcFsOFyT+TeIBpM7WCTGO9bgVJSJZN/A5b4xjc9owOJlQaUPDgdJjgjPgo
         F0XA==
X-Forwarded-Encrypted: i=1;
 AJvYcCUwFOZpHR+X+cXpkNO+9o1c0x+YkXQ/2NtbiQIWOd0+To+SJeGut73dK4BFgmliX3qnxTH/IG11WJYLDfc=@vger.kernel.org
X-Gm-Message-State: AOJu0YwPasV5MqYN1h0RJWKrayIp3bu/sq79Lf2vAMnGhyG0puMK7SNz
	Vqf2+91glNELePdIBsbURQBNs9g5TYtFonysubwXhSSVeEzm6zM7LKMXbWIO9W8g0eXMY2eLuga
	8cqYpavrGwIbvDTrf3otLvjTGPbthMhxZtbQCxzNC2KDUoDXDFfXyj+yqITfVNjWH50Fvn0KGnN
	8qq3JD2Q==
X-Gm-Gg: AY/fxX53DtAhiZfaLolEO4+k5FsYLeNuq7fnzR8NRa5JPY9/XKPp8DN+fBHAwPtS7F5
	1+y0xSvu0Vg11YaISQttw/8fbwfwPVs+SxDuxi8NOpV96rQilrGFULW2rO8yu5T4yvjErw6/gq/
	WUGg43P5Uaz5f46ld5Zew2zrs8E3nDyoRtBFIebNgh6JiPP1XL8sANe4q04I9FkHDLXKOaUHXKp
	R/redA9b2Vz1QVeiILNEtyYSoXGe3Zr9IwP0eq/Wlql6BZLQJ9ITq0PjQUc+RDeyYzO5r7KdnEE
	+xL/q3+BA0l3lNlp8xqrlhne3GDu1LZcPZ2AoA+yFO+fuhu6TCAAC+uU6871JoIT7bunyqUsCMN
	rzt9cibgksIq8+jfjeCKAMGOnp57QRThOEDL5b5HmS9bh1lhC+MeKG86GrvXhERcJ4Oj5yRJ7Mf
	JjN3tWZJcqD/dANTAUjxqMOug=
X-Received: by 2002:a05:600c:3f0f:b0:475:e09c:960e with SMTP id
 5b1f17b1804b1-47a8384de10mr49558035e9.32.1765457189034;
        Thu, 11 Dec 2025 04:46:29 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IE5tojaC42237Yf2xjU2FYDClwe9vVFbh0RoQL/geLu4bY+08t5sSeeLETO2bhZqgmmEjho1g==
X-Received: by 2002:a05:600c:3f0f:b0:475:e09c:960e with SMTP id
 5b1f17b1804b1-47a8384de10mr49557805e9.32.1765457188637;
        Thu, 11 Dec 2025 04:46:28 -0800 (PST)
Received: from amikhalitsyn.lan
 (p200300cf57022000e6219d5798620e30.dip0.t-ipconnect.de.
 [2003:cf:5702:2000:e621:9d57:9862:e30])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47a89f0d6f2sm32075905e9.13.2025.12.11.04.46.27
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 Dec 2025 04:46:28 -0800 (PST)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: kees@kernel.org
Cc: linux-doc@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Andy Lutomirski <luto@amacapital.net>,
	Will Drewry <wad@chromium.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Shuah Khan <shuah@kernel.org>,
	Aleksa Sarai <cyphar@cyphar.com>,
	Tycho Andersen <tycho@tycho.pizza>,
	Andrei Vagin <avagin@gmail.com>,
	Christian Brauner <brauner@kernel.org>,
	=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>,
	Tycho Andersen <tycho@kernel.org>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Subject: [PATCH v3 1/7] seccomp: remove unused argument from
 seccomp_do_user_notification
Date: Thu, 11 Dec 2025 13:46:05 +0100
Message-ID: <20251211124614.161900-2-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
References: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Remove unused this_syscall argument from seccomp_do_user_notification()
and add kdoc for it.

No functional change intended.

Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Kees Cook <kees@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: Tycho Andersen <tycho@tycho.pizza>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: St=C3=A9phane Graber <stgraber@stgraber.org>
Reviewed-by: Tycho Andersen (AMD) <tycho@kernel.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
 kernel/seccomp.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 25f62867a16d..08476fc0c65b 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1160,8 +1160,18 @@ static bool should_sleep_killable(struct seccomp_fil=
ter *match,
 	return match->wait_killable_recv && n->state >=3D SECCOMP_NOTIFY_SENT;
 }
=20
-static int seccomp_do_user_notification(int this_syscall,
-					struct seccomp_filter *match,
+/**
+ * seccomp_do_user_notification - sends seccomp notification to the usersp=
ace
+ * listener and waits for a reply.
+ * @match: seccomp filter we are notifying
+ * @sd: seccomp data (syscall_nr, args, etc) to be passed to the userspace=
 listener
+ *
+ * Returns
+ *   - -1 on success if userspace provided a reply for the syscall,
+ *   - -1 on interrupted wait,
+ *   - 0  on success if userspace requested to continue the syscall
+ */
+static int seccomp_do_user_notification(struct seccomp_filter *match,
 					const struct seccomp_data *sd)
 {
 	int err;
@@ -1335,7 +1345,7 @@ static int __seccomp_filter(int this_syscall, const b=
ool recheck_after_trace)
 		return 0;
=20
 	case SECCOMP_RET_USER_NOTIF:
-		if (seccomp_do_user_notification(this_syscall, match, &sd))
+		if (seccomp_do_user_notification(match, &sd))
 			goto skip;
=20
 		return 0;
--=20
2.43.0

From nobody Mon Feb  9 10:49:59 2026
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 183FD310630
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:46:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1765457215; cv=none;
 b=Y/011zKzOY4za7zBvkWDGO2tzh05GGocDZhHfHfVBBHd7Hc8wMxxc++nnAVCMVmrW9+5+YWmoCKS8cVC1lV6/VkmhqUCK5x58fP2Pxp715OaTJFamf8Rr26hY5XfJHQJPCc3YBAZ/lVWqTdBOaDgmtlwik+5jUteFlrlIqWTRfI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1765457215; c=relaxed/simple;
	bh=6KuucNCmYJEJthlqizbLKYRuOOM2IhtI+/je8hpv0bo=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=NVwiq4nqwpvXhbQeXBAtS9Ms0aViv3mXXDAQ+bsUV5DG9FSHd7ApiUO62SJ9zPh+zkpbY8wMv4XgoA3JlJ3+nFl5tHs4qMVEf7NAX8MRucVx3gsjndJ/Q12Z+3wSBI2naU7k1Y0UQCac4jBXBG3UxrhHyd6tXu2jNPVOfjZKJC4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=p3vFRHT6; arc=none smtp.client-ip=185.125.188.122
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="p3vFRHT6"
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 2EB263FB53
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:46:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20251003; t=1765457198;
	bh=9029q0TF4+QvRShIrt0P89GGEaSkL/jj07QKm/atjMA=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
	b=p3vFRHT6pTG9opYMlUWWepyqYEuoKzVtf93vKxgZ5wtS8pSAX3Y6U580gFh5d4P/c
	 zfWUOMsXl4Jh2K8vWkuZLaO52ocJvgCpstqGf8J+HFBgtB1bi0/v/3AR+zhM7k01Xf
	 O6YantZN0e3IRxAxyC4qdGwfI1WawCNp6o+5SRznX/XKVkeI56OqcY+h5qo0fw+3ux
	 aNNbH+SG1VnjWzW06H5eToBtxEktV2K8QNtGAxwmt6MgNZPk3B2gkwMAyyzEhnai5l
	 p7g2sLCKCXHURvWrOrDEm4Y1tU9gc1j7WXzmHY7Eq/NFDCEjE9J9sKgxgAGi9mnQ20
	 4dUKJ751cA7tzlWf+h3roKHlnzPU0Bbltqo1i+L05YTRHdVQfyHg+7DT9VSId1z4rB
	 ZKNTPlxWpnxpLnB/PtL9IywBsjTFU9syE0Utah3ScGIlXeeRIWjyRiCR2ahlRmGwxW
	 x+2AJpoSQ4IiItJVPef2DvfuQsmkgavGtLZX48qgnwdCjhfna/2KGtKMu7pM9dsN8y
	 WD30PVYtqG8H0jJSeHRfWyjpxDTtbK+rM7xYgZ7i1D7MSYd00DA/TephaGMcQvWLbs
	 1eSthfen+74CPo8GIGWvphQn79V1WkUjm//tQevHfGWCxTwRZKB/h9lNl6UCC85qit
	 E0CevnM1r04ulq9ZVFNf5T88=
Received: by mail-wm1-f72.google.com with SMTP id
 5b1f17b1804b1-477563e531cso339145e9.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 11 Dec 2025 04:46:38 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1765457191; x=1766061991;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=9029q0TF4+QvRShIrt0P89GGEaSkL/jj07QKm/atjMA=;
        b=DzBFcjFaCGHlOmiPeJJ2m4C6SBT2B30BrIWvav/zkw/E6dduJ2sOmxTU4czoCobm2W
         S83akhXrbuAwov3GwKClxnRhpbZeJCdkTYxFtbxpx0/YDF6L4RfEMN3WrbEayp44H44n
         FmJnh9L0cJr7Bk6twiJRJvxeypcnq8/FRoxGYKqIbjVqBvaqpZ/ftKUwCXnpTeYLZ5Ep
         d3qQo8n3W29rcUbX/0Y62hoOsYAJN3bkwUn2SCXJAG1yc90NIiL+MvvFVr82uGN2TWDM
         6LzEQtqFi9mgxvQnCfHwnNg4Fgcw5aWdNgSv+OBzzRN2IyJ7XKW+pTBB1XSzctbi1Ra+
         j7JA==
X-Gm-Message-State: AOJu0Yw/DGZw4QPS/bXwHslbFSPzafeKrMxzaVv4kAXlSl1EuIkQbSlc
	xVdpM1Lk1z9Snq4lsyR5sj2KV5iGpGeidY0dbMd3hAynLcx/d9diCdUNoz44ehOxc1qLXhYg9sJ
	G8Ta3YXXxEv0qI6ZKrk9AQH48iS/TuHRZxtWwotDS80AIvwxeIYVIZssD+GhLJae2AcOl4WcisE
	sEyqo/jA==
X-Gm-Gg: AY/fxX4gbW6McecUsnmTuwtbhBwZ8WeRKsl9Bt59V14iTZc0QrN6Y4kSExDp+zAeBGt
	bn5pz1nlz/0562Ko1kLQ6hy/MnLhd1SE2hM0sAsNbBdD9HxdigGaAjPJl9+Qf8nyOk3gOPPr84q
	cwTu4ZLGcgsiQwlzWpDLuEaVCXgAs+xzozfNYBdCuNPyXDoa4U12v2V6IoqjJMZUpah81vGjQsZ
	FVvWe57dMNKHzwgr/S2dF5Ji4UOhApG5/TvpRkcLnRyWJy9uv2FQtqQb0P90PEJbhgEPL3wJzMo
	ksz5hIxGkVO20uJfeqbzMyGpodgTEUMS502W84pDZ1mCo4SKdF1o/mfg8i/HIzkEkg3qz3crxXN
	pOIJbOLO4uKrbHEXRhF0dsgA442wo7jVIAsYHM6u33BcNfcuAzloSOTZzLUF+Fal+zLybz4gv7q
	RdhfpfvjQ0Cu6vFjcqmTBWPwE=
X-Received: by 2002:a05:600c:46d2:b0:477:429b:3b93 with SMTP id
 5b1f17b1804b1-47a83843246mr63882485e9.18.1765457191396;
        Thu, 11 Dec 2025 04:46:31 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IEg/NWBqFP8PZGg7SrO25l3GvusNE6lAHCCTsn1k21S2RruQEeBRldmHUjzkwrVchGPiZGKyQ==
X-Received: by 2002:a05:600c:46d2:b0:477:429b:3b93 with SMTP id
 5b1f17b1804b1-47a83843246mr63882145e9.18.1765457191041;
        Thu, 11 Dec 2025 04:46:31 -0800 (PST)
Received: from amikhalitsyn.lan
 (p200300cf57022000e6219d5798620e30.dip0.t-ipconnect.de.
 [2003:cf:5702:2000:e621:9d57:9862:e30])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47a89f0d6f2sm32075905e9.13.2025.12.11.04.46.29
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 Dec 2025 04:46:30 -0800 (PST)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: kees@kernel.org
Cc: linux-kernel@vger.kernel.org,
	Andy Lutomirski <luto@amacapital.net>,
	Will Drewry <wad@chromium.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Shuah Khan <shuah@kernel.org>,
	Aleksa Sarai <cyphar@cyphar.com>,
	Tycho Andersen <tycho@tycho.pizza>,
	Andrei Vagin <avagin@gmail.com>,
	Christian Brauner <brauner@kernel.org>,
	=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Subject: [PATCH v3 2/7] seccomp: use bitfields for boolean flags on
 seccomp_filter struct
Date: Thu, 11 Dec 2025 13:46:06 +0100
Message-ID: <20251211124614.161900-3-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
References: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

