On Fri, Jan 17, 2025 at 11:24 AM Eyal Birger [off-list ref] wrote:

On Fri, Jan 17, 2025 at 9:51 AM Andrii Nakryiko
[off-list ref] wrote:

quoted

On Fri, Jan 17, 2025 at 6:10 AM Oleg Nesterov [off-list ref] wrote:

quoted

On 01/17, Masami Hiramatsu wrote:

quoted

On Fri, 17 Jan 2025 02:39:28 +0100
Oleg Nesterov [off-list ref] wrote:

quoted

A note for the seccomp maintainers...

I don't know what do you think, but I agree in advance that the very fact this
patch adds "#ifdef CONFIG_X86_64" into __secure_computing() doesn't look nice.

Indeed. in_ia32_syscall() depends arch/x86 too.
We can add an inline function like;

``` uprobes.h
static inline bool is_uprobe_syscall(int syscall)
{

We can, and this is what I tried to suggest from the very beginning.
But I agree with Eyal who decided to send the most trivial fix for
-stable, we can add the helper later.

I don't think it should live in uprobes.h and I'd prefer something
like arch_seccomp_ignored(int) but I won't insist.

yep, I think this is the way, keeping it as a general category. Should
we also put rt_sigreturn there explicitly as well? Also, wouldn't it
be better to have it as a non-arch-specific function for something
like rt_sigreturn where defining it per each arch is cumbersome, and
have the default implementation also call into an arch-specific
function?

I like the more generic approach and keeping CONFIG_X86 out of seccomp,
and more generic than uprobes, however, I'm not sure where a common part
to place it which includes arch/x86/include/asm/syscall.h would be. And
as mentioned before, this would make this bugfix more complex to backport.

For that reason I wouldn't refactor handling rt_sigreturn as part of
this fix.

SGTM, it can always be improved later, if necessary

Thanks!
Eyal.