On Mon, 5 Sep 2022 11:44:55 -0700 Nadav Amit <nadav.amit@xxxxxxxxx> wrote: > I would note that I have a solution in the making (which pretty much works) > for this matter, and does not require any kernel changes. It produces a > call stack that leads to the code that lead to syscall failure. > > The way it works is by using seccomp to trap syscall failures, and then > setting ftrace function filters and kprobes on conditional branches, > indirect branch targets and function returns. Ooh nifty! > > Using symbolic execution, backtracking is performed and the condition that > lead to the failure is then pin-pointed. > > I hope to share the code soon. Looking forward to it. -- Steve
