On Mon, Sep 03, 2018 at 02:40:02PM -0400, Joseph C. Sible wrote: > On 9/3/18, Dmitry V. Levin <ldv@xxxxxxxxxxxx> wrote: > > On Mon, Sep 03, 2018 at 01:26:15PM -0400, Joseph C. Sible wrote: > >> +but most other architectures have other means of accomplishing this > >> +(usually by changing the register that the userland code passed the > >> +syscall number in). > >> +.\" see change_syscall in tools/testing/selftests/seccomp/seccomp_bpf.c > > > > I suggest replacing the reference to that huge file with a reference to > > syscall(2) manpage that contains more detailed information in a much more > > readable form. > > The information in syscall(2) is for how to choose a syscall while > you're still fully in userspace. Once you're in syscall-enter-stop, > things often work slightly differently. For example, on arm/EABI, the > syscall number goes in r7, but changing r7 from syscall-enter-stop has > no effect, as the kernel has already read it by then (hence the purpose > of PTRACE_SET_SYSCALL). Looks like arm (with PTRACE_SET_SYSCALL) and aarch64 (with PTRACE_SETREGSET NT_ARM_SYSTEM_CALL) are the only exceptions so far. Anyway, I wouldn't recommend tools/testing/selftests/seccomp/seccomp_bpf.c as a source of information on ptrace. There are more authoritative sources, e.g. strace's linux/*/set_scno.c files. -- ldv
Attachment:
signature.asc
Description: PGP signature
