From: Oleg Nesterov <oleg@redhat.com>
To: Kees Cook <kees@kernel.org>
Cc: Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@kernel.org>, Will Drewry <wad@chromium.org>,
Kusaram Devineni <kusaram@devineni.in>,
Max Ver <dudududumaxver@gmail.com>,
linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 2/2] seccomp: defer syscall_rollback() to get_signal()
Date: Wed, 15 Apr 2026 18:08:42 +0200 [thread overview]
Message-ID: <ad-4CgKxYXFuGmBN@redhat.com> (raw)
In-Reply-To: <202604150848.0DA98133@keescook>
On 04/15, Kees Cook wrote:
>
> On Tue, Apr 14, 2026 at 07:41:39PM +0200, Oleg Nesterov wrote:
> > Yes sure. but do you agree with this RFC approach?
>
> I like it so far; I'm going to run the rr regression tests to
> double-check.
Thanks!
But see my reply to 0/2 ... I'll write another email later.
And I just noticed that I forgot to check info->si_signo == SIGSYS
in check_force_sig_seccomp().
So if you are going to run the test, please apply the fix below...
Oleg.
diff --git a/kernel/signal.c b/kernel/signal.c
index b93e37517d6d..49d73e4991b2 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -2809,7 +2816,7 @@ static inline void check_force_sig_seccomp(kernel_siginfo_t *info)
* seccomp siginfo is already lost anyway.
*/
if (IS_ENABLED(CONFIG_SECCOMP_FILTER)) {
- if (info->si_code == SYS_SECCOMP)
+ if (info->si_signo == SIGSYS && info->si_code == SYS_SECCOMP)
syscall_rollback(current, current_pt_regs());
}
}
next prev parent reply other threads:[~2026-04-15 16:08 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-14 16:47 [RFC PATCH 0/2] seccomp: defer syscall_rollback() to get_signal() Oleg Nesterov
2026-04-14 16:48 ` [RFC PATCH 1/2] seccomp: introduce seccomp_nack_syscall() helper Oleg Nesterov
2026-04-14 16:48 ` [RFC PATCH 2/2] seccomp: defer syscall_rollback() to get_signal() Oleg Nesterov
2026-04-14 17:27 ` Kees Cook
2026-04-14 17:41 ` Oleg Nesterov
2026-04-15 15:50 ` Kees Cook
2026-04-15 16:08 ` Oleg Nesterov [this message]
2026-04-15 10:44 ` [RFC PATCH 0/2] " Oleg Nesterov
2026-04-15 16:07 ` Kees Cook
2026-04-15 19:21 ` Kees Cook
2026-04-16 14:07 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ad-4CgKxYXFuGmBN@redhat.com \
--to=oleg@redhat.com \
--cc=dudududumaxver@gmail.com \
--cc=kees@kernel.org \
--cc=kusaram@devineni.in \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@kernel.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.