On Thu, 2021-11-11 at 19:57 +0100, Jan Kiszka via Xenomai wrote: > From: Jan Kiszka <[email protected]> > > __secure_computing, called by syscall_trace_enter, returns -1 when a > call should be skipped. We must avoid that this is interpreted as > EXIT_SYSCALL_OOB in the dovetail case. > > Fixes, e.g., crashes of Chrome in sandbox mode. > > Reported-by: Ando Yuta <[email protected]> > Signed-off-by: Jan Kiszka <[email protected]> > --- > > "Fixes" is my observation - Yuta-san, please confirm also for your setup. > > include/linux/entry-common.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/include/linux/entry-common.h b/include/linux/entry-common.h > index 2a08b00632b9..43cf846111d9 100644 > --- a/include/linux/entry-common.h > +++ b/include/linux/entry-common.h > @@ -66,8 +66,8 @@ > * Status codes of syscall entry when Dovetail is enabled. Must not > * conflict with valid syscall numbers.
Maybe extend this comment why -1 can not be used here? > */ > -#define EXIT_SYSCALL_OOB (-1) > -#define EXIT_SYSCALL_TAIL (-2) > +#define EXIT_SYSCALL_OOB (-2) > +#define EXIT_SYSCALL_TAIL (-3) > > /** > * arch_check_user_regs - Architecture specific sanity check for user mode > regs
