Re: [PATCH] seccomp: passthrough uretprobe systemcall without filtering

On 01/21, Steven Rostedt wrote:

I think this may have been mentioned, but is there a way that the kernel could know that this system call is being monitored by seccomp, and if so, just stick with the interrupt version? If not, enable the system call?

Consider

int func_to_uretprobe() { seccomp(SECCOMP_SET_MODE_STRICT/whatever); return 123; }

by the time it is called, the kernel can't know that this function will call seccomp/install-the-filters/etc, so prepare_uretprobe() can't know if it is safe to use uretprobe or not.

Oleg.