On Tue, Jan 14, 2025 at 12:40 PM Oleg Nesterov [off-list ref] wrote:

On 01/14, Andrii Nakryiko wrote:

quoted

Should we just fix whoever is blocking kernel-internal special syscall
(sys_uretprobe)?

Well, we can add __NR_uretprobe to mode1_syscalls[] but this won't
really help.

We can't "fix" the existing user-space setups which can nack any
"unnecessary/unknown" syscall.

quoted

What would happen if someone blocked that other
special kernel-internal syscall for signal handling (can't remember
the name,

sys_rt_sigreturn().

Yes, the task will crash after return from the signal handler if this
syscall is filtered out.

But, unlike sys_uretprobe(), sys_rt_sigreturn() is old, so the existing
setups must know that sigreturn() should be respected...

someday sys_uretprobe will be old as well ;) FWIW, systemd allowlisted
sys_uretprobe, see [0]

  [0] https://github.com/systemd/systemd/issues/34615#issuecomment-2406761451

Oleg.