From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B0A83346A5
	for <linux-kernel@vger.kernel.org>; Wed, 15 Apr 2026 10:44:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1776249885; cv=none; b=fne+zyaCGmgrOav79HkyMELmwUSACDiXnb5F8KXSd7FPuUo9j6ybA9rYvt6EhzDZ3U+qOSSnAUTdgABQGlLf0c60RrBigMjpilujiL/aigdShKWr1ZOip+4jgfwb3oQiYSI8nvdyGyU5+QpR5SjOn3yaWQOo6uLkA1fMZcGHa2s=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1776249885; c=relaxed/simple;
	bh=ys0cF5e+2UPdPO3vXUv3BX+XahrlINXKidoEfElzYzk=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=khoHWVSlF6YYMh66bG6bLuVFEx9KZ47Ek2849MnBLD65hWu5NryUeY38LQdZfKseDZsLmN6pr+vq7LdQDXtVLNe3BS/y/dOPkMotPAAjL1jt0oU655vaiTxJB53BtPK4DnKUGs/OhPYrxWiONDm+dcw6K2Q997RvQJncDVTgK8Y=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=YCWmhp9S; arc=none smtp.client-ip=170.10.133.124
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="YCWmhp9S"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1776249883;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=kzBC0QanhoisATeMpibabImBlhaNZvK36leTt0M5KwY=;
	b=YCWmhp9SYZZIWgdyA1vNouQiQORfNmLRgDbEz2UrJ8GqqNgzlkZrfE3j6+JX8p/JcDCC3w
	ldLMUVQQB5efvFrYWzW9xRLLzYvPmF+pMas3dVYVnxAwOuLovdN612uiAMP8SqHQElB4B2
	sb+tVdBdKzVt54RiqfG8GN1Fu6ipsec=
Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-686-E_4sbkj2NaydzpkR42tsng-1; Wed,
 15 Apr 2026 06:44:33 -0400
X-MC-Unique: E_4sbkj2NaydzpkR42tsng-1
X-Mimecast-MFC-AGG-ID: E_4sbkj2NaydzpkR42tsng_1776249871
Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 353ED1955F39;
	Wed, 15 Apr 2026 10:44:31 +0000 (UTC)
Received: from fedora (unknown [10.44.48.62])
	by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with SMTP id 49661195608E;
	Wed, 15 Apr 2026 10:44:26 +0000 (UTC)
Received: by fedora (nbSMTP-1.00) for uid 1000
	oleg@redhat.com; Wed, 15 Apr 2026 12:44:30 +0200 (CEST)
Date: Wed, 15 Apr 2026 12:44:25 +0200
From: Oleg Nesterov <oleg@redhat.com>
To: Andy Lutomirski <luto@kernel.org>, Kees Cook <kees@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Thomas Gleixner <tglx@kernel.org>, Will Drewry <wad@chromium.org>
Cc: Kusaram Devineni <kusaram@devineni.in>,
	Max Ver <dudududumaxver@gmail.com>, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 0/2] seccomp: defer syscall_rollback() to get_signal()
Message-ID: <ad9sCZbKTrNIAOuq@redhat.com>
References: <ad5voOrbqayQBgNk@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ad5voOrbqayQBgNk@redhat.com>
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17

On 04/14, Oleg Nesterov wrote:
>
> Kees, Andy, et al, please comment. I think the usage of syscall_rollback()
> in __seccomp_filter() is not right.

I'll recheck, but in fact this logic looks broken... force_sig_seccomp() assumes
that it can't race with (say) SIGSEGV which has a handler. And 2/2 makes the things
slightly worse. So self-nack for now.

> In fact I think that syscall_exit_work() should do nothing if a
> syscall was rejected with force_sig_seccomp() by __seccomp_filter().
> If nothing else, the syscall was never actually executed.
>
> Perhaps we can add a new SYSCALL_WORK_SYSCALL_XXX to SYSCALL_WORK_EXIT.
> seccomp_nack_syscall() can set this flag, and syscall_exit_work() can do
>
> 	if (work & SYSCALL_WORK_SYSCALL_XXX) {
> 		clear_syscall_work(SYSCALL_XXX); // for the !force_coredump case
> 		return;
> 	}
>
> after the "if (SYSCALL_WORK_SYSCALL_USER_DISPATCH)" block.
>
> But I didn't dare to do such a change.
>
> What do you think?

I'll try to send a patch based on above this week.

Oleg.