Thread (12 messages) 12 messages, 4 authors, 4d ago

Re: [PATCH] powerpc/syscall: Fix seccomp errno handling with GENERIC_ENTRY

From: Mukesh Kumar Chaurasiya <hidden>
Date: 2026-06-29 17:03:01
Also in: lkml
Subsystem: linux for powerpc (32-bit and 64-bit), the rest · Maintainers: Madhavan Srinivasan, Michael Ellerman, Linus Torvalds

On Mon, Jun 29, 2026 at 03:31:36PM +0200, Michal Suchánek wrote:
Hello,

there is yet another bug identified.

When the initial syscall number is -1 the new condition bypasses setting
the ENOSYS below in if (unlikely(r0 >= NR_syscalls)) and returns 0.

perl -MPOSIX -e '$!=0; my $r = syscall(-1, 0); print "ret=$r errno=".($!+0)." ($!)\n"'

Normally the result is

ret=-1 errno=38 (Function not implemented)

but with this patch the result is

ret=0 errno=0 ()

fixup below.

On Wed, Jun 24, 2026 at 10:45:20PM +0530, Mukesh Kumar Chaurasiya (IBM) wrote:
quoted
After enabling GENERIC_ENTRY on PowerPC, seccomp filters using
SCMP_ACT_ERRNO without an explicit errnoRet value return ENOSYS
(Function not implemented) instead of the expected EPERM (Operation
not permitted).

The issue occurs in system_call_exception() when syscall_enter_from_user_mode()
returns -1 to indicate the syscall should be skipped (e.g., blocked by seccomp).
The current code treats this -1 as a syscall number and compares it against
NR_syscalls. Since -1 (when cast to unsigned long) is greater than NR_syscalls,
the code incorrectly returns -ENOSYS, overwriting the errno that seccomp
already set via syscall_set_return_value().

The generic entry code in syscall_trace_enter() calls __secure_computing(),
which sets the appropriate errno in regs->gpr[3] and returns -1 to signal
that the syscall should be skipped. However, the PowerPC syscall handler
was not checking for this -1 return value before validating the syscall
number.

Fix this by explicitly checking if syscall_enter_from_user_mode() returns
-1 and returning the value already set in regs->gpr[3] (the errno from
seccomp) before performing the syscall number validation.

This aligns PowerPC's behavior with other architectures using GENERIC_ENTRY
and restores correct seccomp errno handling.

Fixes: bee25f97ad24 ("powerpc: Enable GENERIC_ENTRY feature")
Reported-by: Michal Suchánek <redacted>
Signed-off-by: Mukesh Kumar Chaurasiya (IBM) <redacted>
---
 arch/powerpc/kernel/syscall.c | 4 ++++
 1 file changed, 4 insertions(+)
diff --git a/arch/powerpc/kernel/syscall.c b/arch/powerpc/kernel/syscall.c
index a9da2af6efa8..5b58c8d396c8 100644
--- a/arch/powerpc/kernel/syscall.c
+++ b/arch/powerpc/kernel/syscall.c
@@ -22,6 +22,10 @@ notrace long system_call_exception(struct pt_regs *regs, unsigned long r0)
	unsigned long r0_initial = r0;
quoted
 	add_random_kstack_offset();
 	r0 = syscall_enter_from_user_mode(regs, r0);
 
+	/* Seccomp or ptrace may have set return value, skip syscall */
+	if (unlikely(r0 == -1L)
				&& (r0_initial != -1L))
quoted
+		return regs->gpr[3];
+
 	if (unlikely(r0 >= NR_syscalls)) {
 		if (unlikely(trap_is_unsupported_scv(regs))) {
 			/* Unsupported scv vector */
Thanks

Michal
What do you think about this diff?
This seems much cleaner.
diff --git a/arch/powerpc/kernel/syscall.c b/arch/powerpc/kernel/syscall.c
index a9da2af6efa8..a6c89052e8c5 100644
--- a/arch/powerpc/kernel/syscall.c
+++ b/arch/powerpc/kernel/syscall.c
@@ -20,8 +20,6 @@ notrace long system_call_exception(struct pt_regs *regs, unsigned long r0)
        syscall_fn f;
 
        add_random_kstack_offset();
-       r0 = syscall_enter_from_user_mode(regs, r0);
-
        if (unlikely(r0 >= NR_syscalls)) {
                if (unlikely(trap_is_unsupported_scv(regs))) {
                        /* Unsupported scv vector */
@@ -30,6 +28,11 @@ notrace long system_call_exception(struct pt_regs *regs, unsigned long r0)
                }
                return -ENOSYS;
        }
+       r0 = syscall_enter_from_user_mode(regs, r0);
+
+       /* Seccomp or ptrace may have set return value, skip syscall */
+       if (unlikely(r0 == -1L))
+               return syscall_get_error(current, regs);
 
        /* May be faster to do array_index_nospec? */
        barrier_nospec();
Regards,
Mukesh
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help