From: Kees Cook <kees@kernel.org>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@kernel.org>, Will Drewry <wad@chromium.org>,
Kusaram Devineni <kusaram@devineni.in>,
Max Ver <dudududumaxver@gmail.com>,
linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 2/2] seccomp: defer syscall_rollback() to get_signal()
Date: Tue, 14 Apr 2026 10:27:07 -0700 [thread overview]
Message-ID: <202604141026.4BEA64A4@keescook> (raw)
In-Reply-To: <ad5v1J7bosR88z7b@redhat.com>
On Tue, Apr 14, 2026 at 06:48:20PM +0200, Oleg Nesterov wrote:
> Currently, seccomp_nack_syscall() calls syscall_rollback() immediately.
> Because this restores the original registers, the syscall exit path sees
> the original syscall number as the return value.
>
> This confuses audit_syscall_exit(), trace_syscall_exit(), and ptrace.
>
> Change seccomp_nack_syscall() to call syscall_set_return_value(-EINTR),
> and add the new check_force_sig_seccomp() helper called by get_signal()
> which does syscall_rollback() if the signal was sent by seccomp.
>
> Note that the si_code == SYS_SECCOMP check in check_force_sig_seccomp()
> is not 100% reliable, see the comment in check_force_sig_seccomp(), but
> I hope we don't really care.
>
> Reported-by: Max Ver <dudududumaxver@gmail.com>
> Closes: https://lore.kernel.org/all/CABjJbFJO+p3jA1r0gjUZrCepQb1Fab3kqxYhc_PSfoqo21ypeQ@mail.gmail.com/
> Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Can we also add a new selftest for this case? I'd like to be sure we
don't regress when we make changes in the future...
-Kees
--
Kees Cook
next prev parent reply other threads:[~2026-04-14 17:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-14 16:47 [RFC PATCH 0/2] seccomp: defer syscall_rollback() to get_signal() Oleg Nesterov
2026-04-14 16:48 ` [RFC PATCH 1/2] seccomp: introduce seccomp_nack_syscall() helper Oleg Nesterov
2026-04-14 16:48 ` [RFC PATCH 2/2] seccomp: defer syscall_rollback() to get_signal() Oleg Nesterov
2026-04-14 17:27 ` Kees Cook [this message]
2026-04-14 17:41 ` Oleg Nesterov
2026-04-15 15:50 ` Kees Cook
2026-04-15 16:08 ` Oleg Nesterov
2026-04-15 10:44 ` [RFC PATCH 0/2] " Oleg Nesterov
2026-04-15 16:07 ` Kees Cook
2026-04-15 19:21 ` Kees Cook
2026-04-16 14:07 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202604141026.4BEA64A4@keescook \
--to=kees@kernel.org \
--cc=dudududumaxver@gmail.com \
--cc=kusaram@devineni.in \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@kernel.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.