From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-dy1-f171.google.com (mail-dy1-f171.google.com [74.125.82.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3661D384223 for ; Mon, 29 Jun 2026 18:29:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.171 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782757797; cv=none; b=Xl7cKx5OOxhqvyMjns/J7lIepkLvy3CXweopl2+AxKOYWxzoZYuWsXtq345CUoQgiHLSzr6REJwOMqdONWtMtjzDYCYjl6XKpoK/0F/06ksWAOnN0ySpShdYjc2j0Rh8Uq/RGyhsBqYas3d5HriMfVC2k992NQDeyPQ8lN0ydTc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782757797; c=relaxed/simple; bh=tb8zYb0rUQHq8v0T3ffXH88rFic80bCyZWyhB7aV958=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=K0w6jjfM6//uDJRRB1uJ0pkIxMnMGOcR6TVTDRppyaoKPBK6jvZvQYCAHzGRlFV2QCKmza7rZXP1l4SEy8WwJsGo2kyOECZI6m4I6agZHjlNbubpFH78PrvxCZtod3fFkU1LunrlNIVVOU9vCSDp1k4r6uNCsMxelUC3WuCFjd4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=RS9YjfSF; arc=none smtp.client-ip=74.125.82.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RS9YjfSF" Received: by mail-dy1-f171.google.com with SMTP id 5a478bee46e88-30c965eab27so6982949eec.0 for ; Mon, 29 Jun 2026 11:29:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782757795; x=1783362595; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=vOXx8KjnXCH8WGWSSSkVZN9ds8kGcTXaH0+3DMwQEBg=; b=RS9YjfSFDXLCN4hNIgl9+dlDuWrskbyUQkn2sTXKQKYc+7pugU3h3PMbJ6wh1hvTlL fErkvRKg/sC4eUj5wdiF/KluL16dzgVAE5yJTrmb1TAkXQhXxDodGvYagXRE1PjnXh77 HNurG4qTYbvW02Mk/VUrYrtjXnkmrhs4v0WbMftvz8SqRa8aKoEOjYOzxTK6pb/IJbcz 3Ayn9H10CMVr9dfzNlMUbDcIXkCNWDrIz79wltct5/FYgiMiZEQ4P7RjlUoUEG2c9RFc ujd39BesqaPxq+vADihFqb430puiRCZPp6N1EV3NWB3QkBj6P6I4rCd1X83Nxls6vrDh 0BGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782757795; x=1783362595; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=vOXx8KjnXCH8WGWSSSkVZN9ds8kGcTXaH0+3DMwQEBg=; b=eLMcwZLIhI/E+i3PZLOBUp10LaiROjAC4smj2MRJLLOhSw0W5YXDmBftw8vShCzdRV TCbefMMRbJxaCq4Oyv5N8QAZZB3nyw/SKZ2vK8HVUZgeGA2gXOAmyB3kfls7d1J/j+ZJ L1tyauczyoCivFB2jUk3OXdFja5GdvbFxbrFmRN7X+NLnFVYuoOKHH1wNJpE9hgtKjMl 1dl/fYMQZMsGJZ9lC+L/BV6zJOYJsbGA2P1h4n2P3g+jU6XLgCbkCwD9xA5PCL1NhaB5 ZRV4cjsII/8okLZSOJfzbQj6gOly0Oq2GGlDSrvQ0FsaPHz2cfHWcssZ0VGsM6nvJi6h T0DQ== X-Forwarded-Encrypted: i=1; AHgh+RqjEuD9MtG2WuqCfZRE9+6j0leCUWUTY/Il9RK9jtV9QJhFm/IhHT4PRjYy73BArM4kapb3dBKs2qparVM=@vger.kernel.org X-Gm-Message-State: AOJu0YxD/31c2szdnTLdRW58Qa777/zTpYkISv8p3b+4lqnTRFKCUHM5 1cJwrb6Kz7KNgwss+hs4r2Dka6uk4MHiMrnrbzGSfk7OyQ4BzcBP/ooT X-Gm-Gg: AfdE7clEeKTCeYWJdpdMrdTVzx2JRqfUCTT7Z8q+IIqcF0m1gawOJDFyWIlJT57JnK7 x6cs5/HQOISfBeaIVoxutiZcN99Rv+ZgX9z9W8VClxnXbHgsnytxiccXRj8+W9G8C/rFiVIhK5X +Be6hWo0Y0OpFO/xuQ5O4nOsAdevMCBnbeilXm/8qRXouQW92KNuDUjT4/cRDmgJgJN05yinf0o Vz3LVII1cGsr+ZCvMPYq1t7ao4H/wD5ueRDNsHZuavsa546xkJO8HVPAO7/MCLiznqBLu34OF9B PVg8RImQZ9BzBaAPMw0IAnnrgnMV4brZX75TVLJYMbAthzqmj4/zwRfLeMwoMYUS9bjlFQXtWON 30CFjFHvBlK8/FtrPJ/hDECvUWvV3HPvc0U+/b1idYNBsJLZIb7ZfR3c8++pSWxg/w29IL5wWiq ZaBvc8Hp8BboMBmt6Sgfy6Oe3H5323an+v6N5YyKI2P2lwPn4SyB6Lj8u+wNFnuSJj/g== X-Received: by 2002:a05:7301:100e:b0:304:e2a5:689a with SMTP id 5a478bee46e88-30ee136b835mr405041eec.21.1782757795251; Mon, 29 Jun 2026 11:29:55 -0700 (PDT) Received: from li-1a3e774c-28e4-11b2-a85c-acc9f2883e29.ibm.com.com ([106.51.160.236]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-30ee31711acsm75391eec.18.2026.06.29.11.29.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jun 2026 11:29:54 -0700 (PDT) From: "Mukesh Kumar Chaurasiya (IBM)" To: maddy@linux.ibm.com, mpe@ellerman.id.au, npiggin@gmail.com, chleroy@kernel.org, mkchauras@linux.ibm.com, sshegde@linux.ibm.com, ryan.roberts@arm.com, ruanjinjie@huawei.com, mkchauras@gmail.com, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org Cc: =?UTF-8?q?Michal=20Such=C3=A1nek?