No functional change intended.

Cc: linux-kernel@vger.kernel.org
Cc: Kees Cook <kees@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: Tycho Andersen <tycho@tycho.pizza>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: St=C3=A9phane Graber <stgraber@stgraber.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
 kernel/seccomp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 08476fc0c65b..236c96276405 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -224,8 +224,8 @@ static inline void seccomp_cache_prepare(struct seccomp=
_filter *sfilter)
 struct seccomp_filter {
 	refcount_t refs;
 	refcount_t users;
-	bool log;
-	bool wait_killable_recv;
+	bool log : 1;
+	bool wait_killable_recv : 1;
 	struct action_cache cache;
 	struct seccomp_filter *prev;
 	struct bpf_prog *prog;
--=20
2.43.0

From nobody Mon Feb  9 10:49:59 2026
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9383D31197B
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:46:45 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.123
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1765457207; cv=none;
 b=cgPO+4SC68EOSTZarf1WY8zfHkWDLKOVAi1O33UAxk78uRvTIKuC4Ho+86JN8jwKJyBCSZX44JUjXZI1DnsSPt9dFhOsyO68x3iOq9BJTu76zPiLZPucO0EK9CuEZ/T1suIHlrgMH1O8D6IxXp/hqMdVwIOPyyT3+YRxGK/4Q+c=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1765457207; c=relaxed/simple;
	bh=EZiCPSJuK4oVfAbbPOCBKjiRkTaTv/A1KA/bG0Sdbns=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=gFd8v9E2fjLXWPLmFzQVZLqmstkYZ0QkGtKtAcK31bPotBpvWtrD+6mOywBn5BjAEdKgLoLmoJ4f0BgLoGqu0aV3hFgDVWeR2OidXcSv3MA0JpzBSekrW5BtM6/HcYzdVYlGAArvSuelECj47clAMGBrZvZbu+j0fLBY06eWA3s=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=muvHLCiJ; arc=none smtp.client-ip=185.125.188.123
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="muvHLCiJ"
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com
 [209.85.128.69])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 4E5F23F7C4
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:46:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20251003; t=1765457195;
	bh=iHbyopAOI+NWvW+EHgfz5l2lV40a/3UJY68KfPVlzLc=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
	b=muvHLCiJliX/BAE0zOvCqqs4TR5OHv4aOVNWj9EIABfGNWfsBedug2RkaBZEtvseL
	 xy7lqPhnmfjLnYAJ4rWa7hCu/iApidgY35zXsm6JRTf4QpDBgC2icHD8dcS1jaEhKn
	 JNMLF1BGScu6/S4SWskTny0//iPABaepkDo1/03heRNOfse7FYlgqmJS0Yq7aSDHew
	 NN2YFbicloZAv9eXeVxwL812FYaM73j3Sl54AFbFWFOkke0hiiULgNWdmSY/skGDss
	 R9TiymLaTmfAbJRuO9xwUcICjQzV9Vr/DAf09xLyGbk4BJp5oqFt82DNabEUmJotz1
	 iuD3eqMTJdUzx9uWgGQGd41vh2lhnisnx7feE0+adJANpHtQMslykbDoC3xLQQGHI4
	 5bizlwV5AQ0u/fHyNO8ZZFj8oFdNbptPs+X9rMe73ANDFD7bOk8ouys8oAOb40Le3H
	 VPl+4McB3wv0ebKm7SCVXHnSVA6pXfvGRibY6Fih3UbcKPldoGzsxSJw5Mh19/mJQ5
	 6JLKM63B2PkXGZ5hNNaaRI75VhA9dJTviuiVCukSpcNSKRiBoZ0l+ByoOvvK//huPI
	 ip40lZ6uiWlsYwndMCtIXPajKwV82hh/7KtZV49s5nOB/59i/biIbdtyANdmREL67m
	 j6ZQ2fQA8KHyAC9v7QcrLVU8=
Received: by mail-wm1-f69.google.com with SMTP id
 5b1f17b1804b1-4779b432aecso410865e9.0
        for <linux-kernel@vger.kernel.org>;
 Thu, 11 Dec 2025 04:46:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1765457193; x=1766061993;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=iHbyopAOI+NWvW+EHgfz5l2lV40a/3UJY68KfPVlzLc=;
        b=czKBcBzKyOS9VPoMqr5+i1UbZPTZ+R/eUBvCZVouL7PCeEOQRr07q/6HiUtiip1kS3
         OrgdFD/Pn9LJWuSkBEaO6aZyvlL08ZdT+idlYqimSI0SYWApMWpA9k4blFOreBfiY3Y5
         bnsQUmiJCjMN1tWIKYWhA06Xw4n8YI0kvoodQsh+EEVgvaTCX86UNiCQy9gY0zav/UrB
         /iNbDIpnmVBjJCBpu4THxaGb7tLKhk1ABa6NchFLt5fGfeuhWLYwfYz3qN9ioj36c7nh
         +cjo+UjYY2SHNy+TUwzFI/hHBjlejpii9OXFPzJaAzZEUwLD3hpe9xYipRJrD+3mIRQ3
         ImSg==
X-Gm-Message-State: AOJu0YxI+6xQQKiYpXd3pzLcXkZuCi5vZVP/1SA921JZxhZDougawftU
	nDMfrHGJXB1uljgjqsEFRJkEcPeDtB60M+Be1Zuk8fOHoGQcco+6MpyZtMUG/xc2H42JVJa93Rw
	+N74xoYhieV69+E7bs5WtpYBXA5zkkLHn/V7nD8W7C2+Wme0VcP2GIcew4F4sBTNsp0+KJNdKeH
	k80kwI0w==
X-Gm-Gg: AY/fxX75JTFbxxfJt0OiP/7xFbh8WMNhVvF53wPAS3Isjl+2sDNUZIdKkMps4qsbPqE
	MjgENG3rttVQ8iJ7XemSC/nRZse2xu89N7IIdT1AGgLAPkr50/se9EHU3R+auTa1FeH6XbP6+58
	TCJCoKQuc+mTC3ZvbUMfKVZQqx+z7VMAJ2942eKXxud30ROoX2NvfyQc3/Pnxm3NC6Lr7X92uXO
	hG+gyAWxE5boQVL8aiIYYRTCuYlK6nTAhOYkXjAFSzXuBaGb8SAleZ1jsWty5fjmhbmyAH5vo0k
	IyuCMpuClkeD77q7seVwXQgQ/jvzwAyEz0oPbLfFjKJvCJNfikKpJl82G7sn6Lqovx7NBUiqy6X
	0COlWdMcfQurrqnBIYh6RjdnQGJQkgf2Vf5YuhhaKf4qi7mxVsX1nltcJLfgLJ6t46yA+Hvo2JR
	xX4cQCqpECABLhjyuBrMlfV+8=
X-Received: by 2002:a05:600c:46cf:b0:47a:829a:ebb with SMTP id
 5b1f17b1804b1-47a8383c856mr56885145e9.19.1765457193353;
        Thu, 11 Dec 2025 04:46:33 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IGmo747NS+j0QPgE3+eD7j60RJhIJRntVCR8fX9XG5pZafDi/eqGoZNz9kU6HvP3lQN8t6YSA==
X-Received: by 2002:a05:600c:46cf:b0:47a:829a:ebb with SMTP id
 5b1f17b1804b1-47a8383c856mr56884765e9.19.1765457192955;
        Thu, 11 Dec 2025 04:46:32 -0800 (PST)
Received: from amikhalitsyn.lan
 (p200300cf57022000e6219d5798620e30.dip0.t-ipconnect.de.
 [2003:cf:5702:2000:e621:9d57:9862:e30])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47a89f0d6f2sm32075905e9.13.2025.12.11.04.46.32
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 Dec 2025 04:46:32 -0800 (PST)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: kees@kernel.org
Cc: linux-kernel@vger.kernel.org,
	Andy Lutomirski <luto@amacapital.net>,
	Will Drewry <wad@chromium.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Shuah Khan <shuah@kernel.org>,
	Aleksa Sarai <cyphar@cyphar.com>,
	Tycho Andersen <tycho@tycho.pizza>,
	Andrei Vagin <avagin@gmail.com>,
	Christian Brauner <brauner@kernel.org>,
	=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Subject: [PATCH v3 3/7] seccomp: keep track of seccomp filters with closed
 listeners
Date: Thu, 11 Dec 2025 13:46:07 +0100
Message-ID: <20251211124614.161900-4-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
References: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Let's distinguish seccomp filters with closed listener
vs seccomp filters which never had listener.

