seccomp: Remove bogus __user annotations Buffers that are passed to read_actions_logged() and write_actions_logged() are in kernel memory; the sysctl core takes care of copying from/to userspace. Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler") Reviewed-by: Tyler Hicks <code@tyhicks.com> Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20201120170545.1419332-1-jannh@google.com

commit: fab686eb0307121e7a2890b6d6c57edd2457863d [log] [tgz]
author: Jann Horn <jannh@google.com> Fri Nov 20 18:05:45 2020 +0100
committer: Kees Cook <keescook@chromium.org> Fri Nov 20 11:39:21 2020 -0800
tree: 23cd109c162d392b7e1b5aafe53bead84bf2393f
parent: 0d8315dddd2899f519fe1ca3d4d5cdaf44ea421e [diff] [blame]
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 76f524e..0e0e369 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c

@@ -2202,7 +2202,7 @@ static bool seccomp_actions_logged_from_names(u32 *actions_logged, char *names)
 	return true;
 }
 
-static int read_actions_logged(struct ctl_table *ro_table, void __user *buffer,
+static int read_actions_logged(struct ctl_table *ro_table, void *buffer,
 			       size_t *lenp, loff_t *ppos)
 {
 	char names[sizeof(seccomp_actions_avail)];
@@ -2220,7 +2220,7 @@ static int read_actions_logged(struct ctl_table *ro_table, void __user *buffer,
 	return proc_dostring(&table, 0, buffer, lenp, ppos);
 }
 
-static int write_actions_logged(struct ctl_table *ro_table, void __user *buffer,
+static int write_actions_logged(struct ctl_table *ro_table, void *buffer,
 				size_t *lenp, loff_t *ppos, u32 *actions_logged)
 {
 	char names[sizeof(seccomp_actions_avail)];
commit	fab686eb0307121e7a2890b6d6c57edd2457863d	[log] [tgz]
author	Jann Horn <jannh@google.com>	Fri Nov 20 18:05:45 2020 +0100
committer	Kees Cook <keescook@chromium.org>	Fri Nov 20 11:39:21 2020 -0800
tree	23cd109c162d392b7e1b5aafe53bead84bf2393f
parent	0d8315dddd2899f519fe1ca3d4d5cdaf44ea421e [diff] [blame]