Refactor syscall_trace_enter() by open-coding the seccomp check
to align with the generic entry framework.

[Background]
The generic entry implementation expands the seccomp check in-place
instead of using the secure_computing() wrapper. It directly tests
SYSCALL_WORK_SECCOMP and calls the underlying __secure_computing()
function to handle syscall filtering.

[Changes]
1. Open-code seccomp check:
   - Instead of calling the secure_computing() wrapper, explicitly check
     the 'flags' parameter for _TIF_SECCOMP.
   - Call __secure_computing() directly if the flag is set.

[Why this matters]
- Aligns the arm64 syscall path with the generic entry implementation,
  simplifying future migration to the generic entry framework.
- No functional changes are intended; seccomp behavior remains identical.

Cc: Mark Rutland <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Catalin Marinas <[email protected]>
Reviewed-by: Ada Couprie Diaz <[email protected]>
Reviewed-by: Linus Walleij <[email protected]>
Reviewed-by: Yeoreum Yun <[email protected]>
Reviewed-by: Kevin Brodsky <[email protected]>
Signed-off-by: Jinjie Ruan <[email protected]>
---
 arch/arm64/kernel/ptrace.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 863083de37c3..30df515528e8 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -2420,8 +2420,10 @@ int syscall_trace_enter(struct pt_regs *regs, unsigned 
long flags)
        }
 
        /* Do the secure computing after ptrace; failures should be fast. */
-       if (!secure_computing())
-               return NO_SYSCALL;
+       if (flags & _TIF_SECCOMP) {
+               if (!__secure_computing())
+                       return NO_SYSCALL;
+       }
 
        /* Either of the above might have changed the syscall number */
        syscall = syscall_get_nr(current, regs);
-- 
2.34.1


Reply via email to