We can easily do this by using the same ->notif pointer
field with help of IS_ERR_OR_NULL().

No functional change intended.

Cc: linux-kernel@vger.kernel.org
Cc: Kees Cook <kees@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: Tycho Andersen <tycho@tycho.pizza>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: St=C3=A9phane Graber <stgraber@stgraber.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Reviewed-by: Aleksa Sarai <cyphar@cyphar.com>
---
 kernel/seccomp.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 236c96276405..89ae81f06743 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1182,7 +1182,7 @@ static int seccomp_do_user_notification(struct seccom=
p_filter *match,
=20
 	mutex_lock(&match->notify_lock);
 	err =3D -ENOSYS;
-	if (!match->notif)
+	if (IS_ERR_OR_NULL(match->notif))
 		goto out;
=20
 	n.task =3D current;
@@ -1252,7 +1252,7 @@ static int seccomp_do_user_notification(struct seccom=
p_filter *match,
 	 * *reattach* to a notifier right now. If one is added, we'll need to
 	 * keep track of the notif itself and make sure they match here.
 	 */
-	if (match->notif)
+	if (!IS_ERR_OR_NULL(match->notif))
 		list_del(&n.list);
 out:
 	mutex_unlock(&match->notify_lock);
@@ -1460,8 +1460,14 @@ static long seccomp_set_mode_strict(void)
 #ifdef CONFIG_SECCOMP_FILTER
 static void seccomp_notify_free(struct seccomp_filter *filter)
 {
-	kfree(filter->notif);
-	filter->notif =3D NULL;
+	if (!IS_ERR_OR_NULL(filter->notif))
+		kfree(filter->notif);
+
+	/*
+	 * We want to know if a filter never had a notify fd,
+	 * or it is just been closed at some point.
+	 */
+	filter->notif =3D ERR_PTR(-ENOTCONN);
 }
=20
 static void seccomp_notify_detach(struct seccomp_filter *filter)
@@ -1943,7 +1949,7 @@ static bool has_duplicate_listener(struct seccomp_fil=
ter *new_child)
 	if (!new_child->notif)
 		return false;
 	for (cur =3D current->seccomp.filter; cur; cur =3D cur->prev) {
-		if (cur->notif)
+		if (!IS_ERR_OR_NULL(cur->notif))
 			return true;
 	}
=20
--=20
2.43.0

From nobody Mon Feb  9 10:49:59 2026
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 30DC5311C13
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:46:53 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.123
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1765457216; cv=none;
 b=HdN16XX8i4rjFjHHAHgdi1c5i/Qv8ASAl3q3pmZQrjbeN47cthiDZvQ2NGNVFIJePLSh0kIxuN7ppnu62+ZDtHCMyXB0bu9TClmbfYLWnidyzSL6n7vszrRuLmvww3Z/7C/sK6TvV5Mt00+LqAGbx38vkWeSaghMHX87yAw2f+c=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1765457216; c=relaxed/simple;
	bh=KlnlyD3GULaarSpQawO7uLrMOMtNq2Im5xzf3rc9j7Q=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=f+EJpFaTAU10VMauGd/2Q9OpWFJzsBPaEFsFjcxn924FwtIh1VCmJ5mSSFSqj10RDKHUT5FNfKrdg/b/jPwSLux6BKa/k6ikkdzdmc90DwSgdBELRpNKQaW3/MKEQZVajNVrE6YvACG3XwbUJdiAu4nj7H8AzDDSd1m43+lqkv8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=WUlOXpqz; arc=none smtp.client-ip=185.125.188.123
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="WUlOXpqz"
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com
 [209.85.128.69])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id E7C153F7C5
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:46:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20251003; t=1765457195;
	bh=I5FQi0ANvMyxYUi59ipfg7QnXBeGhk5Egxi4bOQoBQI=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
	b=WUlOXpqz1FpZoNQyjbeds5JsACHxfzEHieL3rcLo7Vsefv1AJOoknhL83qg9zPTaI
	 yb2BUeo1W40jdb8g+zm4lglK71s54TSpnVx9/LFj5lpj+KzT62DjkG9E1cC/2tAUC6
	 /zWnqnGUMzV6Ro598UikkGjhYToZg5dARyfKNN/tdOLxo2SOFV0txq6sNXWGm6jxwg
	 npWz+FSX/LWI22VatoG+xgzk4o8Z1bpKWeo+Nteobzqng0sTMmoR3xwWwxiMZ+AhBE
	 V2IRe3JS3R95n/GMarHssqp6MT405gWWwR2S6Uwuji2AGT41NdFcxkFPe4lf9sznSd
	 cJBcHQfH7/w6hzYMUDdAsTC6yieN/hVJfagtq8P+i9i9DvZ6nugUdcm3XreN3TeSii
	 ZT2cfFSENTQOPXUTrb3EXoc0xqUpSMOXFM9DHT9xFZbjpPgpD6lZEO+aKmfbq0p2u9
	 z4O9id/Z8eWgU8C555DESalVFrWo/onm5I3LbuNFm6iVCNkZjdVxU3DHngUOU6a9AY
	 HVossvJdnomNjW2oP3UDJ0rhmkS1gN1pvKcesy2NGoGiBWhVvnt9LTNIvPVQ5+QzFv
	 HQvysdsclcsHG657EHa3YWSZo+J9oo4pLDw/ixnPEUaV9ThzUP3iJlOyoGqZCI83ja
	 ZTYexyRga/izmV3P1l4Va5rQ=
Received: by mail-wm1-f69.google.com with SMTP id
 5b1f17b1804b1-477a11d9e67so233365e9.2
        for <linux-kernel@vger.kernel.org>;
 Thu, 11 Dec 2025 04:46:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1765457195; x=1766061995;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=I5FQi0ANvMyxYUi59ipfg7QnXBeGhk5Egxi4bOQoBQI=;
        b=iZLdGeCLgwuslO1WMPZ/v5JSsU/rotcdN+QZCIwaye4kFGZmwpJL7ZxIrZP6ue2VSR
         kq2SGka2p+bIoNTHsz8lWS0kzzZH0nIlhJ0zrt1qXNkfpgo9G7Aw+SCWWW0c8QIxwrVf
         sLpwg7D55ZjczWBgtXlc2OLCsk9LnX7ifHDznvQ+j70/FXb0CbEIroPQgZ3zaD12hi+u
         18bgQTEoYGMZwokEBLOqBdNxc/d/Hr5EQ2kJHr7Lc8b9imo2a0fq75B7/9tqwLbe4peJ
         6iHcTG5gT9Wdcept9kXZ0UyDTrh0KP7qGYaO96Iy7WNDjq9TdAO45eYJ0SAtUmAQrP5E
         umrg==
X-Forwarded-Encrypted: i=1;
 AJvYcCU6mpBGTLyyqiOnyhD4GawQ4yZFtWesvLA/uha7Cav4zv0cTP00rU8mnfHdth1dNoEOgqQecPfsTqvkeFY=@vger.kernel.org
X-Gm-Message-State: AOJu0YzN1htI09gs/9V4noeRo1QonXugSuZnER/H/mGZ1j0AoWb78JLw
	TprU01bgW5m39z1Z0zf0xjPPmc4LBrhM+eBgQ9E0B0Y+cpXAns0g5oi1NO2825+up3ahaZgfsJI
	LO+2NF11nKoRVPi5EsGS6giTYKNSI6eQGcshc2boJrfJZXU6ktsyi17UccCpYXsFpKsFYnZMp0W
	wuBQBUfg==
X-Gm-Gg: AY/fxX4N2F3zzx69I7kM5Pj40sPfSoM/XnCQDptdVWqwo+4qD4d/BVMPU3fRknujyHA
	J33VRLaoNNzzqs6YNeqLbWC/imbfZ8hpehp5v65xKJHh/cVow+3dBs7su2d32lRwEVE54mJMyO7
	XNrpGjIMk0bndWr/a1PtMbYz8E5nw14T/dLOTvbnoQxih87EjDbppZpzXphLokDV+Ricg0UC1EA
	JAfxjQzAvlyxkk8b+/tsuuGbyZx+zDnTvndnnTMwxwbM9CMlo+NRxNvRM+hn4qRAZu1P3Yc/u+7
	rCJmEVc0Lz7p9bhA/BgxjFfIq6Yie9xQdJi9KrtwueH7zW+JVvvH3FZdsUiIKcakZ4jPgYrHu54
	ggyzaTCHWJckslDT1KPsFYDzSrJvkvshSFOJtBDLw4Ohvkolv0Rex5GVbMpLQg41K7lMsmi3d0D
	YW+g95kX7o8m8qQwcjy9YHMOs=
X-Received: by 2002:a05:600c:b8a:b0:477:8b2e:aa7d with SMTP id
 5b1f17b1804b1-47a83847b05mr64907235e9.30.1765457195239;
        Thu, 11 Dec 2025 04:46:35 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IE04Bu9T9811Vk3v7Uu4T4rO8U+ertcr5E4wLm6pw5TUxW8Cj3giRIH0Ltz2lCx55IZNIR5JA==
X-Received: by 2002:a05:600c:b8a:b0:477:8b2e:aa7d with SMTP id
 5b1f17b1804b1-47a83847b05mr64906845e9.30.1765457194787;
        Thu, 11 Dec 2025 04:46:34 -0800 (PST)
Received: from amikhalitsyn.lan
 (p200300cf57022000e6219d5798620e30.dip0.t-ipconnect.de.
 [2003:cf:5702:2000:e621:9d57:9862:e30])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47a89f0d6f2sm32075905e9.13.2025.12.11.04.46.33
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 Dec 2025 04:46:34 -0800 (PST)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: kees@kernel.org
Cc: linux-doc@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Andy Lutomirski <luto@amacapital.net>,
	Will Drewry <wad@chromium.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Shuah Khan <shuah@kernel.org>,
	Aleksa Sarai <cyphar@cyphar.com>,
	Tycho Andersen <tycho@tycho.pizza>,
	Andrei Vagin <avagin@gmail.com>,
	Christian Brauner <brauner@kernel.org>,
	=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Subject: [PATCH v3 4/7] seccomp: mark first listener in the tree
Date: Thu, 11 Dec 2025 13:46:08 +0100
Message-ID: <20251211124614.161900-5-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
References: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Let's note if listener was a first one installed in the seccomp
filters tree. We will need this information to retain old
quirk behavior (as before seccomp nesting introduced).

