On 29/11/2025 02:23, Jinjie Ruan wrote:
#define TIF_UPROBE 5 /* uprobe breakpoint or singlestep */ #define TIF_MTE_ASYNC_FAULT 6 /* MTE Asynchronous Tag Check Fault */ #define TIF_NOTIFY_SIGNAL 7 /* signal notifications exist */ -#define TIF_SYSCALL_TRACE 8 /* syscall trace active */ -#define TIF_SYSCALL_AUDIT 9 /* syscall auditing */ -#define TIF_SYSCALL_TRACEPOINT 10 /* syscall tracepoint for ftrace */ -#define TIF_SECCOMP 11 /* syscall secure computing */ -#define TIF_SYSCALL_EMU 12 /* syscall emulation active */ +#define TIF_SECCOMP 11 /* syscall secure computing */ +#define TIF_SYSCALL_EMU 12 /* syscall emulation active */
These seem to have reappeared in v8 for some reason?
v8 add "ARCH_SYSCALL_WORK_EXIT" to be defined as "SECCOMP | SYSCALL_EMU" to keep the arm64 behaviour unchanged as mentioned in v7.
Ah then that is where the issue is, I missed that: surely switching to generic entry means that we are using SYSCALL_WORK_BIT_* rather than TIF_* for all these flags?
I think they may be the same thing as you mentioned in v7,neither SYSCALL_WORK_EXIT nor report_single_step() excluded SYSCALL_EMU, maybe we should clarify them for arm64 together in a separate patch.
These two might indeed be related. On second thoughts, while waiting for more knowledgeable arm64 reviewers, I would suggest aligning arm64 with the generic entry. Which means...
1、"The generic report_single_step() always returns false if SYSCALL_EMU is set."
... replicating this behaviour on arm64 (in a separate patch), and...
2、" > -void syscall_exit_to_user_mode_prepare(struct pt_regs *regs) > -{ > - unsigned long flags = read_thread_flags(); > - > - rseq_syscall(regs); > - > - if (has_syscall_work(flags) || flags & _TIF_SINGLESTEP)
I believe switching to the generic function introduces a change here: syscall_exit_work() is only called if a flag inSYSCALL_WORK_EXIT is set, and this set does not include SYSCALL_EMU and SECCOMP. Practically this means that audit_syscall_exit() will no longer be called if only SECCOMP and/or SYSCALL_EMU is set.
It doesn't feel like a major behaviour change, but it should be pointed out."
... replicating this on arm64 as well, i.e. introducing a separate set of flags for syscall exit. This should be a patch of its own, as it isn't directly related to the report_single_step() behaviour (especially since it concerns SECCOMP as well). It would also be an occasion to get rid of has_syscall_work(), in preparation to the move to generic entry.
- Kevin