seccomp: passthrough uprobe systemcall without filtering (89d1d843) · Commits · git / linux-net

kernel/seccomp.c

+25 −7

Original line number	Diff line number	Diff line
		@@ -741,6 +741,26 @@ seccomp_prepare_user_filter(const char __user *user_filter)
		}

		#ifdef SECCOMP_ARCH_NATIVE
		static bool seccomp_uprobe_exception(struct seccomp_data *sd)
		{
		#if defined __NR_uretprobe \|\| defined __NR_uprobe
		#ifdef SECCOMP_ARCH_COMPAT
		if (sd->arch == SECCOMP_ARCH_NATIVE)
		#endif
		{
		#ifdef __NR_uretprobe
		if (sd->nr == __NR_uretprobe)
		return true;
		#endif
		#ifdef __NR_uprobe
		if (sd->nr == __NR_uprobe)
		return true;
		#endif
		}
		#endif
		return false;
		}

		/**
		* seccomp_is_const_allow - check if filter is constant allow with given data
		* @fprog: The BPF programs
		@@ -758,13 +778,8 @@ static bool seccomp_is_const_allow(struct sock_fprog_kern *fprog,
		return false;

		/* Our single exception to filtering. */
		#ifdef __NR_uretprobe
		#ifdef SECCOMP_ARCH_COMPAT
		if (sd->arch == SECCOMP_ARCH_NATIVE)
		#endif
		if (sd->nr == __NR_uretprobe)
		if (seccomp_uprobe_exception(sd))
		return true;
		#endif

		for (pc = 0; pc < fprog->len; pc++) {
		struct sock_filter *insn = &fprog->filter[pc];
		@@ -1042,6 +1057,9 @@ static const int mode1_syscalls[] = {
		__NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn,
		#ifdef __NR_uretprobe
		__NR_uretprobe,
		#endif
		#ifdef __NR_uprobe
		__NR_uprobe,
		#endif
		-1, /* negative terminated */
		};