On Tue, Mar 17, 2026 at 9:20 AM Jinjie Ruan <[email protected]> wrote:
> Introduce _TIF_SYSCALL_EXIT_WORK to filter out entry-only flags > during the syscall exit path. This aligns arm64 with the generic > entry framework's SYSCALL_WORK_EXIT semantics. > > [Rationale] > The current syscall exit path uses _TIF_SYSCALL_WORK to decide whether > to invoke syscall_exit_work(). However, _TIF_SYSCALL_WORK includes > flags that are only relevant during syscall entry: > > 1. _TIF_SECCOMP: Seccomp filtering (__secure_computing) only runs > on entry. There is no seccomp callback for syscall exit. > > 2. _TIF_SYSCALL_EMU: In PTRACE_SYSEMU mode, the syscall is > intercepted and skipped on entry. Since the syscall is never > executed, reporting a syscall exit stop is unnecessary. > > [Changes] > - Define _TIF_SYSCALL_EXIT_WORK: A new mask containing only flags > requiring exit processing: _TIF_SYSCALL_TRACE, _TIF_SYSCALL_AUDIT, > and _TIF_SYSCALL_TRACEPOINT. > > - Update exit path: Use _TIF_SYSCALL_EXIT_WORK in > syscall_exit_to_user_mode_work() to avoid redundant calls to > audit and ptrace reporting when only entry-flags are set. > > - Cleanup: Remove the has_syscall_work() helper as it is no longer > needed. Direct flag comparison is now used to distinguish between > entry and exit work requirements. > > [Impact] > audit_syscall_exit() and report_syscall_exit() will no longer be > triggered for seccomp-only or emu-only syscalls. This matches the > generic entry behavior and improves efficiency by skipping unnecessary > exit processing. > > Cc: Will Deacon <[email protected]> > Cc: Catalin Marinas <[email protected]> > Signed-off-by: Jinjie Ruan <[email protected]> Reviewed-by: Linus Walleij <[email protected]> Yours, Linus Walleij
