[PATCH v16 01/18] seccomp: Convert __secure_computing() to return boolean
Thomas Gleixner
tglx at kernel.org
Fri Jul 3 02:48:49 PDT 2026
On Fri, Jul 03 2026 at 09:51, Michal Suchánek wrote:
> On Mon, Jun 29, 2026 at 09:05:59PM +0800, Jinjie Ruan wrote:
>> - if (secure_computing())
>> + if (!secure_computing())
>> return -1;
>
> Hello,
>
> I am not fond of this logic inversion. The boolean is meaningless in
> itself.
>
> Previously -1 was used to indicate that the syscall was filtered but you
> chose to invert the logic choosing true to mean syscall was not filtered.
>
> You could choose true to mean that syscall was fitered avoiding this
> inversion.
That's just wrong. Boolean logic makes more sense with having
(!condition()). Just because the old 0/-1 nonsense had it the other way
round does not mean it has to stay that way.
> Sashiko points out some places in existing code where it supposedly
> explodes which might or might not be true
The vsyscall one is correct, but that's a bug like any other one and should
be caught in review.
The blurb about bypass is AI halluzination nonsense.
> but any in-flight patches that use secure_computing would also be
> affected.
Maintainers know how to deal with collisions of that kind. Stop making
problems up.
More information about the linux-um
mailing list