Also, rename has_duplicate_listener() to check_duplicate_listener(),
cause now this function is not read-only, but also modifies a state
of a new_child seccomp_filter.

No functional change intended at this point.

Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Kees Cook <kees@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: Tycho Andersen <tycho@tycho.pizza>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: St=C3=A9phane Graber <stgraber@stgraber.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
 kernel/seccomp.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 89ae81f06743..1a139f9ef39b 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -205,6 +205,7 @@ static inline void seccomp_cache_prepare(struct seccomp=
_filter *sfilter)
  * @log: true if all actions except for SECCOMP_RET_ALLOW should be logged
  * @wait_killable_recv: Put notifying process in killable state once the
  *			notification is received by the userspace listener.
+ * @first_listener: true if this is the first seccomp listener installed i=
n the tree.
  * @prev: points to a previously installed, or inherited, filter
  * @prog: the BPF program to evaluate
  * @notif: the struct that holds all notification related information
@@ -226,6 +227,7 @@ struct seccomp_filter {
 	refcount_t users;
 	bool log : 1;
 	bool wait_killable_recv : 1;
+	bool first_listener : 1;
 	struct action_cache cache;
 	struct seccomp_filter *prev;
 	struct bpf_prog *prog;
@@ -1939,7 +1941,7 @@ static struct file *init_listener(struct seccomp_filt=
er *filter)
  * Note that @new_child is not hooked up to its parent at this point yet, =
so
  * we use current->seccomp.filter.
  */
-static bool has_duplicate_listener(struct seccomp_filter *new_child)
+static bool check_duplicate_listener(struct seccomp_filter *new_child)
 {
 	struct seccomp_filter *cur;
=20
@@ -1953,6 +1955,8 @@ static bool has_duplicate_listener(struct seccomp_fil=
ter *new_child)
 			return true;
 	}
=20
+	/* Mark first listener in the tree. */
+	new_child->first_listener =3D true;
 	return false;
 }
=20
@@ -2035,7 +2039,7 @@ static long seccomp_set_mode_filter(unsigned int flag=
s,
 	if (!seccomp_may_assign_mode(seccomp_mode))
 		goto out;
=20
-	if (has_duplicate_listener(prepared)) {
+	if (check_duplicate_listener(prepared)) {
 		ret =3D -EBUSY;
 		goto out;
 	}
--=20
2.43.0

From nobody Mon Feb  9 10:49:59 2026
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B38D3311C07
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:47:15 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1765457237; cv=none;
 b=q5QTqFOStXTLIQUjq7v0e2atoxHf3XfOK4nWjZ3ISru//6ueyYwOuYNw8+H2ybJn2p9dw6GsXsUBGVqMfIh+MQs+QLu0F3bgCrOoRxbOfS6JxGG1vAvd9RXXaM2wnicv86W95PvXe1fMprG8UXixOqh0TfeVqsOZzfEmhnVde7Y=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1765457237; c=relaxed/simple;
	bh=M8eRqkgPgBxM8ofhzKDpQ/IEnkN/a4YJtGuQ31KbvR8=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=jvAhcBB2d1Uq8UA1jNENMU9s+N2w7YqJoqGO2AEOfx84vMDILZVITtVjzTp6N755P0pOPmSIJunEUherc0ymXaqYEq06tkl7i5yqrWDfHJZxhZTbIT2m0NsYMYwv3VZGsmnRpgjogDIPqR4GuPZb59LiaYKcfdWLQ2nf1XrCd84=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=sRRmFPEJ; arc=none smtp.client-ip=185.125.188.122
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="sRRmFPEJ"
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com
 [209.85.128.69])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 4274F3FB52
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:46:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20251003; t=1765457213;
	bh=+VWHdEQoNsPgcwFXeNNGXSus+9dIrvpb6PWtF/9Odxg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
	b=sRRmFPEJQQ+kSBCC7dIjAdfx3GFFJKyahXHVCzgBHxFEqJAmIbmDCChphnH8YM7SQ
	 Quyxf8yOKRNCwejQ5Q0VXN9CqEJgHb1Wob9ne0abTlA6wj032bv/hLB/SeSoDhH/yU
	 v72ufN4V6lHpMR0n66LiMB9YWP6i/Wl1wqwSP96GI7EGb09Lt/lmRicG253G0iMaTq
	 jMHboEL+rBqn7dUd8aLsiWJSL/I/tGLxeryCmqjMZgW2vUHutq6zDkzXC0gr4RlwK0
	 6FHPHzSOnMvr044Rs/WONCbDtRyLvZhPjs0BKOlo2/nBlxe5RLkwJPCH1O1OndEhDP
	 /j6CptyO66fb6ZCPi6N7OYpxhtA0bXI1gQyGVhT6VnrUXij4KiQnyPzSFluVO1ssPE
	 A49mdLs0v1nRkg8XuLKHBCAuYZf1ZIw1R2FkQd+E3B6PSO3B92EN5h/4VF86Tpn+dR
	 bqY7FJT4RBoqNh7adoZSvZoIX/swr11SsdTQZTenERWYhNLTeWo7K1g5HV1KL52WdB
	 pfluVfML/s+VzH67REGKgfPBSjrtWLoadGnFGl7X4tVdngKJIwsGfCRIr3e/qDxPo2
	 JiS6cQio3ZJykw+rx4DOcap8YHDxrKKKociog2i1+LA0QSHOkdLRbJmPM5p/tAUFjm
	 /wIdk87gqwzBRXSJkaZVOTSs=
Received: by mail-wm1-f69.google.com with SMTP id
 5b1f17b1804b1-4779981523fso445375e9.2
        for <linux-kernel@vger.kernel.org>;
 Thu, 11 Dec 2025 04:46:53 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1765457198; x=1766061998;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=+VWHdEQoNsPgcwFXeNNGXSus+9dIrvpb6PWtF/9Odxg=;
        b=KYDEklob6kPZDwuko1WGbf8VeOSq9XZa2/vrLKfTd39zLxhSh8j9Is8zSr9INz1Gfl
         sLRo4jHsEkFcYAXLu687XRAsAo/fmgZTd7cqcvR2p/uSbvANNVa+v3zvTWAWgIYTG7G2
         0rTmVv1duI74msrd5dod0rOP1+GcDZR4uxQxjYYU3Io0ahBs7URFNY9Q/V82cj/OQZSA
         p9ngHCNztJMk3UwhhTbXszqsYKToTEkHYVL5IiZrlBtbx69iWhMShnqkpUGg3R1MDAbP
         gPeiM4edv4mpF1sVyzNfQ6VVORhyqayMlhTPqaTFQAIjdXnoplViQeIK9vaIeOlTLZiS
         v6rw==
X-Gm-Message-State: AOJu0YyeDf9QxytiJlD4gtXJn3mIkTuKXLeWjbZW1LAjAeyiamkTnutW
	r+X8GSLNl/YyxPoZr7CoxR5SerO/zdYPYO8Tco8grbgvKvzcbM1cDSngKTrooEka/YzBQ8PY2VC
	6x0bwUqZI4kiRg07vBH2GMpnxAlFXhr5SNgP+eJ5ZYLB6FuTiIAnHnRKarFVNqHWIIVJZWLk6Db
	7bmXbLbg==
X-Gm-Gg: AY/fxX4YJImUeTd6d3hwD10ulNDId/lrmUOxN7DHIb2fTSAImcxz1f8BhjKOX9UE+b2
	M8s2PYl6bJqKcpdWaDUikqkb5fHmb/ZvpJyOAi7FBmL50nkWdKE8uXcQEJ3WmC8+pnTXPGUaFnF
	gR1iGclugal8bbpgvZDsUgBEQUBzpZmTNln26H9i99XACgJgB22N9mNcUFQySV/ZeFxv5y1tZ17
	EELsgMMsM+JuZf7W0uAZgacgIBcCNBIhWpW90+RTR5mnpiwhQWHeavgf+tCh7B4udd1rgx1KoS0
	lAZrxdor0QVWUhPZZP83mVzoDKXSvZYx4aAaaDDZGKFFugkS8P0+aMXDajnvoU0+NCynpsikEA9
	QuROamdoIY/gWrIq5E793jsyq64tbU2+UurkZgevgc9kMBG/DeKhiQMpb4EMWevFVvbv56xQlba
	PyAlBrkls9UgZCq7Ghjucq7bI=
X-Received: by 2002:a05:600c:8b73:b0:477:b642:9dbf with SMTP id
 5b1f17b1804b1-47a8379c99bmr57493685e9.32.1765457197848;
        Thu, 11 Dec 2025 04:46:37 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IGW5OJd4vXzfsiWREO4WnOPxV8GVFlOiBDlk4Bt0lWdwH50jp6/D3VvS3x72AqyIflrh1rrcA==
X-Received: by 2002:a05:600c:8b73:b0:477:b642:9dbf with SMTP id
 5b1f17b1804b1-47a8379c99bmr57493275e9.32.1765457197424;
        Thu, 11 Dec 2025 04:46:37 -0800 (PST)
Received: from amikhalitsyn.lan
 (p200300cf57022000e6219d5798620e30.dip0.t-ipconnect.de.
 [2003:cf:5702:2000:e621:9d57:9862:e30])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47a89f0d6f2sm32075905e9.13.2025.12.11.04.46.35
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 Dec 2025 04:46:37 -0800 (PST)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: kees@kernel.org
Cc: linux-kernel@vger.kernel.org,
	bpf@vger.kernel.org,
	Andy Lutomirski <luto@amacapital.net>,
	Will Drewry <wad@chromium.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Shuah Khan <shuah@kernel.org>,
	Aleksa Sarai <cyphar@cyphar.com>,
	Tycho Andersen <tycho@tycho.pizza>,
	Andrei Vagin <avagin@gmail.com>,
	Christian Brauner <brauner@kernel.org>,
	=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Subject: [PATCH v3 5/7] seccomp: handle multiple listeners case
Date: Thu, 11 Dec 2025 13:46:09 +0100
Message-ID: <20251211124614.161900-6-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
References: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

If we have more than one listener in the tree and lower listener
wants us to continue syscall (SECCOMP_USER_NOTIF_FLAG_CONTINUE)
we must consult with upper listeners first, otherwise it is a
clear seccomp restrictions bypass scenario.

