seccomp: check in_compat_syscall, not is_compat_task, in strict mode

Seccomp wants to know the syscall bitness, not the caller task bitness,
when it selects the syscall whitelist.

As far as I know, this makes no difference on any architecture, so it's
not a security problem.  (It generates identical code everywhere except
sparc, and, on sparc, the syscall numbering is the same for both ABIs.)

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 15a1795bbba17d1140e3220c41d48dd26ac43c95..e1e5a354854e53537c42053c222df883674e0a46 100644 (file)
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -395,7 +395,7 @@ seccomp_prepare_user_filter(const char __user *user_filter)
        struct seccomp_filter *filter = ERR_PTR(-EFAULT);
 
 #ifdef CONFIG_COMPAT
-       if (is_compat_task()) {
+       if (in_compat_syscall()) {
                struct compat_sock_fprog fprog32;
                if (copy_from_user(&fprog32, user_filter, sizeof(fprog32)))
                        goto out;
@@ -529,7 +529,7 @@ static void __secure_computing_strict(int this_syscall)
 {
        int *syscall_whitelist = mode1_syscalls;
 #ifdef CONFIG_COMPAT
-       if (is_compat_task())
+       if (in_compat_syscall())
                syscall_whitelist = mode1_syscalls_32;
 #endif
        do {