On Wed, Jan 15, 2025 at 9:56 AM Alexei Starovoitov
[off-list ref] wrote:

On Wed, Jan 15, 2025 at 7:06 AM Oleg Nesterov [off-list ref] wrote:

quoted

Or we can change __secure_computing() to do nothing if
this_syscall == __NR_uretprobe.

I think that's the best way forward.
seccomp already allowlists sigreturn syscall.
uretprobe syscall is in the same category.

+1, we will have a similar problem with sys_uprobe (when it's added).
Just like rt_sigreturn, these are special kernel-only mechanisms, and
the kernel already protects itself from any user abuse. So I think we
should have a way to ensure those special syscalls can go through
regardless of seccomp.

See __secure_computing_strict.