seccomp: Use -1 marker for end of mode 1 syscall list

[linux-block.git] / kernel / seccomp.c

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 0ed57e8c49d0b71463d59c5b368fb10e79a5efd7..866a432cd7465e3cf52f15d0b74e206a5f06a2e2 100644 (file)
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -742,20 +742,20 @@ static inline void seccomp_log(unsigned long syscall, long signr, u32 action,
  */
 static const int mode1_syscalls[] = {
        __NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn,
-       0, /* null terminated */
+       -1, /* negative terminated */
 };
 
 static void __secure_computing_strict(int this_syscall)
 {
-       const int *syscall_whitelist = mode1_syscalls;
+       const int *allowed_syscalls = mode1_syscalls;
 #ifdef CONFIG_COMPAT
        if (in_compat_syscall())
-               syscall_whitelist = get_compat_mode1_syscalls();
+               allowed_syscalls = get_compat_mode1_syscalls();
 #endif
        do {
-               if (*syscall_whitelist == this_syscall)
+               if (*allowed_syscalls == this_syscall)
                        return;
-       } while (*++syscall_whitelist);
+       } while (*++allowed_syscalls != -1);
 
 #ifdef SECCOMP_DEBUG
        dump_stack();