On Wed, Jan 15, 2025 at 10:40 AM Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
>
> On 01/15, Alexei Starovoitov wrote:
> >
> > On Wed, Jan 15, 2025 at 7:06 AM Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> > >
> > > Or we can change __secure_computing() to do nothing if
> > > this_syscall == __NR_uretprobe.
> >
> > I think that's the best way forward.
> > seccomp already allowlists sigreturn syscall.
>
> Only if SECCOMP_MODE_STRICT. But it won't help if we add __NR_uretprobe
> into into mode1_syscalls/mode1_syscalls_32.
>
> SECCOMP_MODE_FILTER can do anything. Just I guess nobody tries to offend
> sigreturn for obvious reasons.
>
> But yes, perhaps we do not have a better solution.
>
Indeed - doing the check in __secure_computing_strict() doesn't seem to be
enough.
In __secure_computing(), i.e. the below hack it works.
Eyal.
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 385d48293a5f..5739482036ce 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1359,6 +1359,9 @@ int __secure_computing(const struct seccomp_data *sd)
this_syscall = sd ? sd->nr :
syscall_get_nr(current, current_pt_regs());
+ if (this_syscall == __NR_uretprobe)
+ return 0;
+
switch (mode) {
case SECCOMP_MODE_STRICT:
__secure_computing_strict(this_syscall); /* may call do_exit */
