1 files changed, 9 insertions, 4 deletions

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index d9db6ec46bc9..ee376beedaf9 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -377,8 +377,7 @@ int __secure_computing(int this_syscall)
         int mode = current->seccomp.mode;
         int exit_sig = 0;
         int *syscall;
-        u32 ret = SECCOMP_RET_KILL;
-        int data;
+        u32 ret;
 
         switch (mode) {
         case SECCOMP_MODE_STRICT:
@@ -392,12 +391,15 @@ int __secure_computing(int this_syscall)
                                 return 0;
                 } while (*++syscall);
                 exit_sig = SIGKILL;
+                ret = SECCOMP_RET_KILL;
                 break;
 #ifdef CONFIG_SECCOMP_FILTER
-        case SECCOMP_MODE_FILTER:
+        case SECCOMP_MODE_FILTER: {
+                int data;
                 ret = seccomp_run_filters(this_syscall);
                 data = ret & SECCOMP_RET_DATA;
-                switch (ret & SECCOMP_RET_ACTION) {
+                ret &= SECCOMP_RET_ACTION;
+                switch (ret) {
                 case SECCOMP_RET_ERRNO:
                         /* Set the low-order 16-bits as a errno. */
                         syscall_set_return_value(current, task_pt_regs(current),
@@ -432,6 +434,7 @@ int __secure_computing(int this_syscall)
                 }
                 exit_sig = SIGSYS;
                 break;
+        }
 #endif
         default:
                 BUG();
@@ -442,8 +445,10 @@ int __secure_computing(int this_syscall)
 #endif
         audit_seccomp(this_syscall, exit_sig, ret);
         do_exit(exit_sig);
+#ifdef CONFIG_SECCOMP_FILTER
 skip:
         audit_seccomp(this_syscall, exit_sig, ret);
+#endif
         return -1;
 }