Re: [RFC PATCH] ptrace: don't report syscall-exit if the tracee was killed by seccomp

Next message: Greg Kroah-Hartman: "Re: [PATCH v3 1/9] driver core: Don't let a device probe until it's ready"
Previous message: Kees Cook: "Re: (subset) [PATCH] selftests/seccomp: Add hard-coded __NR_uprobe for x86_64"
In reply to: Kusaram Devineni: "Re: [RFC PATCH] ptrace: don't report syscall-exit if the tracee was killed by seccomp"
Next in thread: Kusaram Devineni: "Re: [RFC PATCH] ptrace: don't report syscall-exit if the tracee was killed by seccomp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Oleg Nesterov

Date: Fri Apr 03 2026 - 11:49:18 EST

Thanks Kusaram!

I was travelling, hope to send V2 this weekend. And write a more
detailed reply.

Just one note for now:

On 04/03, Kusaram Devineni wrote:
>
> while tracing the same overall issue locally, we hit another path where the
> forced fatal SIGSYS could be taken off the normal delivery path before
> get_signal() handled it, in our case via signalfd. There,
> force_sig_seccomp(..., true) marks SIGSYS as SA_IMMUTABLE via HANDLER_EXIT,
> but signalfd could still dequeue it before normal fatal delivery.

How?

seccomp does force_sig_seccomp() sends the signal to current, current can't
return to usermode and call signalfd_dequeue(), get_signal() must dequeue
SIGSYS and notice SA_IMMUTABLE.

And since this signal is private, signalfd_dequeue() from another thread can't
dequeue it either.

No?

Oleg.