Cc: linux-kernel@vger.kernel.org
Cc: bpf@vger.kernel.org
Cc: Kees Cook <kees@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: Tycho Andersen <tycho@tycho.pizza>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: St=C3=A9phane Graber <stgraber@stgraber.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
 kernel/seccomp.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 64 insertions(+), 1 deletion(-)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 1a139f9ef39b..51d0d8adaffb 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1268,6 +1268,69 @@ static int seccomp_do_user_notification(struct secco=
mp_filter *match,
 	return -1;
 }
=20
+/**
+ * seccomp_do_user_notifications - sends seccomp notifications to the user=
space
+ * taking into account multiple filters with listeners.
+ * @match: seccomp filter we are notifying first
+ * @sd: seccomp data (syscall_nr, args, etc) to be passed to the userspace=
 listener
+ *
+ * Returns
+ *   - -1 on success if userspace provided a reply for the syscall,
+ *   - -1 on interrupted wait,
+ *   - 0  on success if userspace requested to continue the syscall
+ */
+static int seccomp_do_user_notifications(struct seccomp_filter *f,
+					 const struct seccomp_data *sd)
+{
+	if (seccomp_do_user_notification(f, sd))
+		goto syscall_skip;
+
+	/*
+	 * This check is needed to keep an old behavior where the first
+	 * (and only) listener decides what to do with the syscall.
+	 * Note, that even if some of the upper-level filters have
+	 * returned SECCOMP_RET_USER_NOTIF (but have no listener fd!),
+	 * we must ignore them in this case.
+	 * This is how it worked before nested listeners were introduced.
+	 */
+	if (f->first_listener)
+		goto syscall_continue;
+
+	/*
+	 * If userspace wants us to skip this syscall, do so.
+	 * But if userspace wants to continue syscall, we
+	 * must consult with the upper-level filters listeners
+	 * and act accordingly.
+	 */
+	for (f =3D f->prev; f; f =3D f->prev) {
+		u32 cur_ret;
+
+		/*
+		 * We only interested in listeners, no matter if notify fd
+		 * is closed or not.
+		 */
+		if (!f->notif)
+			continue;
+
+		cur_ret =3D bpf_prog_run_pin_on_cpu(f->prog, sd);
+		if (ACTION_ONLY(cur_ret) !=3D SECCOMP_RET_USER_NOTIF)
+			continue;
+
+		if (seccomp_do_user_notification(f, sd))
+			goto syscall_skip;
+
+		if (f->first_listener)
+			break;
+	}
+
+syscall_continue:
+	/* continue syscall */
+	return 0;
+
+syscall_skip:
+	return -1;
+}
+
 static int __seccomp_filter(int this_syscall, const bool recheck_after_tra=
ce)
 {
 	u32 filter_ret, action;
@@ -1347,7 +1410,7 @@ static int __seccomp_filter(int this_syscall, const b=
ool recheck_after_trace)
 		return 0;
=20
 	case SECCOMP_RET_USER_NOTIF:
-		if (seccomp_do_user_notification(match, &sd))
+		if (seccomp_do_user_notifications(match, &sd))
 			goto skip;
=20
 		return 0;
--=20
2.43.0

From nobody Mon Feb  9 10:49:59 2026
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id F419F311C20
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:47:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1765457251; cv=none;
 b=cfhzop5tjniBV6cLv8DztnHGJXyNUfaze+5wEe6EPbhkfEGnNAIszipHUYfoZk2qoT/KolNrsSfzH4Jqmvv5xkZZ0/BxXTrwG7lRSNVc2zNm2r2hiWmakEwbqDglDWVEXGPhFgLN49DGIs+6HN9dj2n3cY9zz3GuavHza+XwR0M=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1765457251; c=relaxed/simple;
	bh=3qmycWVGwa0fleVcc4GLQW2Fzgtj2dBXk0K8XPFPQCQ=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=BoDNpS1b1jlgbORv3kotNanE0ztoKESLRvfnHsu5AUZ1dyEZcUydEJPb4Owf+4+iz1NLmEk1djXIy8bd+IV6j8gmbGQLANwqjD+sHyhSSaSAy2RWS8ZozQjNr8fXWLruOC9V/i/IjJCOgNi6Jur5Mokj7l+yaxkIymMHkdM/FwM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=lkLVo8aB; arc=none smtp.client-ip=185.125.188.122
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="lkLVo8aB"
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 354153FB5F
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:47:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20251003; t=1765457221;
	bh=suV39gaCYkEDANhyygJAMBI3GGjztJlbBT8FfCj6jaQ=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
	b=lkLVo8aB/t8fCNGuhkC73TT6SnnVMZn2HIqU5VxR6RN97mukJwSUROiCp67kemnOY
	 dtQ+j+WGo+4wh8YHtcVDxwmI6Nce/GspcQfGJbEDWADJ+mghIjTvsNo2b7RV+GGKrU
	 BlhWTn3kyUPcLujwTJHsertOzeHMYNB8oHp7i4S9NM7GP4Loepd2xOceMZbEUdv8v0
	 Tv5CZuCJ9PNnZf+V5zPk7Ys2ksnC+VxmQDpSlO0prBEOoQG9sstMaRNi2ugFs68Mh4
	 vzGBQOhnFrvBrOV+/qwvGQe9yU+YwQBzsLhkv52wl+vj5uoLRAa1GDlb4KtA5qXbrW
	 ES64yoCZ13KCVdiad1l9XMNgU5undGcqiMkNdROtsC0tFEugqVxVyFyv8HPPUZNKHO
	 Bpb7mCrH2uEBGz7kdSK+KAYpqKOCdvC2yFFWxnFJ9odeYcNrG3+xW/nSFYod0vaFw3
	 ZfMJDYs2TvJMWtbR2u8iTBqhQTDHPg8tEYp+ybTIT1KkNQ3aO+ue+nQgmSbpKcg19Z
	 2MAXybug7uVziq2afUVJhF/+H/Pmy2akTRvJMLh7DWr1CI9gOW6Ov6lcEjLRTKjgt5
	 rEhzutxvz4igOv+055kjS/18BR/Y8jxwP3UCWzaSwrSH7i4ANZRTNnCjk6HAfkS9uG
	 lQSdj1XQ9m0FuVt5f/Cf1KQA=
Received: by mail-wm1-f72.google.com with SMTP id
 5b1f17b1804b1-47775585257so365045e9.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 11 Dec 2025 04:47:01 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1765457201; x=1766062001;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=suV39gaCYkEDANhyygJAMBI3GGjztJlbBT8FfCj6jaQ=;
        b=sCnp/QZzh8Re+PQp2srDkmrn5MlKqmcQV3LvxIIsnH1k5Juf1QqtElp7uSQ3/hg5EA
         hSHJ+Unj6sYNZnxkhWlOSZx4mSNzh3z+U2fZb5F/5ZJPsqljM3U5ZTvRRgtXBHgXcb6i
         GVAqoeHZnM4sVDo6A2aQXbKyQ3WhZa6WZHSqnynsbDz130XgU90oCxSmDoLYlude6UQf
         g1egeMXrTpFXBRWge6i/kE+CufJiRHpPlGYnIal5S3fjmmY9od4uXOlEKr/DSFRsJApx
         6Grjfuwoa/ejmQqB131qL+gwOukrnppPzGj0s9dZv/jLTj4Z8WdI2pVt/n9Y6D1TC66T
         kCLg==
X-Forwarded-Encrypted: i=1;
 AJvYcCWIpIrhh8ztyyslzDRYM2OZH6dtdM+E5f4xluWdFJeaf3X8il2G/YmOh48mmdAq4koB0TBoA4lwlNlw/94=@vger.kernel.org
X-Gm-Message-State: AOJu0Yz9apz8nWurN4Vj1eQYBCkuMqsGftgoY/xjN+U947i0SMC0MIkO
	9nT2xP6chp0tmEfHeg9nOUTNyXwTWrsMuntdn7Vj2rmFzLT/4cbtH3TXYmtFGJY4R6Z5H78q7Gw
	YF2Z6rRj61ANDsSAo/OFM941I9qWSLkVMFHyMekDYdxp7OFW8xc4BthW/nFCIp/WRbiwqy0U1M3
	SmlDaUeg==
X-Gm-Gg: AY/fxX76dOGyJ1CPFYeM8yd3wsZzcXi8faD43gBdBHipRehADpLUNq0Y3hJTrOG22Jg
	yeED+tbcxlA/cVHGpQRZQsm7giP/2Lm48weqi52H+aLTo15smZr3DU5xlTj5MqWdWQ9n3q1UDPN
	rrjtmGOmzl/flGX7aLeSJc1x/zjtEjRy8aGkN+NrY/xDTvoe352OkUYdALvlOY5I5DHlclG2yr1
	NzVjVBqmmWFE71/WIWLadkMWqmtmrkRkZmKF5nFKomjJAzb7uzm14IvFSSNXB4vaXo5ZDlVi8NQ
	1gL2mdIqQRtpqmvQ2ZdadFLoAtOGCMtWt7/nt9AZQu3gm1AwO+lsPjBQ0cIvYQBxBFBn1Em5OLa
	90I+uXE4HJSar5Eajx6WHf+nT29mRGLev0xlbtn/Cf56U+SWUfuZhubhUw0UV+S7znMfVTje5Qw
	B8OVQQnaAEgMV/lU9sth9VtAA=
X-Received: by 2002:a05:600c:46cf:b0:47a:829a:ebb with SMTP id
 5b1f17b1804b1-47a8383c856mr56890375e9.19.1765457200885;
        Thu, 11 Dec 2025 04:46:40 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IEdBy+0ixhzmCiyvohlwRh+X5WzSwkP+d/0rQhp386/uoSX/xcLaiXgvZ/61M7qhAv/XiR5Hg==
X-Received: by 2002:a05:600c:46cf:b0:47a:829a:ebb with SMTP id
 5b1f17b1804b1-47a8383c856mr56890055e9.19.1765457200466;
        Thu, 11 Dec 2025 04:46:40 -0800 (PST)
Received: from amikhalitsyn.lan
 (p200300cf57022000e6219d5798620e30.dip0.t-ipconnect.de.
 [2003:cf:5702:2000:e621:9d57:9862:e30])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47a89f0d6f2sm32075905e9.13.2025.12.11.04.46.39
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 Dec 2025 04:46:39 -0800 (PST)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: kees@kernel.org
Cc: linux-doc@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	bpf@vger.kernel.org,
	Andy Lutomirski <luto@amacapital.net>,
	Will Drewry <wad@chromium.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Shuah Khan <shuah@kernel.org>,
	Aleksa Sarai <cyphar@cyphar.com>,
	Tycho Andersen <tycho@tycho.pizza>,
	Andrei Vagin <avagin@gmail.com>,
	Christian Brauner <brauner@kernel.org>,
	=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>,
	Alexander Mikhalitsyn <alexander@mihalicyn.com>
Subject: [PATCH v3 6/7] seccomp: allow nested listeners
Date: Thu, 11 Dec 2025 13:46:10 +0100
Message-ID: <20251211124614.161900-7-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
References: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Now everything is ready to get rid of "only one listener per tree"
limitation.

