Hi, On Wed, Jan 29, 2025 at 11:21:41PM +1000, Nicholas Piggin wrote: > Hi, > > I've been toying with the seccomp vs syscall return value problems, and > wonder if something like this approach could give us a simpler alternative. > Basically all the core code uses -errno return value, then we convert it > to the powerpc convention at the last minute when returning. > > This seems to pass the seccomp_bpf test cases when applied with the set > syscall info ptrace patches > > https://lore.kernel.org/lkml/20250113171054.ga...@strace.io/ > > With patch 1 of that series reverted. > > One concern is working out exact details of what tracers can see and > trying to ensure it doesn't break some corner case.
Does the strace test suite also pass with your changes? My bet is it doesn't pass because do_syscall_trace_leave() is called with a different state of struct pt_regs. As I wrote yesterday, the traditional powerpc sc syscall return ABI is exposed to user space not just when returning to user space, but, besides that, at syscall exit tracepoint (trace_sys_exit), ptrace syscall exit stop (ptrace_report_syscall_exit), and PTRACE_EVENT_SECCOMP stop (__secure_computing). There could be other points where this is exposed. For example, on many architectures the tracer can specify syscall error return value also at ptrace syscall entry stop (ptrace_report_syscall_entry), but powerpc does not implement this. -- ldv
