Re: Crash when attaching uretprobes to processes running in Docker

From: Oleg Nesterov
Date: Wed Jan 15 2025 - 13:41:06 EST

Next message: Ranjani Vaidyanathan: "RE: [EXT] Re: [PATCH] pmdomain: arm: scmi_pm_domain: Initialize state as off"
Previous message: Dan Carpenter: "Re: [PATCH v4] tools/rtla: Add osnoise_trace_is_off()"
In reply to: Andrii Nakryiko: "Re: Crash when attaching uretprobes to processes running in Docker"
Next in thread: Eyal Birger: "Re: Crash when attaching uretprobes to processes running in Docker"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/15, Alexei Starovoitov wrote:
>
> On Wed, Jan 15, 2025 at 7:06 AM Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> >
> > Or we can change __secure_computing() to do nothing if
> > this_syscall == __NR_uretprobe.
>
> I think that's the best way forward.
> seccomp already allowlists sigreturn syscall.

Only if SECCOMP_MODE_STRICT. But it won't help if we add __NR_uretprobe
into into mode1_syscalls/mode1_syscalls_32.

SECCOMP_MODE_FILTER can do anything. Just I guess nobody tries to offend
sigreturn for obvious reasons.

But yes, perhaps we do not have a better solution.

Oleg.

Next message: Ranjani Vaidyanathan: "RE: [EXT] Re: [PATCH] pmdomain: arm: scmi_pm_domain: Initialize state as off"
Previous message: Dan Carpenter: "Re: [PATCH v4] tools/rtla: Add osnoise_trace_is_off()"
In reply to: Andrii Nakryiko: "Re: Crash when attaching uretprobes to processes running in Docker"
Next in thread: Eyal Birger: "Re: Crash when attaching uretprobes to processes running in Docker"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]