[GIT PULL] seccomp fix for v6.14-rc2

From: Kees Cook
Date: Sat Feb 08 2025 - 15:34:14 EST


Hi Linus,

Please pull this seccomp fix for v6.14-rc2. This is really a work-around
for x86_64 having grown a syscall to implement uretprobe, which has
caused problems since v6.11. This may change in the future, but for now,
this fixes the unintended seccomp filtering when uretprobe switched away
from traps, and does so with something that should be easy to backport.

Thanks!

-Kees

The following changes since commit 2014c95afecee3e76ca4a56956a936e23283f05b:

Linux 6.14-rc1 (2025-02-02 15:39:26 -0800)

are available in the Git repository at:

https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v6.14-rc2

for you to fetch changes up to c2debdb8544f415eaf9292a866d4073912eeb561:

selftests/seccomp: validate uretprobe syscall passes through seccomp (2025-02-06 13:19:14 -0800)

----------------------------------------------------------------
seccomp fix for v6.14-rc2

- Allow uretprobe on x86_64 to avoid behavioral complications (Eyal Birger)

----------------------------------------------------------------
Eyal Birger (2):
seccomp: passthrough uretprobe systemcall without filtering
selftests/seccomp: validate uretprobe syscall passes through seccomp

kernel/seccomp.c | 12 ++
tools/testing/selftests/seccomp/seccomp_bpf.c | 199 ++++++++++++++++++++++++++
2 files changed, 211 insertions(+)

--
Kees Cook