From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A35993F0762 for ; Tue, 14 Apr 2026 17:41:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776188512; cv=none; b=JHyv9R9NoRrj6QLoJhxGbtmJXtDFC+6lW5Tug1dDcMMwz+Wirym63ftami79KYb7eyA8COfN2qkbr27lmCsacrXEOix0F3UIco/3EZA/yn5NsxtAaa68zUDaUIjdUkMDHS7uoArHNZ3hFCEmxx4lGwrGp2Ay/WyExz2JMOwOUf0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776188512; c=relaxed/simple; bh=Yc4f5buhOlwNLHnr6WFHyyCHNxkNoWGNEetmWxhA42c=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=PZ5ayrB0aTIObGYnCsI/OFGwBC3DuIPY4kvrYZ7AeKa9bRutqqQPIZVrBUuUbqec1EA/StIptSzrM8vryFzViWQweF74Iu7j9XKoZVxCuzUSu3nZ+T+9E4Mz1XRhX6Tv+RU1CP1VpO9Cen5b2h3KPg3nm2RfiS9OtSL/4fBJNNY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=XaHOVRXc; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="XaHOVRXc" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1776188509; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Yc4f5buhOlwNLHnr6WFHyyCHNxkNoWGNEetmWxhA42c=; b=XaHOVRXc52ys3Pqmeua5kJg9Fza0EAt4GqwlhC8V0W8fgVSkyTZrHheuMMBYbQquEZlci+ SQ1dJgQ7aTZ57SQNV4SuPYFTMkjs8GXWlf5/e5dK0dffrIb27uxtQGceSsPbCZVCFDkC1G CO6XmiL8gfxaYP/8nqb+ff072LApeqI= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-624-1XCNTlQYPnK1UX_nSLRQGA-1; Tue, 14 Apr 2026 13:41:46 -0400 X-MC-Unique: 1XCNTlQYPnK1UX_nSLRQGA-1 X-Mimecast-MFC-AGG-ID: 1XCNTlQYPnK1UX_nSLRQGA_1776188504 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 7E1A9195608E; Tue, 14 Apr 2026 17:41:44 +0000 (UTC) Received: from fedora (unknown [10.44.48.62]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with SMTP id 02AF5195608E; Tue, 14 Apr 2026 17:41:40 +0000 (UTC) Received: by fedora (nbSMTP-1.00) for uid 1000 oleg@redhat.com; Tue, 14 Apr 2026 19:41:44 +0200 (CEST) Date: Tue, 14 Apr 2026 19:41:39 +0200 From: Oleg Nesterov To: Kees Cook Cc: Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Will Drewry , Kusaram Devineni , Max Ver , linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH 2/2] seccomp: defer syscall_rollback() to get_signal() Message-ID: References: <202604141026.4BEA64A4@keescook> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202604141026.4BEA64A4@keescook> X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 On 04/14, Kees Cook wrote: > > On Tue, Apr 14, 2026 at 06:48:20PM +0200, Oleg Nesterov wrote: > > Currently, seccomp_nack_syscall() calls syscall_rollback() immediately. > > Because this restores the original registers, the syscall exit path sees > > the original syscall number as the return value. > > > > This confuses audit_syscall_exit(), trace_syscall_exit(), and ptrace. > > > > Change seccomp_nack_syscall() to call syscall_set_return_value(-EINTR), > > and add the new check_force_sig_seccomp() helper called by get_signal() > > which does syscall_rollback() if the signal was sent by seccomp. > > > > Note that the si_code == SYS_SECCOMP check in check_force_sig_seccomp() > > is not 100% reliable, see the comment in check_force_sig_seccomp(), but > > I hope we don't really care. > > > > Reported-by: Max Ver > > Closes: https://lore.kernel.org/all/CABjJbFJO+p3jA1r0gjUZrCepQb1Fab3kqxYhc_PSfoqo21ypeQ@mail.gmail.com/ > > Signed-off-by: Oleg Nesterov > > Can we also add a new selftest for this case? Yes sure. but do you agree with this RFC approach? See also 0/2. Perhaps SYSCALL_WORK_SYSCALL_XXX makes more sense? I do think it makes more sense and it is closer to my initial "[RFC PATCH] ptrace: don't report syscall-exit if the tracee was killed by seccomp" attempt/ But I'm afraid this change would be "too visible". > I'd like to be sure we > don't regress when we make changes in the future... Yes, I understand. And just in case... I ran tools/testing/selftests/seccomp/seccomp_bpf, it doesn't show any regression. Oleg.