How does the seccomp-bpf filter turn off?

I am studying the implementation details of seccomp-bpf, the syscall filtering mechanism that has been introduced in Linux since version 3.5. I have looked at the kernel / seccomp.c source code from Linux 3.10 and want to ask some questions about this.

From seccomp.c, it seems that seccomp_run_filters () is being called from __secure_computing () to test syscall called by the current process. But, looking at seccomp_run_filters (), the syscall number, which is passed as an argument, is not used anywhere.

It seems that sk_run_filter () is an implementation of the BPF filter machine, but sk_run_filter () is called from seccomp_run_filters () with the first argument (buffer to start the filter) NULL.

My question is: how does the seccomp_run_filters () filter turn off without using an argument?

The following is the source code for seccomp_run_filters ():

/**
 * seccomp_run_filters - evaluates all seccomp filters against @syscall
 * @syscall: number of the current system call
 *
 * Returns valid seccomp BPF response codes.
 */
static u32 seccomp_run_filters(int syscall)
{
        struct seccomp_filter *f;
        u32 ret = SECCOMP_RET_ALLOW;

        /* Ensure unexpected behavior doesn't result in failing open. */
        if (WARN_ON(current->seccomp.filter == NULL))
                return SECCOMP_RET_KILL;

        /*
         * All filters in the list are evaluated and the lowest BPF return
         * value always takes priority (ignoring the DATA).
         */
        for (f = current->seccomp.filter; f; f = f->prev) {
                u32 cur_ret = sk_run_filter(NULL, f->insns);
                if ((cur_ret & SECCOMP_RET_ACTION) < (ret & SECCOMP_RET_ACTION))
                        ret = cur_ret;
        }
        return ret;
}