Let's introduce a new uAPI flag
SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS, so userspace may explicitly
allow nested listeners when installing a listener.

Note, that to install n-th listener, this flag must be set on all
the listeners up the tree.

Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: bpf@vger.kernel.org
Cc: Kees Cook <kees@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: Tycho Andersen <tycho@tycho.pizza>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: St=C3=A9phane Graber <stgraber@stgraber.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
 .../userspace-api/seccomp_filter.rst          |  6 +++++
 include/linux/seccomp.h                       |  3 ++-
 include/uapi/linux/seccomp.h                  | 13 ++++++-----
 kernel/seccomp.c                              | 22 +++++++++++++++----
 tools/include/uapi/linux/seccomp.h            | 13 ++++++-----
 5 files changed, 40 insertions(+), 17 deletions(-)

diff --git a/Documentation/userspace-api/seccomp_filter.rst b/Documentation=
/userspace-api/seccomp_filter.rst
index cff0fa7f3175..b9633ab1ed47 100644
--- a/Documentation/userspace-api/seccomp_filter.rst
+++ b/Documentation/userspace-api/seccomp_filter.rst
@@ -210,6 +210,12 @@ notifications from both tasks will appear on the same =
filter fd. Reads and
 writes to/from a filter fd are also synchronized, so a filter fd can safely
 have many readers.
=20
+By default, only one listener within seccomp filters tree is allowed. On a=
ttempt
+to add a new listener when one already exists in the filter tree, the
+``seccomp()`` call will fail with ``-EBUSY``. To allow multiple listeners,=
 the
+``SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS`` flag can be passed in addit=
ion to
+the ``SECCOMP_FILTER_FLAG_NEW_LISTENER`` flag.
+
 The interface for a seccomp notification fd consists of two structures:
=20
 .. code-block:: c
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index 9b959972bf4a..9b060946019d 100644
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -10,7 +10,8 @@
 					 SECCOMP_FILTER_FLAG_SPEC_ALLOW | \
 					 SECCOMP_FILTER_FLAG_NEW_LISTENER | \
 					 SECCOMP_FILTER_FLAG_TSYNC_ESRCH | \
-					 SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV)
+					 SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV | \
+					 SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS)
=20
 /* sizeof() the first published struct seccomp_notif_addfd */
 #define SECCOMP_NOTIFY_ADDFD_SIZE_VER0 24
diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
index dbfc9b37fcae..de78d8e7a70b 100644
--- a/include/uapi/linux/seccomp.h
+++ b/include/uapi/linux/seccomp.h
@@ -18,13 +18,14 @@
 #define SECCOMP_GET_NOTIF_SIZES		3
=20
 /* Valid flags for SECCOMP_SET_MODE_FILTER */
-#define SECCOMP_FILTER_FLAG_TSYNC		(1UL << 0)
-#define SECCOMP_FILTER_FLAG_LOG			(1UL << 1)
-#define SECCOMP_FILTER_FLAG_SPEC_ALLOW		(1UL << 2)
-#define SECCOMP_FILTER_FLAG_NEW_LISTENER	(1UL << 3)
-#define SECCOMP_FILTER_FLAG_TSYNC_ESRCH		(1UL << 4)
+#define SECCOMP_FILTER_FLAG_TSYNC			(1UL << 0)
+#define SECCOMP_FILTER_FLAG_LOG				(1UL << 1)
+#define SECCOMP_FILTER_FLAG_SPEC_ALLOW			(1UL << 2)
+#define SECCOMP_FILTER_FLAG_NEW_LISTENER		(1UL << 3)
+#define SECCOMP_FILTER_FLAG_TSYNC_ESRCH			(1UL << 4)
 /* Received notifications wait in killable state (only respond to fatal si=
gnals) */
-#define SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV	(1UL << 5)
+#define SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV		(1UL << 5)
+#define SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS	(1UL << 6)
=20
 /*
  * All BPF programs must return a 32-bit value.
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 51d0d8adaffb..7667f443ff6c 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -206,6 +206,7 @@ static inline void seccomp_cache_prepare(struct seccomp=
_filter *sfilter)
  * @wait_killable_recv: Put notifying process in killable state once the
  *			notification is received by the userspace listener.
  * @first_listener: true if this is the first seccomp listener installed i=
n the tree.
+ * @allow_nested_listeners: Allow nested seccomp listeners.
  * @prev: points to a previously installed, or inherited, filter
  * @prog: the BPF program to evaluate
  * @notif: the struct that holds all notification related information
@@ -228,6 +229,7 @@ struct seccomp_filter {
 	bool log : 1;
 	bool wait_killable_recv : 1;
 	bool first_listener : 1;
+	bool allow_nested_listeners : 1;
 	struct action_cache cache;
 	struct seccomp_filter *prev;
 	struct bpf_prog *prog;
@@ -956,6 +958,10 @@ static long seccomp_attach_filter(unsigned int flags,
 	if (flags & SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV)
 		filter->wait_killable_recv =3D true;
=20
+	/* Set nested listeners allow flag, if present. */
+	if (flags & SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS)
+		filter->allow_nested_listeners =3D true;
+
 	/*
 	 * If there is an existing filter, make it the prev and don't drop its
 	 * task reference.
@@ -1997,7 +2003,8 @@ static struct file *init_listener(struct seccomp_filt=
er *filter)
 }
=20
 /*
- * Does @new_child have a listener while an ancestor also has a listener?
+ * Does @new_child have a listener while an ancestor also has a listener
+ * and hasn't allowed nesting?
  * If so, we'll want to reject this filter.
  * This only has to be tested for the current process, even in the TSYNC c=
ase,
  * because TSYNC installs @child with the same parent on all threads.
@@ -2015,7 +2022,12 @@ static bool check_duplicate_listener(struct seccomp_=
filter *new_child)
 		return false;
 	for (cur =3D current->seccomp.filter; cur; cur =3D cur->prev) {
 		if (!IS_ERR_OR_NULL(cur->notif))
-			return true;
+			/*
+			 * We don't need to go up further, because if there is a
+			 * listener with nesting allowed, then all the listeners
+			 * up the tree have allowed nesting as well.
+			 */
+			return !cur->allow_nested_listeners;
 	}
=20
 	/* Mark first listener in the tree. */
@@ -2062,10 +2074,12 @@ static long seccomp_set_mode_filter(unsigned int fl=
ags,
 		return -EINVAL;
=20
 	/*
-	 * The SECCOMP_FILTER_FLAG_WAIT_KILLABLE_SENT flag doesn't make sense
+	 * The SECCOMP_FILTER_FLAG_WAIT_KILLABLE_SENT and
+	 * SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS flags don't make sense
 	 * without the SECCOMP_FILTER_FLAG_NEW_LISTENER flag.
 	 */
-	if ((flags & SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV) &&
+	if (((flags & SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV) ||
+	     (flags & SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS)) &&
 	    ((flags & SECCOMP_FILTER_FLAG_NEW_LISTENER) =3D=3D 0))
 		return -EINVAL;
=20
diff --git a/tools/include/uapi/linux/seccomp.h b/tools/include/uapi/linux/=
seccomp.h
index dbfc9b37fcae..de78d8e7a70b 100644
--- a/tools/include/uapi/linux/seccomp.h
+++ b/tools/include/uapi/linux/seccomp.h
@@ -18,13 +18,14 @@
 #define SECCOMP_GET_NOTIF_SIZES		3
=20
 /* Valid flags for SECCOMP_SET_MODE_FILTER */
-#define SECCOMP_FILTER_FLAG_TSYNC		(1UL << 0)
-#define SECCOMP_FILTER_FLAG_LOG			(1UL << 1)
-#define SECCOMP_FILTER_FLAG_SPEC_ALLOW		(1UL << 2)
-#define SECCOMP_FILTER_FLAG_NEW_LISTENER	(1UL << 3)
-#define SECCOMP_FILTER_FLAG_TSYNC_ESRCH		(1UL << 4)
+#define SECCOMP_FILTER_FLAG_TSYNC			(1UL << 0)
+#define SECCOMP_FILTER_FLAG_LOG				(1UL << 1)
+#define SECCOMP_FILTER_FLAG_SPEC_ALLOW			(1UL << 2)
+#define SECCOMP_FILTER_FLAG_NEW_LISTENER		(1UL << 3)
+#define SECCOMP_FILTER_FLAG_TSYNC_ESRCH			(1UL << 4)
 /* Received notifications wait in killable state (only respond to fatal si=
gnals) */
-#define SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV	(1UL << 5)
+#define SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV		(1UL << 5)
+#define SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS	(1UL << 6)
=20
 /*
  * All BPF programs must return a 32-bit value.
--=20
2.43.0

