On Wed, Jan 15, 2025 at 9:56 AM Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote: > > On Wed, Jan 15, 2025 at 7:06 AM Oleg Nesterov <oleg@xxxxxxxxxx> wrote: > > > > Or we can change __secure_computing() to do nothing if > > this_syscall == __NR_uretprobe. > > I think that's the best way forward. > seccomp already allowlists sigreturn syscall. > uretprobe syscall is in the same category. +1, we will have a similar problem with sys_uprobe (when it's added). Just like rt_sigreturn, these are special kernel-only mechanisms, and the kernel already protects itself from any user abuse. So I think we should have a way to ensure those special syscalls can go through regardless of seccomp. > See __secure_computing_strict.
