On 12/12/2025 05:00, Jinjie Ruan wrote:
On 2025/12/9 21:46, Kevin Brodsky wrote:
On 04/12/2025 09:21, Jinjie Ruan wrote:
The generic entry abort the syscall_trace_enter() sequence if ptrace_report_syscall_entry() errors out, but arm64 not.
As the ptrace_report_syscall_entry() comment said, the calling arch code should abort the system call and must prevent normal entry so no system call is made if ptrace_report_syscall_entry() return nonzero.
This patch is now in the right position, which means that arm64 does abort the syscall already without this patch. What we're changing here is that the tracing sequence is interrupted. The comment you're referring to says nothing about tracing so I'm not sure it helps to refer to it.
I think “must prevent normal entry ”means When ptrace requests interception, all subsequent processing, including audit and seccomp, should completely bypassed.
Fair enough, let's just make sure the commit message doesn't imply that arm64 performs a syscall before this patch.
- Kevin