On Mon, Jun 29, 2026 at 03:31:36PM +0200, Michal Suchánek wrote:
> Hello,
>
> there is yet another bug identified.
>
> When the initial syscall number is -1 the new condition bypasses setting
> the ENOSYS below in if (unlikely(r0 >= NR_syscalls)) and returns 0.
>
> perl -MPOSIX -e '$!=0; my $r = syscall(-1, 0); print "ret=$r errno=".($!+0)."
> ($!)\n"'
>
> Normally the result is
>
> ret=-1 errno=38 (Function not implemented)
>
> but with this patch the result is
>
> ret=0 errno=0 ()
>
> fixup below.
>
> On Wed, Jun 24, 2026 at 10:45:20PM +0530, Mukesh Kumar Chaurasiya (IBM) wrote:
> > After enabling GENERIC_ENTRY on PowerPC, seccomp filters using
> > SCMP_ACT_ERRNO without an explicit errnoRet value return ENOSYS
> > (Function not implemented) instead of the expected EPERM (Operation
> > not permitted).
> >
> > The issue occurs in system_call_exception() when
> > syscall_enter_from_user_mode()
> > returns -1 to indicate the syscall should be skipped (e.g., blocked by
> > seccomp).
> > The current code treats this -1 as a syscall number and compares it against
> > NR_syscalls. Since -1 (when cast to unsigned long) is greater than
> > NR_syscalls,
> > the code incorrectly returns -ENOSYS, overwriting the errno that seccomp
> > already set via syscall_set_return_value().
> >
> > The generic entry code in syscall_trace_enter() calls __secure_computing(),
> > which sets the appropriate errno in regs->gpr[3] and returns -1 to signal
> > that the syscall should be skipped. However, the PowerPC syscall handler
> > was not checking for this -1 return value before validating the syscall
> > number.
> >
> > Fix this by explicitly checking if syscall_enter_from_user_mode() returns
> > -1 and returning the value already set in regs->gpr[3] (the errno from
> > seccomp) before performing the syscall number validation.
> >
> > This aligns PowerPC's behavior with other architectures using GENERIC_ENTRY
> > and restores correct seccomp errno handling.
> >
> > Fixes: bee25f97ad24 ("powerpc: Enable GENERIC_ENTRY feature")
> > Reported-by: Michal Suchánek <[email protected]>
> > Signed-off-by: Mukesh Kumar Chaurasiya (IBM) <[email protected]>
> > ---
> > arch/powerpc/kernel/syscall.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/arch/powerpc/kernel/syscall.c b/arch/powerpc/kernel/syscall.c
> > index a9da2af6efa8..5b58c8d396c8 100644
> > --- a/arch/powerpc/kernel/syscall.c
> > +++ b/arch/powerpc/kernel/syscall.c
> > @@ -22,6 +22,10 @@ notrace long system_call_exception(struct pt_regs *regs,
> > unsigned long r0)
> unsigned long r0_initial = r0;
> > add_random_kstack_offset();
> > r0 = syscall_enter_from_user_mode(regs, r0);
> >
> > + /* Seccomp or ptrace may have set return value, skip syscall */
> > + if (unlikely(r0 == -1L)
> && (r0_initial != -1L))
> > + return regs->gpr[3];
> > +
> > if (unlikely(r0 >= NR_syscalls)) {
> > if (unlikely(trap_is_unsupported_scv(regs))) {
> > /* Unsupported scv vector */
>
> Thanks
>
> Michal
What do you think about this diff?
This seems much cleaner.
diff --git a/arch/powerpc/kernel/syscall.c b/arch/powerpc/kernel/syscall.c
index a9da2af6efa8..a6c89052e8c5 100644
--- a/arch/powerpc/kernel/syscall.c
+++ b/arch/powerpc/kernel/syscall.c
@@ -20,8 +20,6 @@ notrace long system_call_exception(struct pt_regs *regs,
unsigned long r0)
syscall_fn f;
add_random_kstack_offset();
- r0 = syscall_enter_from_user_mode(regs, r0);
-
if (unlikely(r0 >= NR_syscalls)) {
if (unlikely(trap_is_unsupported_scv(regs))) {
/* Unsupported scv vector */
@@ -30,6 +28,11 @@ notrace long system_call_exception(struct pt_regs *regs,
unsigned long r0)
}
return -ENOSYS;
}
+ r0 = syscall_enter_from_user_mode(regs, r0);
+
+ /* Seccomp or ptrace may have set return value, skip syscall */
+ if (unlikely(r0 == -1L))
+ return syscall_get_error(current, regs);
/* May be faster to do array_index_nospec? */
barrier_nospec();
Regards,
Mukesh
