On 01/15, Jiri Olsa wrote: > > On Tue, Jan 14, 2025 at 06:25:20PM +0100, Oleg Nesterov wrote: > > > > Sorry, I don't understand... What exactly we can do? Aside from checking > > IS_ENABLED(CONFIG_SECCOMP) in arch_uprobe_trampoline() ? > > I need to check more on seccomp, but I imagine we could do following: > - when seccomp filter is installed we could check uprobe trampoline > and if it's already installed we change it to int3 trampoline > - when uprobe trampoline is getting installed we check if there's > seccomp filter installed for task and we use int3 trampoline I still don't understand... But whatever you meant, I doubt it can work. > other than that I guess we will have to add sysctl to enable uretprobe > trampoline.. Or we can change __secure_computing() to do nothing if this_syscall == __NR_uretprobe. Or even change syscall_trace_enter/exit to do this check. But I don't really like this idea, I don't feel this is the right solution... Oleg.
