From: Oleg Nesterov <oleg@redhat.com>
To: Kees Cook <kees@kernel.org>
Cc: Eyal Birger <eyal.birger@gmail.com>,
luto@amacapital.net, wad@chromium.org, ldv@strace.io,
mhiramat@kernel.org, andrii@kernel.org, jolsa@kernel.org,
alexei.starovoitov@gmail.com, olsajiri@gmail.com,
cyphar@cyphar.com, songliubraving@fb.com, yhs@fb.com,
john.fastabend@gmail.com, peterz@infradead.org,
tglx@linutronix.de, bp@alien8.de, daniel@iogearbox.net,
ast@kernel.org, andrii.nakryiko@gmail.com, rostedt@goodmis.org,
rafi@rbk.io, shmulik.ladkani@gmail.com, bpf@vger.kernel.org,
linux-api@vger.kernel.org, linux-trace-kernel@vger.kernel.org,
x86@kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] seccomp: passthrough uretprobe systemcall without filtering
Date: Sun, 19 Jan 2025 13:40:22 +0100 [thread overview]
Message-ID: <20250119123955.GA5281@redhat.com> (raw)
In-Reply-To: <202501181212.4C515DA02@keescook>
On 01/18, Kees Cook wrote:
>
> On Thu, Jan 16, 2025 at 04:55:39PM -0800, Eyal Birger wrote:
> > Since uretprobe is a "kernel implementation detail" system call which is
> > not used by userspace application code directly, it is impractical and
> > there's very little point in forcing all userspace applications to
> > explicitly allow it in order to avoid crashing tracked processes.
>
> How is this any different from sigreturn, rt_sigreturn, or
> restart_syscall? These are all handled explicitly by userspace filters
> already, and I don't see why uretprobe should be any different.
The only difference is that sys_uretprobe() is new and existing setups
doesn't know about it. Suppose you have
int func(void)
{
return 123;
}
int main(void)
{
seccomp(SECCOMP_SET_MODE_STRICT, 0,0);
for (;;)
func();
}
and it runs with func() uretprobed.
If you install the new kernel, this application will crash immediately.
I understand your objections, but what do you think we can do instead?
I don't think a new "try_to_speedup_uretprobes_at_your_own_risk" sysctl
makes sense, it will be almost never enabled...
Oleg.
next prev parent reply other threads:[~2025-01-19 12:41 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-17 0:55 [PATCH] seccomp: passthrough uretprobe systemcall without filtering Eyal Birger
2025-01-17 1:39 ` Oleg Nesterov
2025-01-17 8:02 ` Masami Hiramatsu
2025-01-17 13:36 ` Eyal Birger
2025-01-17 14:09 ` Oleg Nesterov
2025-01-17 17:51 ` Andrii Nakryiko
2025-01-17 19:24 ` Eyal Birger
2025-01-17 19:34 ` Andrii Nakryiko
2025-01-18 15:05 ` Oleg Nesterov
2025-01-17 18:34 ` Dmitry V. Levin
2025-01-17 18:52 ` Eyal Birger
2025-01-18 20:21 ` Kees Cook
2025-01-18 20:31 ` Darrick J. Wong
2025-01-18 20:45 ` Eyal Birger
2025-01-19 2:24 ` Kees Cook
2025-01-19 3:39 ` Eyal Birger
2025-01-19 10:44 ` Jiri Olsa
2025-01-20 21:34 ` Kees Cook
2025-01-27 19:24 ` Eyal Birger
2025-01-27 19:33 ` Kees Cook
2025-01-27 19:39 ` Eyal Birger
2025-01-27 19:43 ` Kees Cook
2025-01-21 14:38 ` Jiri Olsa
2025-01-21 14:47 ` Eyal Birger
2025-01-21 16:16 ` Steven Rostedt
2025-01-21 16:44 ` Oleg Nesterov
2025-01-21 16:55 ` Jiri Olsa
2025-01-21 22:38 ` Andrii Nakryiko
2025-01-21 22:46 ` Steven Rostedt
2025-01-21 23:13 ` Eyal Birger
2025-01-21 23:29 ` Steven Rostedt
2025-01-19 18:36 ` Andy Lutomirski
2025-01-19 12:40 ` Oleg Nesterov [this message]
2025-01-20 21:32 ` Kees Cook
2025-01-21 15:28 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250119123955.GA5281@redhat.com \
--to=oleg@redhat.com \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii.nakryiko@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bp@alien8.de \
--cc=bpf@vger.kernel.org \
--cc=cyphar@cyphar.com \
--cc=daniel@iogearbox.net \
--cc=eyal.birger@gmail.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kees@kernel.org \
--cc=ldv@strace.io \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mhiramat@kernel.org \
--cc=olsajiri@gmail.com \
--cc=peterz@infradead.org \
--cc=rafi@rbk.io \
--cc=rostedt@goodmis.org \
--cc=shmulik.ladkani@gmail.com \
--cc=songliubraving@fb.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=wad@chromium.org \
--cc=x86@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.