Thread (47 messages) 47 messages, 9 authors, 2025-01-17

Re: Crash when attaching uretprobes to processes running in Docker

From: Oleg Nesterov <oleg@redhat.com>
Date: 2025-01-14 17:44:08
Also in: bpf, linux-trace-kernel, lkml 

On 01/14, Peter Zijlstra wrote:
On Tue, Jan 14, 2025 at 01:32:58PM +0100, Oleg Nesterov wrote:
quoted
OK, suppose we have

	void start_SECCOMP_MODE_STRICT(void)
	{
		// in particular nacks __NR_uretprobe
		seccomp(SECCOMP_MODE_STRICT, ...);
	}

and we want to add uretprobe to this function.

In this case prepare_uretprobe() can't know that sys_uretprobe() won't
work when this function returns?
Indeed. But any further probes placed after seccomp() would be able to,
and installing trampolines for them would be a waste, no?
But the probed task will crash when it returns from
start_SECCOMP_MODE_STRICT() above.

Even if, due to seccomp filtering, sys_uretprobe() doesn't kill the task
(I missed the fact it can) but just returns ENOSYS/whatever.

Oleg.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help