From: Thomas Gleixner <tglx@kernel.org>
To: Jinjie Ruan <ruanjinjie@huawei.com>,
catalin.marinas@arm.com, will@kernel.org, oleg@redhat.com,
peterz@infradead.org, luto@kernel.org, kees@kernel.org,
wad@chromium.org, ruanjinjie@huawei.com, mark.rutland@arm.com,
yeoreum.yun@arm.com, linusw@kernel.org, kevin.brodsky@arm.com,
ldv@strace.io, thuth@redhat.com, james.morse@arm.com,
song@kernel.org, ada.coupriediaz@arm.com,
anshuman.khandual@arm.com, broonie@kernel.org,
ryan.roberts@arm.com, pengcan@kylinos.cn, liqiang01@kylinos.cn,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v15 01/11] entry: Fix potential syscall truncation in syscall_trace_enter()
Date: Wed, 24 Jun 2026 19:34:35 +0200 [thread overview]
Message-ID: <874iirlu50.ffs@fw13> (raw)
In-Reply-To: <20260511092103.1974980-2-ruanjinjie@huawei.com>
On Mon, May 11 2026 at 17:20, Jinjie Ruan wrote:
> In syscall_trace_enter(), the current logic returns "ret ? : syscall".
> While __secure_computing() currently only returns 0 (allow) or -1 (kill),
> this "ret ? : syscall" pattern is conceptually flawed.
>
> If __secure_computing() were to return a non-zero value that isn't -1, it
> would unintentionally override the actual system call number. This logic
> is redundant because if seccomp denies the syscall, the execution path
> should already be handled by the caller based on the error return, rather
> than conflating the return code with the syscall number.
>
> Fix it by explicitly returning the syscall number. This ensures
> the syscall register remains untainted by the trace return values and
> aligns with the expectation that seccomp-related interceptions are
> handled via the -1 return status.
>
> Cc: Thomas Gleixner <tglx@kernel.org>
> Fixes: 142781e108b1 ("entry: Provide generic syscall entry functionality")
What's fixed here?
A potential future change of the __secure_computing() return value
requires that _ALL_ callsites of that function have to be audited
and fixed up, no?
So the change is not a fix it's an optimization to get rid of the extra
conditional.
If you really want to sanitize this, then change the
__secure_computing() return type to boolean (true = allow, false =
fail) and fixup the two dozen or so call sites.
Thanks,
tglx
next prev parent reply other threads:[~2026-06-24 17:34 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-11 9:20 [PATCH v15 00/11] arm64: entry: Convert to Generic Entry Jinjie Ruan
2026-05-11 9:20 ` [PATCH v15 01/11] entry: Fix potential syscall truncation in syscall_trace_enter() Jinjie Ruan
2026-05-27 12:21 ` Linus Walleij
2026-05-27 12:21 ` Linus Walleij
2026-06-24 13:34 ` Ada Couprie Diaz
2026-06-24 13:34 ` Ada Couprie Diaz
2026-06-24 17:34 ` Thomas Gleixner [this message]
2026-05-11 9:20 ` [PATCH v15 02/11] arm64/ptrace: Refactor syscall_trace_enter/exit() to accept flags parameter Jinjie Ruan
2026-06-24 13:38 ` Ada Couprie Diaz
2026-06-24 13:38 ` Ada Couprie Diaz
2026-05-11 9:20 ` [PATCH v15 03/11] arm64/ptrace: Use syscall_get_nr() helper for syscall_trace_enter() Jinjie Ruan
2026-06-24 13:42 ` Ada Couprie Diaz
2026-06-24 13:42 ` Ada Couprie Diaz
2026-05-11 9:20 ` [PATCH v15 04/11] arm64/ptrace: Expand secure_computing() in place Jinjie Ruan
2026-06-24 13:43 ` Ada Couprie Diaz
2026-06-24 13:43 ` Ada Couprie Diaz
2026-05-11 9:20 ` [PATCH v15 05/11] arm64/ptrace: Use syscall_get_arguments() helper for audit Jinjie Ruan
2026-06-24 13:44 ` Ada Couprie Diaz
2026-06-24 13:44 ` Ada Couprie Diaz
2026-05-11 9:20 ` [PATCH v15 06/11] arm64: ptrace: Move rseq_syscall() before audit_syscall_exit() Jinjie Ruan
2026-06-24 13:46 ` Ada Couprie Diaz
2026-06-24 13:46 ` Ada Couprie Diaz
2026-05-11 9:20 ` [PATCH v15 07/11] arm64: syscall: Introduce syscall_exit_to_user_mode_work() Jinjie Ruan
2026-06-24 14:37 ` Ada Couprie Diaz
2026-06-24 14:37 ` Ada Couprie Diaz
2026-05-11 9:21 ` [PATCH v15 08/11] arm64/ptrace: Define and use _TIF_SYSCALL_EXIT_WORK Jinjie Ruan
2026-06-24 14:53 ` Ada Couprie Diaz
2026-06-24 14:53 ` Ada Couprie Diaz
2026-05-11 9:21 ` [PATCH v15 09/11] arm64/ptrace: Skip syscall exit reporting for PTRACE_SYSEMU_SINGLESTEP Jinjie Ruan
2026-06-24 14:55 ` Ada Couprie Diaz
2026-06-24 14:55 ` Ada Couprie Diaz
2026-05-11 9:21 ` [PATCH v15 10/11] arm64: entry: Convert to generic entry Jinjie Ruan
2026-06-24 15:32 ` Ada Couprie Diaz
2026-06-24 15:32 ` Ada Couprie Diaz
2026-05-11 9:21 ` [PATCH v15 11/11] arm64: Inline el0_svc_common() Jinjie Ruan
2026-06-24 15:36 ` Ada Couprie Diaz
2026-06-24 15:36 ` Ada Couprie Diaz
2026-06-17 16:27 ` [PATCH v15 00/11] arm64: entry: Convert to Generic Entry Ada Couprie Diaz
2026-06-17 16:27 ` Ada Couprie Diaz
2026-06-24 15:44 ` Ada Couprie Diaz
2026-06-24 15:44 ` Ada Couprie Diaz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874iirlu50.ffs@fw13 \
--to=tglx@kernel.org \
--cc=ada.coupriediaz@arm.com \
--cc=anshuman.khandual@arm.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=kees@kernel.org \
--cc=kevin.brodsky@arm.com \
--cc=ldv@strace.io \
--cc=linusw@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=liqiang01@kylinos.cn \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=oleg@redhat.com \
--cc=pengcan@kylinos.cn \
--cc=peterz@infradead.org \
--cc=ruanjinjie@huawei.com \
--cc=ryan.roberts@arm.com \
--cc=song@kernel.org \
--cc=thuth@redhat.com \
--cc=wad@chromium.org \
--cc=will@kernel.org \
--cc=yeoreum.yun@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.