[PATCH v9 10/16] arm64/ptrace: Use syscall_get_arguments() helper

Thu, 04 Dec 2025 00:24:46 -0800 

The generic entry check audit context first and use
syscall_get_arguments() helper.

In order to switch to the generic entry for arm64,

- Also use syscall_get_arguments() to get audit_syscall_entry()'s
  last four parameters.

- Extract the syscall_enter_audit() helper to make it clear.

- Check audit context first, which saves an unnecessary memcpy when
  current process's audit_context is NULL.

Overall these changes make syscall_enter_audit() exactly equivalent
to the generic one.

No functional changes.

Reviewed-by: Kevin Brodsky <[email protected]>
Signed-off-by: Jinjie Ruan <[email protected]>
---
 arch/arm64/kernel/ptrace.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index c6dee8a355e5..36e7ba3f38a5 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -2381,6 +2381,16 @@ static void report_syscall_exit(struct pt_regs *regs)
        }
 }
 
+static inline void syscall_enter_audit(struct pt_regs *regs, long syscall)
+{
+       if (unlikely(audit_context())) {
+               unsigned long args[6];
+
+               syscall_get_arguments(current, regs, args);
+               audit_syscall_entry(syscall, args[0], args[1], args[2], 
args[3]);
+       }
+}
+
 int syscall_trace_enter(struct pt_regs *regs, long syscall, unsigned long 
flags)
 {
        int ret;
@@ -2411,8 +2421,7 @@ int syscall_trace_enter(struct pt_regs *regs, long 
syscall, unsigned long flags)
                 syscall = syscall_get_nr(current, regs);
        }
 
-       audit_syscall_entry(syscall, regs->orig_x0, regs->regs[1],
-                           regs->regs[2], regs->regs[3]);
+       syscall_enter_audit(regs, syscall);
 
        return ret ? : syscall;
 }
-- 
2.34.1

Reply via email to