On Wed, Jan 15, 2025 at 9:56 AM Alexei Starovoitov <alexei.starovoi...@gmail.com> wrote: > > On Wed, Jan 15, 2025 at 7:06 AM Oleg Nesterov <o...@redhat.com> wrote: > > > > Or we can change __secure_computing() to do nothing if > > this_syscall == __NR_uretprobe. > > I think that's the best way forward. > seccomp already allowlists sigreturn syscall. > uretprobe syscall is in the same category.
+1, we will have a similar problem with sys_uprobe (when it's added). Just like rt_sigreturn, these are special kernel-only mechanisms, and the kernel already protects itself from any user abuse. So I think we should have a way to ensure those special syscalls can go through regardless of seccomp. > See __secure_computing_strict.
