From nobody Tue Feb 10 05:10:15 2026 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9383D31197B for ; Thu, 11 Dec 2025 12:46:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765457207; cv=none; b=cgPO+4SC68EOSTZarf1WY8zfHkWDLKOVAi1O33UAxk78uRvTIKuC4Ho+86JN8jwKJyBCSZX44JUjXZI1DnsSPt9dFhOsyO68x3iOq9BJTu76zPiLZPucO0EK9CuEZ/T1suIHlrgMH1O8D6IxXp/hqMdVwIOPyyT3+YRxGK/4Q+c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765457207; c=relaxed/simple; bh=EZiCPSJuK4oVfAbbPOCBKjiRkTaTv/A1KA/bG0Sdbns=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gFd8v9E2fjLXWPLmFzQVZLqmstkYZ0QkGtKtAcK31bPotBpvWtrD+6mOywBn5BjAEdKgLoLmoJ4f0BgLoGqu0aV3hFgDVWeR2OidXcSv3MA0JpzBSekrW5BtM6/HcYzdVYlGAArvSuelECj47clAMGBrZvZbu+j0fLBY06eWA3s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com header.b=muvHLCiJ; arc=none smtp.client-ip=185.125.188.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (4096-bit key) header.d=canonical.com header.i=@canonical.com header.b="muvHLCiJ" Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 4E5F23F7C4 for ; Thu, 11 Dec 2025 12:46:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20251003; t=1765457195; bh=iHbyopAOI+NWvW+EHgfz5l2lV40a/3UJY68KfPVlzLc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=muvHLCiJliX/BAE0zOvCqqs4TR5OHv4aOVNWj9EIABfGNWfsBedug2RkaBZEtvseL xy7lqPhnmfjLnYAJ4rWa7hCu/iApidgY35zXsm6JRTf4QpDBgC2icHD8dcS1jaEhKn JNMLF1BGScu6/S4SWskTny0//iPABaepkDo1/03heRNOfse7FYlgqmJS0Yq7aSDHew NN2YFbicloZAv9eXeVxwL812FYaM73j3Sl54AFbFWFOkke0hiiULgNWdmSY/skGDss R9TiymLaTmfAbJRuO9xwUcICjQzV9Vr/DAf09xLyGbk4BJp5oqFt82DNabEUmJotz1 iuD3eqMTJdUzx9uWgGQGd41vh2lhnisnx7feE0+adJANpHtQMslykbDoC3xLQQGHI4 5bizlwV5AQ0u/fHyNO8ZZFj8oFdNbptPs+X9rMe73ANDFD7bOk8ouys8oAOb40Le3H VPl+4McB3wv0ebKm7SCVXHnSVA6pXfvGRibY6Fih3UbcKPldoGzsxSJw5Mh19/mJQ5 6JLKM63B2PkXGZ5hNNaaRI75VhA9dJTviuiVCukSpcNSKRiBoZ0l+ByoOvvK//huPI ip40lZ6uiWlsYwndMCtIXPajKwV82hh/7KtZV49s5nOB/59i/biIbdtyANdmREL67m j6ZQ2fQA8KHyAC9v7QcrLVU8= Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-4779b432aecso410865e9.0 for ; Thu, 11 Dec 2025 04:46:35 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765457193; x=1766061993; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=iHbyopAOI+NWvW+EHgfz5l2lV40a/3UJY68KfPVlzLc=; b=czKBcBzKyOS9VPoMqr5+i1UbZPTZ+R/eUBvCZVouL7PCeEOQRr07q/6HiUtiip1kS3 OrgdFD/Pn9LJWuSkBEaO6aZyvlL08ZdT+idlYqimSI0SYWApMWpA9k4blFOreBfiY3Y5 bnsQUmiJCjMN1tWIKYWhA06Xw4n8YI0kvoodQsh+EEVgvaTCX86UNiCQy9gY0zav/UrB /iNbDIpnmVBjJCBpu4THxaGb7tLKhk1ABa6NchFLt5fGfeuhWLYwfYz3qN9ioj36c7nh +cjo+UjYY2SHNy+TUwzFI/hHBjlejpii9OXFPzJaAzZEUwLD3hpe9xYipRJrD+3mIRQ3 ImSg== X-Gm-Message-State: AOJu0YxI+6xQQKiYpXd3pzLcXkZuCi5vZVP/1SA921JZxhZDougawftU nDMfrHGJXB1uljgjqsEFRJkEcPeDtB60M+Be1Zuk8fOHoGQcco+6MpyZtMUG/xc2H42JVJa93Rw +N74xoYhieV69+E7bs5WtpYBXA5zkkLHn/V7nD8W7C2+Wme0VcP2GIcew4F4sBTNsp0+KJNdKeH k80kwI0w== X-Gm-Gg: AY/fxX75JTFbxxfJt0OiP/7xFbh8WMNhVvF53wPAS3Isjl+2sDNUZIdKkMps4qsbPqE MjgENG3rttVQ8iJ7XemSC/nRZse2xu89N7IIdT1AGgLAPkr50/se9EHU3R+auTa1FeH6XbP6+58 TCJCoKQuc+mTC3ZvbUMfKVZQqx+z7VMAJ2942eKXxud30ROoX2NvfyQc3/Pnxm3NC6Lr7X92uXO hG+gyAWxE5boQVL8aiIYYRTCuYlK6nTAhOYkXjAFSzXuBaGb8SAleZ1jsWty5fjmhbmyAH5vo0k IyuCMpuClkeD77q7seVwXQgQ/jvzwAyEz0oPbLfFjKJvCJNfikKpJl82G7sn6Lqovx7NBUiqy6X 0COlWdMcfQurrqnBIYh6RjdnQGJQkgf2Vf5YuhhaKf4qi7mxVsX1nltcJLfgLJ6t46yA+Hvo2JR xX4cQCqpECABLhjyuBrMlfV+8= X-Received: by 