Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...

[linux-2.6-block.git] / kernel / seccomp.c

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index e1e5a354854e53537c42053c222df883674e0a46..7002796f14a493988f6da70f77e266e36bf7788d 100644 (file)
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -513,24 +513,17 @@ static void seccomp_send_sigsys(int syscall, int reason)
  * To be fully secure this must be combined with rlimit
  * to limit the stack allocations too.
  */
-static int mode1_syscalls[] = {
+static const int mode1_syscalls[] = {
        __NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn,
        0, /* null terminated */
 };
 
-#ifdef CONFIG_COMPAT
-static int mode1_syscalls_32[] = {
-       __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
-       0, /* null terminated */
-};
-#endif
-
 static void __secure_computing_strict(int this_syscall)
 {
-       int *syscall_whitelist = mode1_syscalls;
+       const int *syscall_whitelist = mode1_syscalls;
 #ifdef CONFIG_COMPAT
        if (in_compat_syscall())
-               syscall_whitelist = mode1_syscalls_32;
+               syscall_whitelist = get_compat_mode1_syscalls();
 #endif
        do {
                if (*syscall_whitelist == this_syscall)
@@ -915,7 +908,7 @@ long seccomp_get_filter(struct task_struct *task, unsigned long filter_off,
 
        fprog = filter->prog->orig_prog;
        if (!fprog) {
-               /* This must be a new non-cBPF filter, since we save every
+               /* This must be a new non-cBPF filter, since we save
                 * every cBPF filter's orig_prog above when
                 * CONFIG_CHECKPOINT_RESTORE is enabled.
                 */