Thread (10 messages) 10 messages, 3 authors, 12h ago

Re: [PATCH V2] powerpc/syscall: Fix seccomp errno handling with GENERIC_ENTRY

From: Mukesh Kumar Chaurasiya <hidden>
Date: 2026-07-02 05:50:16
Also in: lkml

On Wed, Jul 01, 2026 at 10:29:49AM +0200, Michal Suchánek wrote:
On Wed, Jul 01, 2026 at 10:01:49AM +0200, Michal Suchánek wrote:
quoted
On Wed, Jul 01, 2026 at 09:41:57AM +0200, Michal Suchánek wrote:
quoted
On Wed, Jul 01, 2026 at 11:57:00AM +0530, Mukesh Kumar Chaurasiya wrote:
quoted
On Wed, Jul 01, 2026 at 01:41:09AM +0530, Shrikanth Hegde wrote:
quoted
Hi Mukesh.

On 6/29/26 11:59 PM, Mukesh Kumar Chaurasiya (IBM) wrote:
quoted
quoted
quoted
quoted
quoted
diff --git a/arch/powerpc/kernel/syscall.c b/arch/powerpc/kernel/syscall.c
index a9da2af6efa8..36d73933a311 100644
--- a/arch/powerpc/kernel/syscall.c
+++ b/arch/powerpc/kernel/syscall.c
@@ -20,7 +20,6 @@ notrace long system_call_exception(struct pt_regs *regs, unsigned long r0)
  	syscall_fn f;
  	add_random_kstack_offset();
-	r0 = syscall_enter_from_user_mode(regs, r0);
  	if (unlikely(r0 >= NR_syscalls)) {
  		if (unlikely(trap_is_unsupported_scv(regs))) {
@@ -31,6 +30,12 @@ notrace long system_call_exception(struct pt_regs *regs, unsigned long r0)
  		return -ENOSYS;
  	}
+	r0 = syscall_enter_from_user_mode(regs, r0);
+
I see many arch first do syscall_enter_from_user_mode and then check for return value.
take x86 for example,

__visible noinstr bool do_syscall_64(struct pt_regs *regs, int nr)
{
        nr = syscall_enter_from_user_mode(regs, nr);

        if (!do_syscall_x64(regs, nr) && !do_syscall_x32(regs, nr) && nr != -1) {
                /* Invalid system call, but still a system call. */
                regs->ax = __x64_sys_ni_syscall(regs);
        }

}

So seccomp fails silently there if initial nr was -1?
Hey,

No the -1 syscall ignores the error silently and returns 0.
There seems to be some inconsistency with the invalid syscalls.

Adapting the example from seccomp man page to ignore architecture I get
on x86_64 (presumably with GENERIC_ENTRY since long ago):

./a.out -2 55 /usr/bin/perl -MPOSIX -e '$!=0; my $r = syscall(-2, 0); print "ret=$r errno=".($!+0)." ($!)\n"'
ret=-1 errno=55 (No anode)

but on ppc64le (with GENEREC_ENTRY):

./a.out -2 55 /usr/bin/perl -MPOSIX -e '$!=0; my $r = syscall(-2, 0); print "ret=$r errno=".($!+0)." ($!)\n"'
ret=-1 errno=38 (Function not implemented)

That said, behavior of seccomp on invalid syscalls is not particularly
concerning. The tools that people typically use for constructing those
filters typically require a valid syscall number.

It would be nice to align, though.
It is more concerning for SECCOMP_SET_MODE_STRICT or similar. So it
should be resolved to correctly execute seccomp even on invalid
syscalls. The syscall_enter_from_user_mode API is not particularly
well-suited for that, though.
In particular the fixup per
https://lore.kernel.org/linuxppc-dev/akJzuEJRLniHk4Fi@kunlun.suse.cz/ (local)

handles some cases

./a.out -2 55 /usr/bin/perl -MPOSIX -e '$!=0; my $r = syscall(-2, 0); print "ret=$r errno=".($!+0)." ($!)\n"'
ret=-1 errno=55 (No anode)

but not -1

./a.out -1 55 /usr/bin/perl -MPOSIX -e '$!=0; my $r = syscall(-1, 0); print "ret=$r errno=".($!+0)." ($!)\n"'
ret=-1 errno=38 (Function not implemented)

which is the direct result of the ambiguous return value of
syscall_enter_from_user_mode

Thanks

Michal
Hey Michal,

Yeah this seems to be a more complex thing than anticipated.
As per conversation on your another patch here
https://lore.kernel.org/all/BA7CD91D-C0E5-47A1-B49C-BC6AF6604182@zytor.com/ (local)

This patch seems to be redundant at this point.

Regards,
Mukesh

Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help