Re: [PATCH v15 01/11] entry: Fix potential syscall truncation in syscall_trace_enter()

From: Ada Couprie Diaz

Date: Wed Jun 24 2026 - 09:35:09 EST


On 11/05/2026 10:20, Jinjie Ruan wrote:

In syscall_trace_enter(), the current logic returns "ret ? : syscall".
While __secure_computing() currently only returns 0 (allow) or -1 (kill),
this "ret ? : syscall" pattern is conceptually flawed.

If __secure_computing() were to return a non-zero value that isn't -1, it
would unintentionally override the actual system call number. This logic
is redundant because if seccomp denies the syscall, the execution path
should already be handled by the caller based on the error return, rather
than conflating the return code with the syscall number.

Fix it by explicitly returning the syscall number. This ensures
the syscall register remains untainted by the trace return values and
aligns with the expectation that seccomp-related interceptions are
handled via the -1 return status.

Cc: Thomas Gleixner <tglx@xxxxxxxxxx>
Fixes: 142781e108b1 ("entry: Provide generic syscall entry functionality")
Signed-off-by: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
---
Reviewed-by: Ada Couprie Diaz <ada.coupriediaz@xxxxxxx>