seccomp: switch system call argument type to void *

The const qualifier causes problems for any code that wants to write to the
third argument of the seccomp syscall, as we will do in a future patch in
this series.

The third argument to the seccomp syscall is documented as void *, so
rather than just dropping the const, let's switch everything to use void *
as well.

I believe this is safe because of 1. the documentation above, 2. there's no
real type information exported about syscalls anywhere besides the man
pages.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
CC: Kees Cook <keescook@chromium.org>
CC: Andy Lutomirski <luto@amacapital.net>
CC: Oleg Nesterov <oleg@redhat.com>
CC: Eric W. Biederman <ebiederm@xmission.com>
CC: "Serge E. Hallyn" <serge@hallyn.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
CC: Christian Brauner <christian@brauner.io>
CC: Tyler Hicks <tyhicks@canonical.com>
CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Signed-off-by: Kees Cook <keescook@chromium.org>

diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index e5320f6c865439c0b8910afc17fcfd1598bcc4fb..b5103c019cf4a495e88e99fc734eb5cfef0fb9d2 100644 (file)
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -43,7 +43,7 @@ extern void secure_computing_strict(int this_syscall);
 #endif
 
 extern long prctl_get_seccomp(void);
-extern long prctl_set_seccomp(unsigned long, char __user *);
+extern long prctl_set_seccomp(unsigned long, void __user *);
 
 static inline int seccomp_mode(struct seccomp *s)
 {

diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 2ac3d13a915bfc3954b08c3fac23e8d3351f4827..a60694fb0f58c9a5a1bb45103d72b2cc0d80d17a 100644 (file)
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -879,7 +879,7 @@ asmlinkage long sys_renameat2(int olddfd, const char __user *oldname,
                              int newdfd, const char __user *newname,
                              unsigned int flags);
 asmlinkage long sys_seccomp(unsigned int op, unsigned int flags,
-                           const char __user *uargs);
+                           void __user *uargs);
 asmlinkage long sys_getrandom(char __user *buf, size_t count,
                              unsigned int flags);
 asmlinkage long sys_memfd_create(const char __user *uname_ptr, unsigned int flags);

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 96afc32e041de174fe5f2192d3ce9a7d583a2115..393e029f778ab0df3dde07e4957cef2291a62c7b 100644 (file)
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -924,7 +924,7 @@ static long seccomp_get_action_avail(const char __user *uaction)
 
 /* Common entry point for both prctl and syscall. */
 static long do_seccomp(unsigned int op, unsigned int flags,
-                      const char __user *uargs)
+                      void __user *uargs)
 {
        switch (op) {
        case SECCOMP_SET_MODE_STRICT:
@@ -944,7 +944,7 @@ static long do_seccomp(unsigned int op, unsigned int flags,
 }
 
 SYSCALL_DEFINE3(seccomp, unsigned int, op, unsigned int, flags,
-                        const char __user *, uargs)
+                        void __user *, uargs)
 {
        return do_seccomp(op, flags, uargs);
 }
@@ -956,10 +956,10 @@ SYSCALL_DEFINE3(seccomp, unsigned int, op, unsigned int, flags,
  *
  * Returns 0 on success or -EINVAL on failure.
  */
-long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
+long prctl_set_seccomp(unsigned long seccomp_mode, void __user *filter)
 {
        unsigned int op;
-       char __user *uargs;
+       void __user *uargs;
 
        switch (seccomp_mode) {
        case SECCOMP_MODE_STRICT: