From nobody Thu Apr 2 09:30:12 2026 Received: from canpmsgout04.his.huawei.com (canpmsgout04.his.huawei.com [113.46.200.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3552B259CB2 for ; Fri, 20 Mar 2026 10:25:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=113.46.200.219 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774002335; cv=none; b=G1f97lYkqgKLpgQ297/aR8ppbdUGhY1s4HjiTyWC5L8/d2Kdb/OukYym4RoF+uTQqShylLlsv/WYeUalh5X13tP5Nk2pMOdWex/ZTJzsAXUFv4UsWwkEKlEVBEbVAFzJnWM30jn++w0l0QtcD3tDWyprL4lMvHzbs/B4fakBWoE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774002335; c=relaxed/simple; bh=KGQ+tStHIBAD3QTtAN3W/l8/kmGoHAhxLLPUzS7OzHc=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=V/06J++0D82yEzYdWzMu4O04ZeHTW2jM9qMiCihKvEUyX1oqtj8pcy5H8KorjP2NaGllaGHQzaBhYqYAjEPn5X0FAs24l1QpANCfTFMSKTSVEkrzyWaIy927XOzCxVSarkGWAzaZ9Dm7YWxIi317lOuahkY3S2/E+bY0PLR0EFs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b=OT9QxcKI; arc=none smtp.client-ip=113.46.200.219 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b="OT9QxcKI" dkim-signature: v=1; a=rsa-sha256; d=huawei.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From; bh=q6ZqUOfelG9M/XsOvAWMh+kpIFBKHrt7506l4y2Pw8k=; b=OT9QxcKIb82lEbq6qoWloqjVZVnUQgpB0cpfrUHQhNHeTv03/a2LD8Z0zzahSAPGjPmPMVNN5 oTSJ8DWOYpx1wBm0zmMmmstUk8gMuMMffaB68abN5pbcv99W2tL2LJ8aFH0fAzNYdE+PAukqKvL CKl4w51JuH2CX73y+lbvCqo= Received: from mail.maildlp.com (unknown [172.19.162.197]) by canpmsgout04.his.huawei.com (SkyGuard) with ESMTPS id 4fcdqW4qLWz1prL3; Fri, 20 Mar 2026 18:20:23 +0800 (CST) Received: from dggpemf500011.china.huawei.com (unknown [7.185.36.131]) by mail.maildlp.com (Postfix) with ESMTPS id B157F40363; Fri, 20 Mar 2026 18:25:26 +0800 (CST) Received: from huawei.com (10.90.53.73) by dggpemf500011.china.huawei.com (7.185.36.131) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Fri, 20 Mar 2026 18:25:25 +0800 From: Jinjie Ruan To: , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v14 05/10] arm64: ptrace: Move rseq_syscall() before audit_syscall_exit() Date: Fri, 20 Mar 2026 18:26:15 +0800 Message-ID: <20260320102620.1336796-6-ruanjinjie@huawei.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260320102620.1336796-1-ruanjinjie@huawei.com> References: <20260320102620.1336796-1-ruanjinjie@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: kwepems100002.china.huawei.com (7.221.188.206) To dggpemf500011.china.huawei.com (7.185.36.131) Content-Type: text/plain; charset="utf-8" Move the rseq_syscall() check earlier in the syscall exit path to ensure it operates on the original instruction pointer (regs->pc) before any potential modification by a tracer. [Background] When CONFIG_DEBUG_RSEQ is enabled, rseq_syscall() verifies that a system call was not executed within an rseq critical section by examining regs->pc. If a violation is detected, it triggers a SIGSEGV. [Problem] Currently, arm64 invokes rseq_syscall() after report_syscall_exit(). However, during report_syscall_exit(), a ptrace tracer can modify the task's instruction pointer via PTRACE_SETREGS. This leads to an inconsistency where rseq may analyze a post-trace PC instead of the actual PC at the time of syscall exit. [Why this matters] The rseq check is intended to validate the execution context of the syscall itself. Analyzing a tracer-modified PC can lead to incorrect detection or missed violations. Moving the check earlier ensures rseq sees the authentic state of the task. [Alignment] This change aligns arm64 with: - Generic entry, which calls rseq_syscall() first. - arm32 implementation, which also performs the check before audit. [Impact] There is no functional change to signal delivery; SIGSEGV will still be processed in arm64_exit_to_user_mode() at the end of the exit path. Cc: Thomas Gleixner Cc: Will Deacon Cc: Catalin Marinas Reviewed-by: Linus Walleij Reviewed-by: Yeoreum Yun Reviewed-by: Kevin Brodsky Signed-off-by: Jinjie Ruan --- arch/arm64/kernel/ptrace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index a908e05749c1..8245d1ae61cf 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -2456,6 +2456,8 @@ int syscall_trace_enter(struct pt_regs *regs, unsigne= d long flags) =20 void syscall_trace_exit(struct pt_regs *regs, unsigned long flags) { + rseq_syscall(regs); + audit_syscall_exit(regs); =20 if (flags & _TIF_SYSCALL_TRACEPOINT) @@ -2463,8 +2465,6 @@ void syscall_trace_exit(struct pt_regs *regs, unsigne= d long flags) =20 if (flags & (_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP)) report_syscall_exit(regs); - - rseq_syscall(regs); } =20 /* --=20 2.34.1