Again, I leave this to you and Jiri, but On 04/03, Masami Hiramatsu wrote: > > On Wed, 3 Apr 2024 11:47:41 +0200 > > > set in the user function, what happen if the user function directly > > > calls this syscall? (maybe it consumes shadow stack?) > > > > the process should receive SIGILL if there's no pending uretprobe for > > the current task, or it will trigger uretprobe if there's one pending > > No, that is too aggressive and not safe. Since the syscall is exposed to > user program, it should return appropriate error code instead of SIGILL. ... > Since the syscall is always exposed to the user program, it should > - Do nothing and return an error unless it is properly called. > - check the prerequisites for operation strictly. We have sys_munmap(). should it check if the caller is going to unmap the code region which contains regs->ip and do nothing? I don't think it should. Userspace should blame itself, SIGSEGV is not "too aggressive" in this case. > I concern that new system calls introduce vulnerabilities. Yes, we need to ensure that sys_uretprobe() can only damage the malicious caller and nothing else. Oleg.
