Re: [PATCH v10 05/16] arm64: ptrace: Move rseq_syscall() before audit_syscall_exit()

[PATCH v10 00/16] arm64: entry: Convert to Generic Entry · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 03/16] arm64/ptrace: Return early for ptrace_report_syscall_entry() error · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 01/16] arm64: Remove unused _TIF_WORK_MASK · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 05/16] arm64: ptrace: Move rseq_syscall() before audit_syscall_exit() · Jinjie Ruan <hidden> · 2025-12-22
Re: [PATCH v10 05/16] arm64: ptrace: Move rseq_syscall() before audit_syscall_exit() · Will Deacon <will@kernel.org> · 2026-01-26
Re: [PATCH v10 05/16] arm64: ptrace: Move rseq_syscall() before audit_syscall_exit() · Kevin Brodsky <hidden> · 2026-01-27
Re: [PATCH v10 05/16] arm64: ptrace: Move rseq_syscall() before audit_syscall_exit() · Jinjie Ruan <hidden> · 2026-01-27
Re: [PATCH v10 05/16] arm64: ptrace: Move rseq_syscall() before audit_syscall_exit() · Kevin Brodsky <hidden> · 2026-01-27
Re: [PATCH v10 05/16] arm64: ptrace: Move rseq_syscall() before audit_syscall_exit() · Jinjie Ruan <hidden> · 2026-01-28
Re: [PATCH v10 05/16] arm64: ptrace: Move rseq_syscall() before audit_syscall_exit() · Kevin Brodsky <hidden> · 2026-01-28
Re: [PATCH v10 05/16] arm64: ptrace: Move rseq_syscall() before audit_syscall_exit() · Jinjie Ruan <hidden> · 2026-01-29
[PATCH v10 02/16] arm64/ptrace: Split report_syscall() · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 06/16] arm64: syscall: Rework el0_svc_common() · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 07/16] arm64/ptrace: Not check _TIF_SECCOMP/SYSCALL_EMU for syscall_exit_work() · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 04/16] arm64/ptrace: Refactor syscall_trace_enter/exit() · Jinjie Ruan <hidden> · 2025-12-22
Re: [PATCH v10 04/16] arm64/ptrace: Refactor syscall_trace_enter/exit() · Will Deacon <will@kernel.org> · 2026-01-26
Re: [PATCH v10 04/16] arm64/ptrace: Refactor syscall_trace_enter/exit() · Jinjie Ruan <hidden> · 2026-01-27
Re: [PATCH v10 04/16] arm64/ptrace: Refactor syscall_trace_enter/exit() · Kevin Brodsky <hidden> · 2026-01-27
Re: [PATCH v10 04/16] arm64/ptrace: Refactor syscall_trace_enter/exit() · Jinjie Ruan <hidden> · 2026-01-27
Re: [PATCH v10 04/16] arm64/ptrace: Refactor syscall_trace_enter/exit() · Kevin Brodsky <hidden> · 2026-01-27
[PATCH v10 08/16] arm64/ptrace: Do not report_syscall_exit() for PTRACE_SYSEMU_SINGLESTEP · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 09/16] arm64/ptrace: Expand secure_computing() in place · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 11/16] entry: Split syscall_exit_to_user_mode_work() for arch reuse · Jinjie Ruan <hidden> · 2025-12-22
Re: [PATCH v10 11/16] entry: Split syscall_exit_to_user_mode_work() for arch reuse · Kevin Brodsky <hidden> · 2025-12-29
Re: [PATCH v10 11/16] entry: Split syscall_exit_to_user_mode_work() for arch reuse · Jinjie Ruan <hidden> · 2025-12-31
[PATCH v10 12/16] entry: Add arch_ptrace_report_syscall_entry/exit() · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 10/16] arm64/ptrace: Use syscall_get_arguments() helper · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 13/16] arm64: entry: Convert to generic entry · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 14/16] arm64: Inline el0_svc_common() · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 16/16] selftests: sud_test: Support aarch64 · Jinjie Ruan <hidden> · 2025-12-22
[PATCH v10 15/16] entry: Inline syscall_exit_work() and syscall_trace_enter() · Jinjie Ruan <hidden> · 2025-12-22
Re: [PATCH v10 00/16] arm64: entry: Convert to Generic Entry · Jinjie Ruan <hidden> · 2026-01-19
Re: [PATCH v10 00/16] arm64: entry: Convert to Generic Entry · Will Deacon <will@kernel.org> · 2026-01-27

From: Will Deacon <will@kernel.org>
Date: 2026-01-26 19:03:00
Also in: linux-kselftest, lkml

On Mon, Dec 22, 2025 at 07:47:26PM +0800, Jinjie Ruan wrote:

commit a9f3a74a29af ("entry: Provide generic syscall exit function")
introduce generic syscall exit function and call rseq_syscall()
before audit_syscall_exit() and arch_syscall_exit_tracehook().

And commit b74406f37737 ("arm: Add syscall detection for restartable
sequences") add rseq support for arm32, which also call rseq_syscall()
before audit_syscall_exit() and tracehook_report_syscall().

However, commit 409d5db49867c ("arm64: rseq: Implement backend rseq
calls and select HAVE_RSEQ") implement arm64 rseq and call
rseq_syscall() after audit_syscall_exit() and tracehook_report_syscall().

So compared to the generic entry and arm32 code, arm64 terminates
the process a bit later if the syscall is issued within
a restartable sequence.

Given that signals are processed until later, is this actually true?

But as commit b74406f37737 ("arm: Add syscall detection for restartable
sequences") said, syscalls are not allowed inside restartable sequences,
so should call rseq_syscall() at the very beginning of system call
exiting path for CONFIG_DEBUG_RSEQ=y kernel. This could help us to detect
whether there is a syscall issued inside restartable sequences.

It makes sense to raise SIGSEGV via rseq_syscall() before auditing
and ptrace syscall exit, because this guarantees that the process is
already in an error state with SIGSEGV pending when those later steps
run. Although it makes no practical difference to signal delivery (signals
are processed at the very end in arm64_exit_to_user_mode()), the ordering
is more logical: detect and flag the error first, then proceed with
the remaining work.

To make it more reasonable and in preparation for moving arm64 over to
the generic entry code, move rseq_syscall() ahead before
audit_syscall_exit().

I've been struggling a bit to see how this helps to align with the
generic code. I'm also concerned that rseq_debug_update_user_cs()
operates on instruction_pointer(regs) which is something that can be
chaned by ptrace.

So, I'm not saying this is wrong, but it feels like a user-visible
change that needs better justification.

Will

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help