[PATCH v15 01/11] entry: Fix potential syscall truncation in syscall_trace_enter()

[Jinjie Ruan]

In syscall_trace_enter(), the current logic returns "ret ? : syscall".
While __secure_computing() currently only returns 0 (allow) or -1 (kill),
this "ret ? : syscall" pattern is conceptually flawed.

If __secure_computing() were to return a non-zero value that isn't -1, it
would unintentionally override the actual system call number. This logic
is redundant because if seccomp denies the syscall, the execution path
should already be handled by the caller based on the error return, rather
than conflating the return code with the syscall number.

Fix it by explicitly returning the syscall number. This ensures
the syscall register remains untainted by the trace return values and
aligns with the expectation that seccomp-related interceptions are
handled via the -1 return status.

Cc: Thomas Gleixner <tglx at kernel.org>
Fixes: 142781e108b1 ("entry: Provide generic syscall entry functionality")
Signed-off-by: Jinjie Ruan <ruanjinjie at huawei.com>
---
 include/linux/entry-common.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/entry-common.h b/include/linux/entry-common.h
index 416a3352261f..462a51fc044d 100644
--- a/include/linux/entry-common.h
+++ b/include/linux/entry-common.h
@@ -113,7 +113,7 @@ static __always_inline long syscall_trace_enter(struct pt_regs *regs, unsigned l
 
 	syscall_enter_audit(regs, syscall);
 
-	return ret ? : syscall;
+	return syscall;
 }
 
 /**
-- 
2.34.1