Re: [PATCH v1] seccomp: Fix documentation
From: Kees Cook
Date: Tue Oct 18 2016 - 16:29:56 EST
On Sat, Oct 15, 2016 at 9:31 AM, MickaÃl SalaÃn <mic@xxxxxxxxxxx> wrote:
> Could someone push this please?
>
> On 20/09/2016 19:39, MickaÃl SalaÃn wrote:
>> Fix struct seccomp_filter and seccomp_run_filters() signatures.
>>
>> Signed-off-by: MickaÃl SalaÃn <mic@xxxxxxxxxxx>
>> Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
>> Cc: James Morris <jmorris@xxxxxxxxx>
>> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
>> Cc: Will Drewry <wad@xxxxxxxxxxxx>
Ah, sorry, this got lost in my inbox. :)
Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
-Kees
>> ---
>> kernel/seccomp.c | 7 +++----
>> 1 file changed, 3 insertions(+), 4 deletions(-)
>>
>> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
>> index 0db7c8a2afe2..494cba230ca0 100644
>> --- a/kernel/seccomp.c
>> +++ b/kernel/seccomp.c
>> @@ -41,8 +41,7 @@
>> * outside of a lifetime-guarded section. In general, this
>> * is only needed for handling filters shared across tasks.
>> * @prev: points to a previously installed, or inherited, filter
>> - * @len: the number of instructions in the program
>> - * @insnsi: the BPF program instructions to evaluate
>> + * @prog: the BPF program to evaluate
>> *
>> * seccomp_filter objects are organized in a tree linked via the @prev
>> * pointer. For any task, it appears to be a singly-linked list starting
>> @@ -168,8 +167,8 @@ static int seccomp_check_filter(struct sock_filter *filter, unsigned int flen)
>> }
>>
>> /**
>> - * seccomp_run_filters - evaluates all seccomp filters against @syscall
>> - * @syscall: number of the current system call
>> + * seccomp_run_filters - evaluates all seccomp filters against @sd
>> + * @sd: optional seccomp data to be passed to filters
>> *
>> * Returns valid seccomp BPF response codes.
>> */
>>
>
--
Kees Cook
Nexus Security