On 01/15, Eyal Birger wrote: > > On Wed, Jan 15, 2025 at 11:03 AM Oleg Nesterov <oleg@xxxxxxxxxx> wrote: > > > > On 01/15, Eyal Birger wrote: > > > > > > --- a/kernel/seccomp.c > > > +++ b/kernel/seccomp.c > > > @@ -1359,6 +1359,9 @@ int __secure_computing(const struct seccomp_data *sd) > > > this_syscall = sd ? sd->nr : > > > syscall_get_nr(current, current_pt_regs()); > > > > > > + if (this_syscall == __NR_uretprobe) > > > + return 0; > > > + > > > > Yes, this is what I meant. But we need the new arch-dependent helper. > > Do you mean because __NR_uretprobe is not defined for other architectures? Yes, and see below, > Is there an existing helper? I wasn't able to find one... No, > If not, would it just make sense to just wrap this check in > #ifdef __NR_uretprobe ? Given that we need a simple fix for -stable, I won't argue. Up to seccomp maintainers. But please note that this_syscall == __NR_uretprobe can be false positive if is_compat_task(). __NR_uretprobe == __NR_ia32_rt_tgsigqueueinfo, so I guess we need #ifdef CONFIG_X86_64 if (this_syscall == __NR_uretprobe && !in_ia32_syscall()) return 0; #endif I don't think we need to worry about the X86_X32 tasks... Oleg.