From nobody Mon Feb  9 10:49:59 2026
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9DB5311973
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:47:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=185.125.188.122
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1765457247; cv=none;
 b=XgbHBXdRtpjRmDCLi8hf1neHpEZ77cD6wLQueJ5gcgfNkodD9+y2cgoWU89szugz0AZIbJ/qvWmr8m6J6uwybFvJuItQmgIa4EfCePXUOm+UrCiWh7Sf8ksZa2oMM5CdQWSYyObDeBr8LsyQGLh5p3B2Ws0U4qQLBnR+YbU1l+I=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1765457247; c=relaxed/simple;
	bh=b+UeohnzvJw40pZRvhPeSZT8bb9n/7OIH7LnvbfILaw=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=Ez2j3gq+2bwBbqF+ye9bNT6sGwMDha9debsz9AHKK1GTXeF4Cb2nP3V9PM9mW/g9o5KktyCuCbX++fRBoX2946nok6mc3qOI8mmTdWHx+/X/2a4l6SdPSjGkh9m9CudnpTdc0TQL42x51/3XQST9oqiSrCG+to3k8WaUlEauZJU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com;
 spf=pass smtp.mailfrom=canonical.com;
 dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b=ADg31TBl; arc=none smtp.client-ip=185.125.188.122
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=canonical.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com
 header.b="ADg31TBl"
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 6914A3FCA0
	for <linux-kernel@vger.kernel.org>; Thu, 11 Dec 2025 12:47:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20251003; t=1765457221;
	bh=V8hzy0OifNSQ9pCWZiF7fYz+AMk1VUw+02NG8nsswDQ=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
	b=ADg31TBloVCbDQiof6axyMxln3fFI/bW3S+dfojnYoOOSG4vf9Bf3L2XaiNhg7VLw
	 24D6CkMc9dDmwUrfjFpxw1QWTG7mTUKne5zU0OP5gF24EQVDAuvI6r06X3kxshdPPI
	 q48xPEKiwevDfi3D2wF4ZK8uK2d7p10kBdrE7JOhmL7jDB7k0pC1bai5DoBBAU2Yv4
	 Cl+vLhNwoqd4Wmmwq39KiAVUh7WHta/R8FhnY6DdTjUDW5G8AndtYp1DnhusVO36HC
	 awulfZ2MNkyKco9vFwC64bHPrSwp00XcMZn8sHeecXdmCTZjAJAkqfXc77jOFpQRgn
	 gqVkxJp/pL3pUJ3L5vvfwPawoTo6X6SUZGHm6NB01p7Bxez7JPj0PJO1Hcfbb04Whj
	 7moz+L83M/klghobTiOKz84jXzCscKapWoUkWNS2ZmRjcdxrP5SQk7Cz1JVa2/1Yxh
	 MizUmRq8a5agA9tNIx1g6dGhMY2upUHSLuHS0FeZJzBgeLGFpoUfDUqNNA5yohD8i2
	 beYF8ktp7KPodBLaojRSWECkcbXWMdBXOyJnsp5OLVZodSF40KCHXYTTW02QIBUmIZ
	 2SBdX8Do/5/N6y+19q0fAVGDYkXtdWnvE1d/iKqf1e5aoyk9lJ0juumz9RKkZ5SKe0
	 AAW9YCXPAARkkE7mLUzFvPmg=
Received: by mail-wm1-f72.google.com with SMTP id
 5b1f17b1804b1-477c49f273fso405755e9.3
        for <linux-kernel@vger.kernel.org>;
 Thu, 11 Dec 2025 04:47:01 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1765457203; x=1766062003;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=V8hzy0OifNSQ9pCWZiF7fYz+AMk1VUw+02NG8nsswDQ=;
        b=HlWzCUZpz2OBny2BHJtlY1Dgdg/rUzUddCt/LjxRQ6oD0iSmvRwBuClSIQtN2TE/7s
         9cXshed5KQqVKuV4kiErWSpG3CK9Pz/E+eieyL0eLnJJfxkCYmNIc0dvg+pwgbRAsFhe
         0VLB9qX4OJJPSH6n5J3CfiInKEus2wydgFRLyD48fU1LK9zT8l8hNSFGNmpFcBe16C/C
         cZ1w78NCEbJwhrf+VKzdW+AXGnR9LBIzj7Lui9aO84JIInLPByXZIBeUxNX1QL7gh7sv
         6t8/hPiysy/QaD+RrdnPl4utW1WNMo8M5rK8+VevL8Mo0vsFsP+mKw/XSASy+7YFQ9mn
         H01g==
X-Gm-Message-State: AOJu0YxT20ZGQDqdRz3CLa5xlqcb4jmcbNDaVO8LrFtT0gOT7lFWCHBk
	ZZGHxpSFwKY65JsQLr8SQ03h6OoZypD61yr5bTUEgCiMpQkz/XmYeqyUxq/dJ7WeKcxSgmZF3ao
	psFJDUr1nnSCDU7QGevdSVGpEj2G/wxvju8qk5+KfAJzK0vqBMmJxZ76vto5EnbFAleYKyx2HWx
	GGLxYltg==
X-Gm-Gg: AY/fxX6u57VwDVLbWhqzohMF/J9xP+zLer8bMoxgLmk8/OrH0uN1Bmg7Gf2M8a0U/YE
	x4epbdYr68UP/NzeF/cJQEP0F2RhXC3bs0swhF4H/AuWPGXSlFq5KAcle6ZqkiTBByzaAqgEY31
	nPvnxCSwzl0IHtSKd5CDz235J6FXKBCjXXWOxldKH81zFM7B5YlISwx0mU3lroWhI1Qigj0Y+uY
	+CV/Wk2d7U5aBfXfhJw8/Q7CJ6fVRKg/LiUH65vbgFG8iPqT/YP9V9F8L0t5/phriSnqtrE8j2q
	TvJe4g6QTjtUEZsZThGgp/BD2JSwddFJ9XNugMkGDq4NKSGmEl5S/fhUgqsbv+VVqKv1EG/3a7E
	oavBqkK/zshjw/crA9NhB5rlUwPzmBc1bNHIpqAfHqXw3DTyKDYSOezB7WzH5bdX7iwppPvNNX/
	9tHfkR2BvZi2sY48Kev00aWWE=
X-Received: by 2002:a05:600c:3512:b0:471:21:554a with SMTP id
 5b1f17b1804b1-47a83814519mr56357645e9.13.1765457203036;
        Thu, 11 Dec 2025 04:46:43 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IH+YNZ87WlXoAKJkxUjyMWYi8/OgaJF+UVLnKhVQzL+tkHO1XIRTcZi1teyC6sg/WSN/QxzHw==
X-Received: by 2002:a05:600c:3512:b0:471:21:554a with SMTP id
 5b1f17b1804b1-47a83814519mr56357355e9.13.1765457202560;
        Thu, 11 Dec 2025 04:46:42 -0800 (PST)
Received: from amikhalitsyn.lan
 (p200300cf57022000e6219d5798620e30.dip0.t-ipconnect.de.
 [2003:cf:5702:2000:e621:9d57:9862:e30])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-47a89f0d6f2sm32075905e9.13.2025.12.11.04.46.41
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 Dec 2025 04:46:42 -0800 (PST)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
To: kees@kernel.org
Cc: linux-kernel@vger.kernel.org,
	linux-kselftest@vger.kernel.org,
	bpf@vger.kernel.org,
	Andy Lutomirski <luto@amacapital.net>,
	Will Drewry <wad@chromium.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Shuah Khan <shuah@kernel.org>,
	Aleksa Sarai <cyphar@cyphar.com>,
	Tycho Andersen <tycho@tycho.pizza>,
	Andrei Vagin <avagin@gmail.com>,
	Christian Brauner <brauner@kernel.org>,
	=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>,
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Subject: [PATCH v3 7/7] tools/testing/selftests/seccomp: test nested listeners
Date: Thu, 11 Dec 2025 13:46:11 +0100
Message-ID: <20251211124614.161900-8-aleksandr.mikhalitsyn@canonical.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
References: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Add some basic tests for nested listeners.

Cc: linux-kernel@vger.kernel.org
Cc: linux-kselftest@vger.kernel.org
Cc: bpf@vger.kernel.org
Cc: Kees Cook <kees@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Aleksa Sarai <cyphar@cyphar.com>
Cc: Tycho Andersen <tycho@tycho.pizza>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: St=C3=A9phane Graber <stgraber@stgraber.org>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
 tools/testing/selftests/seccomp/seccomp_bpf.c | 303 ++++++++++++++++++
 1 file changed, 303 insertions(+)