= Subject: [PATCH V2] powerpc/syscall: Fix seccomp errno handling with GENERIC_ENTRY Date: Mon, 29 Jun 2026 23:59:46 +0530 Message-ID: <20260629182946.419552-1-mkchauras@gmail.com> X-Mailer: git-send-email 2.54.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After enabling GENERIC_ENTRY on PowerPC, seccomp filters using SCMP_ACT_ERRNO without an explicit errnoRet value return ENOSYS (Function not implemented) instead of the expected EPERM (Operation not permitted). The issue occurs in system_call_exception() when syscall_enter_from_user_mode() returns -1 to indicate the syscall should be skipped (e.g., blocked by seccomp). The current code treats this -1 as a syscall number and compares it against NR_syscalls. Since -1 is greater than NR_syscalls, the code incorrectly returns -ENOSYS, overwriting the errno that seccomp already set via syscall_set_return_value(). The generic entry code in syscall_trace_enter() calls __secure_computing(), which sets the appropriate errno in regs->gpr[3] and returns -1 to signal that the syscall should be skipped. However, the PowerPC syscall handler was not checking for this -1 return value before validating the syscall number. Fix this by explicitly checking if syscall_enter_from_user_mode() returns -1 and returning the value already set in regs->gpr[3] (the errno from seccomp) before performing the syscall number validation. Also Move the syscall_enter_from_user_mode() call and the seccomp/ptrace skip check to after the NR_syscalls bounds check. When syscall -1 was passed, the r0 == -1L check would trigger before the NR_syscalls check, causing syscall_get_error() to return 0 instead of -ENOSYS. This resulted in a silent success (ret=0, errno=0) instead of the expected ENOSYS error. By moving syscall_enter_from_user_mode() after the bounds check, an initial syscall number of -1 is correctly rejected with -ENOSYS first. The seccomp/ptrace skip path still works correctly for valid syscall numbers that get overridden to -1 by seccomp or ptrace. This aligns PowerPC's behavior with other architectures using GENERIC_ENTRY and restores correct seccomp errno handling. Fixes: bee25f97ad24 ("powerpc: Enable GENERIC_ENTRY feature") Reported-by: Michal Suchánek Closes: https://lore.kernel.org/all/ajpp-_XnbF3UTM_E@kunlun.suse.cz/ Signed-off-by: Mukesh Kumar Chaurasiya (IBM) --- v1 -> v2: - Fix issues in the previous fix (Michal) v1: https://lore.kernel.org/all/20260624171520.772408-1-mkchauras@gmail.com arch/powerpc/kernel/syscall.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/syscall.c b/arch/powerpc/kernel/syscall.c index a9da2af6efa8..36d73933a311 100644 --- a/arch/powerpc/kernel/syscall.c +++ b/arch/powerpc/kernel/syscall.c @@ -20,7 +20,6 @@ notrace long system_call_exception(struct pt_regs *regs, unsigned long r0) syscall_fn f; add_random_kstack_offset(); - r0 = syscall_enter_from_user_mode(regs, r0); if (unlikely(r0 >= NR_syscalls)) { if (unlikely(trap_is_unsupported_scv(regs))) { @@ -31,6 +30,12 @@ notrace long system_call_exception(struct pt_regs *regs, unsigned long r0) return -ENOSYS; } + r0 = syscall_enter_from_user_mode(regs, r0); + + /* Seccomp or ptrace may have set return value, skip syscall */ + if (unlikely(r0 == -1L)) + return syscall_get_error(current, regs); + /* May be faster to do array_index_nospec? */ barrier_nospec(); -- 2.54.0