On 01/16, Eyal Birger wrote:
>
> Fixes: ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe")
> Reported-by: Rafael Buchbinder <rafi@xxxxxx>
> Link: https://lore.kernel.org/lkml/CAHsH6Gs3Eh8DFU0wq58c_LF8A4_+o6z456J7BidmcVY2AqOnHQ@xxxxxxxxxxxxxx/
> Cc: stable@xxxxxxxxxxxxxxx
...
> @@ -1359,6 +1359,11 @@ int __secure_computing(const struct seccomp_data *sd)
> this_syscall = sd ? sd->nr :
> syscall_get_nr(current, current_pt_regs());
>
> +#ifdef CONFIG_X86_64
> + if (unlikely(this_syscall == __NR_uretprobe) && !in_ia32_syscall())
> + return 0;
> +#endif
Acked-by: Oleg Nesterov <oleg@xxxxxxxxxx>
A note for the seccomp maintainers...
I don't know what do you think, but I agree in advance that the very fact this
patch adds "#ifdef CONFIG_X86_64" into __secure_computing() doesn't look nice.
The problem is that we need a simple patch for -stable which fixes the real
problem. We can cleanup this logic later, I think.
Oleg.