2002:a05:600c:46cf:b0:47a:829a:ebb with SMTP id 5b1f17b1804b1-47a8383c856mr56885145e9.19.1765457193353; Thu, 11 Dec 2025 04:46:33 -0800 (PST) X-Google-Smtp-Source: AGHT+IGmo747NS+j0QPgE3+eD7j60RJhIJRntVCR8fX9XG5pZafDi/eqGoZNz9kU6HvP3lQN8t6YSA== X-Received: by 2002:a05:600c:46cf:b0:47a:829a:ebb with SMTP id 5b1f17b1804b1-47a8383c856mr56884765e9.19.1765457192955; Thu, 11 Dec 2025 04:46:32 -0800 (PST) Received: from amikhalitsyn.lan (p200300cf57022000e6219d5798620e30.dip0.t-ipconnect.de. [2003:cf:5702:2000:e621:9d57:9862:e30]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47a89f0d6f2sm32075905e9.13.2025.12.11.04.46.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Dec 2025 04:46:32 -0800 (PST) From: Alexander Mikhalitsyn To: kees@kernel.org Cc: linux-kernel@vger.kernel.org, Andy Lutomirski , Will Drewry , Jonathan Corbet , Shuah Khan , Aleksa Sarai , Tycho Andersen , Andrei Vagin , Christian Brauner , =?UTF-8?q?St=C3=A9phane=20Graber?= , Alexander Mikhalitsyn Subject: [PATCH v3 3/7] seccomp: keep track of seccomp filters with closed listeners Date: Thu, 11 Dec 2025 13:46:07 +0100 Message-ID: <20251211124614.161900-4-aleksandr.mikhalitsyn@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com> References: <20251211124614.161900-1-aleksandr.mikhalitsyn@canonical.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Let's distinguish seccomp filters with closed listener vs seccomp filters which never had listener. We can easily do this by using the same ->notif pointer field with help of IS_ERR_OR_NULL(). No functional change intended. Cc: linux-kernel@vger.kernel.org Cc: Kees Cook Cc: Andy Lutomirski Cc: Will Drewry Cc: Jonathan Corbet Cc: Shuah Khan Cc: Aleksa Sarai Cc: Tycho Andersen Cc: Andrei Vagin Cc: Christian Brauner Cc: St=C3=A9phane Graber Signed-off-by: Alexander Mikhalitsyn Reviewed-by: Aleksa Sarai --- kernel/seccomp.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 236c96276405..89ae81f06743 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1182,7 +1182,7 @@ static int seccomp_do_user_notification(struct seccom= p_filter *match, =20 mutex_lock(&match->notify_lock); err =3D -ENOSYS; - if (!match->notif) + if (IS_ERR_OR_NULL(match->notif)) goto out; =20 n.task =3D current; @@ -1252,7 +1252,7 @@ static int seccomp_do_user_notification(struct seccom= p_filter *match, * *reattach* to a notifier right now. If one is added, we'll need to * keep track of the notif itself and make sure they match here. */ - if (match->notif) + if (!IS_ERR_OR_NULL(match->notif)) list_del(&n.list); out: mutex_unlock(&match->notify_lock); @@ -1460,8 +1460,14 @@ static long seccomp_set_mode_strict(void) #ifdef CONFIG_SECCOMP_FILTER static void seccomp_notify_free(struct seccomp_filter *filter) { - kfree(filter->notif); - filter->notif =3D NULL; + if (!IS_ERR_OR_NULL(filter->notif)) + kfree(filter->notif); + + /* + * We want to know if a filter never had a notify fd, + * or it is just been closed at some point. + */ + filter->notif =3D ERR_PTR(-ENOTCONN); } =20 static void seccomp_notify_detach(struct seccomp_filter *filter) @@ -1943,7 +1949,7 @@ static bool has_duplicate_listener(struct seccomp_fil= ter *new_child) if (!new_child->notif) return false; for (cur =3D current->seccomp.filter; cur; cur =3D cur->prev) { - if (cur->notif) + if (!IS_ERR_OR_NULL(cur->notif)) return true; } =20 --=20 2.43.0