Previous version of patch 1 did overwrite a syscall return value that was changed by ptrace or seccomp (in regs->d0) by -ENOSYS when skipping a syscall. Branch directly to ret_from_syscall instead of falling through to badsys (which must set -ENOSYS). I'm sure this can be done more elegantly. Patch 3 used the wrong struct definition for ARCH_REGS - the kernel ptrace code copies 19 registers (from syscall stack and switch_stack, pt_regs only contains the 14 from the syscall stack). Stack overflow ensues. With these changes, 79 of 94 seccomp_bpf tests now succeed. Cheers, Michael