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/=
selftests/seccomp/seccomp_bpf.c
index 874f17763536..bbf3ef58ad07 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -301,6 +301,10 @@ struct seccomp_notif_addfd_big {
 #define SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (1UL << 5)
 #endif
=20
+#ifndef SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS
+#define SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS (1UL << 6)
+#endif
+
 #ifndef seccomp
 int seccomp(unsigned int op, unsigned int flags, void *args)
 {
@@ -4416,6 +4420,305 @@ TEST(user_notification_sync)
 	ASSERT_EQ(status, 0);
 }
=20
+/*
+ * This test is here to ensure that seccomp() behavior before
+ * introducing nested listeners is preserved.
+ */
+TEST(user_notification_many_ret_notif_old_behavior)
+{
+	pid_t pid, ppid;
+	long ret;
+	int status, listener;
+	struct seccomp_notif req =3D {};
+	struct seccomp_notif_resp resp =3D {};
+
+	struct sock_filter filter[] =3D {
+		BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW),
+	};
+	struct sock_fprog prog =3D {
+		.len =3D (unsigned short)ARRAY_SIZE(filter),
+		.filter =3D filter,
+	};
+
+	ret =3D prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+	ASSERT_EQ(0, ret) {
+		TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
+	}
+
+	/* Add some no-op filters for grins. */
+	EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0);
+
+	/* Install a filter that returns SECCOMP_RET_USER_NOTIF, but has no liste=
ner. */
+	ASSERT_GE(user_notif_syscall(__NR_getppid, 0), 0);
+
+	/* Install a filter that returns SECCOMP_RET_USER_NOTIF, and then close l=
istener. */
+	listener =3D user_notif_syscall(__NR_getppid,
+				      SECCOMP_FILTER_FLAG_NEW_LISTENER);
+	ASSERT_GE(listener, 0);
+	close(listener);
+
+	/*
+	 * Note, that we can install another listener now (without nesting enable=
d!),
+	 * because notify fd of the previous filter has been closed.
+	 */
+	listener =3D user_notif_syscall(__NR_getppid,
+				      SECCOMP_FILTER_FLAG_NEW_LISTENER);
+	ASSERT_GE(listener, 0);
+
+	/* Add some no-op filters for grins. */
+	EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0);
+
+	ppid =3D getpid();
+	pid =3D fork();
+	ASSERT_GE(pid, 0);
+
+	if (pid =3D=3D 0) {
+		ret =3D syscall(__NR_getppid);
+		exit(ret !=3D ppid);
+	}
+
+	memset(&req, 0, sizeof(req));
+	EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0);
+	EXPECT_EQ(req.pid, pid);
+	EXPECT_EQ(req.data.nr,  __NR_getppid);
+
+	memset(&resp, 0, sizeof(resp));
+	resp.id =3D req.id;
+
+	/* tell kernel to continue syscall and expect that upper-level filters ar=
e ignored */
+	resp.flags =3D SECCOMP_USER_NOTIF_FLAG_CONTINUE;
+
+	EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), 0);
+
+	EXPECT_EQ(waitpid(pid, &status, 0), pid);
+	EXPECT_EQ(true, WIFEXITED(status));
+	EXPECT_EQ(0, WEXITSTATUS(status));
+
+	close(listener);
+}
+
+TEST(user_notification_many_ret_notif_closed_listener_nested)
+{
+	pid_t pid;
+	long ret;
+	int status, listener, closed_listener;
+	struct seccomp_notif req =3D {};
+	struct seccomp_notif_resp resp =3D {};
+
+	struct sock_filter filter[] =3D {
+		BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW),
+	};
+	struct sock_fprog prog =3D {
+		.len =3D (unsigned short)ARRAY_SIZE(filter),
+		.filter =3D filter,
+	};
+
+	ret =3D prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+	ASSERT_EQ(0, ret) {
+		TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
+	}
+
+	/* Add some no-op filters for grins. */
+	EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0);
+
+	closed_listener =3D user_notif_syscall(__NR_getppid,
+				      SECCOMP_FILTER_FLAG_NEW_LISTENER |
+				      SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS);
+	ASSERT_GE(closed_listener, 0);
+
+	/*
+	 * Note, that we can install another listener now (without nesting enable=
d!),
+	 * because notify fd of the previous filter has been closed.
+	 */
+	listener =3D user_notif_syscall(__NR_getppid,
+				      SECCOMP_FILTER_FLAG_NEW_LISTENER);
+	ASSERT_GE(listener, 0);
+
+	/* Now, once we installed a nested listener, close the previous one. */
+	close(closed_listener);
+
+	/* Add some no-op filters for grins. */
+	EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0);
+
+	pid =3D fork();
+	ASSERT_GE(pid, 0);
+
+	if (pid =3D=3D 0) {
+		ret =3D syscall(__NR_getppid);
+		exit(ret >=3D 0 || errno !=3D ENOSYS);
+	}
+
+	memset(&req, 0, sizeof(req));
+	EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0);
+	EXPECT_EQ(req.pid, pid);
+	EXPECT_EQ(req.data.nr,  __NR_getppid);
+
+	memset(&resp, 0, sizeof(resp));
+	resp.id =3D req.id;
+
+	/*
+	 * Tell kernel to continue syscall and expect ENOSYS,
+	 * because upper filter's notify fd has been closed.
+	 */
+	resp.flags =3D SECCOMP_USER_NOTIF_FLAG_CONTINUE;
+
+	EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), 0);
+
+	EXPECT_EQ(waitpid(pid, &status, 0), pid);
+	EXPECT_EQ(true, WIFEXITED(status));
+	EXPECT_EQ(0, WEXITSTATUS(status));
+
+	close(listener);
+}
+
+/*
+ * Ensure that EBUSY is returned on attempt to
+ * install a nested listener without nesting being allowed.
+ */
+TEST(user_notification_nested_limits)
+{
+	pid_t pid;
+	long ret;
+	int i, status, listeners[8];
+
+	struct sock_filter filter[] =3D {
+		BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW),
+	};
+	struct sock_fprog prog =3D {
+		.len =3D (unsigned short)ARRAY_SIZE(filter),
+		.filter =3D filter,
+	};
+
+	ret =3D prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+	ASSERT_EQ(0, ret) {
+		TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
+	}
+
+	/* Install 6 levels of listeners and allow nesting. */
+	for (i =3D 0; i < 6; i++) {
+		listeners[i] =3D user_notif_syscall(__NR_getppid,
+						  SECCOMP_FILTER_FLAG_NEW_LISTENER |
+						  SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS);
+		ASSERT_GE(listeners[i], 0);
+
+		/* Add some no-op filters for grins. */
+		EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0);
+	}
+
+	/* Check behavior when nesting is not allowed. */
+	pid =3D fork();
+	ASSERT_GE(pid, 0);
+	if (pid =3D=3D 0) {
+		/* Install a next listener in the chain without nesting allowed. */
+		listeners[6] =3D user_notif_syscall(__NR_getppid,
+						 SECCOMP_FILTER_FLAG_NEW_LISTENER);
+		if (listeners[6] < 0)
+			exit(1);
+
+		/* Add some no-op filters for grins. */
+		ret =3D seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog);
+		if (ret !=3D 0)
+			exit(2);
+
+		ret =3D user_notif_syscall(__NR_getppid,
+					 SECCOMP_FILTER_FLAG_NEW_LISTENER);
+		/* Installing a next listener in the chain should result in EBUSY. */
+		exit((ret >=3D 0 || errno !=3D EBUSY) ? 3 : 0);
+	}
+
+	EXPECT_EQ(waitpid(pid, &status, 0), pid);
+	EXPECT_EQ(true, WIFEXITED(status));
+	EXPECT_EQ(0, WEXITSTATUS(status));
+}
+
+TEST(user_notification_nested)
+{
+	pid_t pid;
+	long ret;
+	int i, status, listeners[6];
+	struct seccomp_notif req =3D {};
+	struct seccomp_notif_resp resp =3D {};
+
+	struct sock_filter filter[] =3D {
+		BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW),
+	};
+	struct sock_fprog prog =3D {
+		.len =3D (unsigned short)ARRAY_SIZE(filter),
+		.filter =3D filter,
+	};
+
+	ret =3D prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+	ASSERT_EQ(0, ret) {
+		TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
+	}
+
+	/* Install 6 levels of listeners and allow nesting. */
+	for (i =3D 0; i < 6; i++) {
+		/*
+		 * Install a filter that returns SECCOMP_RET_USER_NOTIF, but has no list=
ener.
+		 * We expect that these filters are not affecting the end result.
+		 */
+		ASSERT_GE(user_notif_syscall(__NR_getppid, 0), 0);
+
+		listeners[i] =3D user_notif_syscall(__NR_getppid,
+						  SECCOMP_FILTER_FLAG_NEW_LISTENER |
+						  SECCOMP_FILTER_FLAG_ALLOW_NESTED_LISTENERS);
+		ASSERT_GE(listeners[i], 0);
+
+		/* Add some no-op filters for grins. */
+		EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0);
+	}
+
+	pid =3D fork();
+	ASSERT_GE(pid, 0);
+
+	if (pid =3D=3D 0) {
+		ret =3D syscall(__NR_getppid);
+		exit(ret !=3D (USER_NOTIF_MAGIC-3));
+	}
+
+	/*
+	 * We want to have the following picture:
+	 *
+	 * | Listener level (i) | Listener decision |
+	 * |--------------------|-------------------|
+	 * |	     0		|      WHATEVER     |
+	 * |	     1		|      WHATEVER     |
+	 * |	     2		|      WHATEVER     |
+	 * |	     3		|       RETURN      | <-- stop here
+	 * |	     4		|  CONTINUE SYSCALL |
+	 * |	     5		|  CONTINUE SYSCALL | <- start here (current->seccomp.filter)
+	 *
+	 * First listener who receives a notification is level 5, then 4,
+	 * then we expect to stop on level 3 and return from syscall with
+	 * (USER_NOTIF_MAGIC - 3) return value.
+	 */
+	for (i =3D 6 - 1; i >=3D 3; i--) {
+		memset(&req, 0, sizeof(req));
+		EXPECT_EQ(ioctl(listeners[i], SECCOMP_IOCTL_NOTIF_RECV, &req), 0);
+		EXPECT_EQ(req.pid, pid);
+		EXPECT_EQ(req.data.nr,  __NR_getppid);
+
+		memset(&resp, 0, sizeof(resp));
+		resp.id =3D req.id;
+
+		if (i =3D=3D 5 || i =3D=3D 4) {
+			resp.flags =3D SECCOMP_USER_NOTIF_FLAG_CONTINUE;
+		} else {
+			resp.error =3D 0;
+			resp.val =3D USER_NOTIF_MAGIC - i;
+		}
+
+		EXPECT_EQ(ioctl(listeners[i], SECCOMP_IOCTL_NOTIF_SEND, &resp), 0);
+	}
+
+	EXPECT_EQ(waitpid(pid, &status, 0), pid);
+	EXPECT_EQ(true, WIFEXITED(status));
+	EXPECT_EQ(0, WEXITSTATUS(status));
+
+	for (i =3D 0; i < 6; i++)
+		close(listeners[i]);
+}
=20
 /* Make sure PTRACE_O_SUSPEND_SECCOMP requires CAP_SYS_ADMIN. */
 FIXTURE(O_SUSPEND_SECCOMP) {
--=20
2.43.0