From nobody Thu Apr 2 09:30:13 2026 Received: from canpmsgout02.his.huawei.com (canpmsgout02.his.huawei.com [113.46.200.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8179A349AF4 for ; Fri, 20 Mar 2026 10:25:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=113.46.200.217 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774002328; cv=none; b=Fp28+2eke3Ziro69HsEwelfsfynE2MZBFap+pwBGcYtH4j8v5iugaDR9VWjGOQq6eUtvZ00g+SLzsN/y3zuesdp2vLBs/zY/hKaMOhswrMC7KVfvAXMys75FfLRDHZzmzO7UyIaC2Hho8rcPwfSromvZ/0JuA8Tqq1NCBUSdUiA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774002328; c=relaxed/simple; bh=gGjU3ZRwpilEFbCLdZKTNDgVCBdDDAhiD0dfO7JVUdo=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=grJU5YVlM8sh63o1NQ/aGrKXwpuo1GXJ+LYtFxxvoawKK4WaONv1BsH18lZ2Y2KVKzdKZ3W05FahhRrUQE35obp0y9XbZiM/zzc5Q72IVeRDWofp+3HGzjwC+Y/sN6HVbHt0VMyns4B14cFk5jJJDH8xrK7iekO6Or0Wa72to3k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b=mNgfuROk; arc=none smtp.client-ip=113.46.200.217 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b="mNgfuROk" dkim-signature: v=1; a=rsa-sha256; d=huawei.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From; bh=LsnJwxDH1OVmUAzK4nIGQC6PdlLqRJGthZs9h3TRf9s=; b=mNgfuROka33rBifvYBnIa4JBwtSJQmHbLhAEY/IAd+LsZEtJwaJumdehWi0vRCCRnYUZroRgB ilVmpZJChuVBkBy4smFySui2OfRsGpjyfdQdBK9/El6liNVBvsDXnBSkAWIMfTCjM0y2cFSSLSX 8zd026TCk0gUbHxm5Dhr1FE= Received: from mail.maildlp.com (unknown [172.19.163.0]) by canpmsgout02.his.huawei.com (SkyGuard) with ESMTPS id 4fcdpj1scqzcZyn; Fri, 20 Mar 2026 18:19:41 +0800 (CST) Received: from dggpemf500011.china.huawei.com (unknown [7.185.36.131]) by mail.maildlp.com (Postfix) with ESMTPS id 13C994056B; Fri, 20 Mar 2026 18:25:24 +0800 (CST) Received: from huawei.com (10.90.53.73) by dggpemf500011.china.huawei.com (7.185.36.131) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Fri, 20 Mar 2026 18:25:22 +0800 From: Jinjie Ruan To: , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v14 03/10] arm64/ptrace: Expand secure_computing() in place Date: Fri, 20 Mar 2026 18:26:13 +0800 Message-ID: <20260320102620.1336796-4-ruanjinjie@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260320102620.1336796-1-ruanjinjie@huawei.com> References: <20260320102620.1336796-1-ruanjinjie@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: kwepems100002.china.huawei.com (7.221.188.206) To dggpemf500011.china.huawei.com (7.185.36.131) Content-Type: text/plain; charset="utf-8" Refactor syscall_trace_enter() by open-coding the seccomp check to align with the generic entry framework. [Background] The generic entry implementation expands the seccomp check in-place instead of using the secure_computing() wrapper. It directly tests SYSCALL_WORK_SECCOMP and calls the underlying __secure_computing() function to handle syscall filtering. [Changes] 1. Open-code seccomp check: - Instead of calling the secure_computing() wrapper, explicitly check the 'flags' parameter for _TIF_SECCOMP. - Call __secure_computing() directly if the flag is set. 2. Refine return value handling: - Use 'return ret ? : syscall' to propagate the return value. - Ensures any unexpected non-zero return from __secure_computing() is properly propagated is properly propagated. - This matches the logic in the generic entry code. [Why this matters] - Aligns the arm64 syscall path with the generic entry implementation, simplifying future migration to the generic entry framework. - No functional changes are intended; seccomp behavior remains identical. Cc: Will Deacon Cc: Catalin Marinas Reviewed-by: Linus Walleij Reviewed-by: Yeoreum Yun Reviewed-by: Kevin Brodsky Signed-off-by: Jinjie Ruan --- arch/arm64/kernel/ptrace.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 8d296a07fbf7..85b597cac14b 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -2411,7 +2411,7 @@ static void report_syscall_exit(struct pt_regs *regs) int syscall_trace_enter(struct pt_regs *regs, unsigned long flags) { long syscall; - int ret; + int ret =3D 0; =20 if (flags & (_TIF_SYSCALL_EMU | _TIF_SYSCALL_TRACE)) { ret =3D report_syscall_entry(regs); @@ -2420,8 +2420,11 @@ int syscall_trace_enter(struct pt_regs *regs, unsign= ed long flags) } =20 /* Do the secure computing after ptrace; failures should be fast. */ - if (secure_computing() =3D=3D -1) - return NO_SYSCALL; + if (flags & _TIF_SECCOMP) { + ret =3D __secure_computing(); + if (ret =3D=3D -1) + return NO_SYSCALL; + } =20 /* Either of the above might have changed the syscall number */ syscall =3D syscall_get_nr(current, regs); @@ -2439,7 +2442,7 @@ int syscall_trace_enter(struct pt_regs *regs, unsigne= d long flags) audit_syscall_entry(syscall, regs->orig_x0, regs->regs[1], regs->regs[2], regs->regs[3]); =20 - return syscall; + return ret ? : syscall; } =20 void syscall_trace_exit(struct pt_regs *regs, unsigned long flags) --=20 2.34.1