On Sat, January 21, 2012 02:23, Jamie Lokier wrote:
> Roland McGrath wrote:
>> On Fri, Jan 20, 2012 at 4:07 PM, Denys Vlasenko
>> <vda.linux@xxxxxxxxxxxxxx> wrote:
>> >> Maybe a bit telling whether it is syscall entry or exit?
>> >
>> > Yes, this one too. This is one of longstanding annoyances
>> > that this information is not exposed.
>>
>> That is not really "state", it's just which event you want.
>> That is much better addressed by replacing PTRACE_SYSCALL
>> with PTRACE_O_TRACE_SYSCALL_{ENTRY,EXIT} and PTRACE_EVENT_SYSCALL_{ENTRY,EXIT}.
>> Oleg can whip that up for you no problem.
>
> I agree, that is so obviously the right thing to do and it's very easy
> to do in the tracehook functions.
Yes, bad place for it, much better via ptrace flags. We're usually not
interested in syscall exit events, so having a way to not always get
syscall exit events would improve performance quite a bit too.
> There is one slight problem that some archs don't use
> tracehook yet. Probably that should be fixed anyway.
>
> (Fwiw, two other issues with arch-independent ptrace have come up in this
> thread, which ought to be fairly easy to fix:
> - If tracer dies, tracee is free to continue running. For security
> tracers, and would be useful for strace as well, it would be good
> to have an option to SIGKILL the tracee if tracer dies.
It should be easy to add a PTRACE_O_SIGKILL_ON_DEATH option.
> - Can't abort or change an unwanted syscall if the process receives
> SIGKILL as it's about to start a syscall (which will be its last).)
This is very important for any syscall filtering/control via ptrace, otherwise
SIGKILL becomes a security problem. Oleg had a patch for that:
On Wed, January 18, 2012 18:12, Oleg Nesterov wrote:
> On 01/18, Oleg Nesterov wrote:
>> Not only for security. The current behaviour sometime confuses the
>> users. Debugger sends SIGKILL to the tracee and assumes it should
>> die asap, but the tracee exits only after syscall.
>
> Something like the patch below.
>
> Oleg.
>
> --- x/include/linux/tracehook.h
> +++ x/include/linux/tracehook.h
> @@ -54,12 +54,12 @@ struct linux_binprm;
> /*
> * ptrace report for syscall entry and exit looks identical.
> */
> -static inline void ptrace_report_syscall(struct pt_regs *regs)
> +static inline int ptrace_report_syscall(struct pt_regs *regs)
> {
> int ptrace = current->ptrace;
>
> if (!(ptrace & PT_PTRACED))
> - return;
> + return 0;
>
> ptrace_notify(SIGTRAP | ((ptrace & PT_TRACESYSGOOD) ? 0x80 : 0));
>
> @@ -72,6 +72,8 @@ static inline void ptrace_report_syscall
> send_sig(current->exit_code, current, 1);
> current->exit_code = 0;
> }
> +
> + return fatal_signal_pending(current);
> }
>
> /**
> @@ -96,8 +98,7 @@ static inline void ptrace_report_syscall
> static inline __must_check int tracehook_report_syscall_entry(
> struct pt_regs *regs)
> {
> - ptrace_report_syscall(regs);
> - return 0;
> + return ptrace_report_syscall(regs);
> }
>
> /**
>
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
