Thread (28 messages) 28 messages, 8 authors, 1h ago

Re: [PATCH v16 01/18] seccomp: Convert __secure_computing() to return boolean

From: Thomas Gleixner <tglx@kernel.org>
Date: 2026-07-03 09:48:56
Also in: linux-alpha, linux-m68k, linux-mips, linux-mm, linux-riscv, linux-s390, linux-sh, linux-um, lkml, loongarch

On Fri, Jul 03 2026 at 09:51, Michal Suchánek wrote:
On Mon, Jun 29, 2026 at 09:05:59PM +0800, Jinjie Ruan wrote:
quoted
-	if (secure_computing())
+	if (!secure_computing())
 		return -1;
Hello,

I am not fond of this logic inversion. The boolean is meaningless in
itself.

Previously -1 was used to indicate that the syscall was filtered but you
chose to invert the logic choosing true to mean syscall was not filtered.

You could choose true to mean that syscall was fitered avoiding this
inversion.
That's just wrong. Boolean logic makes more sense with having
(!condition()). Just because the old 0/-1 nonsense had it the other way
round does not mean it has to stay that way.
Sashiko points out some places in existing code where it supposedly
explodes which might or might not be true
The vsyscall one is correct, but that's a bug like any other one and should
be caught in review.

The blurb about bypass is AI halluzination nonsense.
but any in-flight patches that use secure_computing would also be
affected.
Maintainers know how to deal with collisions of that kind. Stop making
problems up.

Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help