On Mon, May 09, 2022 at 04:19:57PM +0100, Francis Laniel wrote:
> This patch enables exeve*() to be traced by syscalls:sys_exit_execve
> tracepoint.
> Previously, calling forget_syscall() would set syscall to -1, which impedes
> this tracepoint to prints its information.
> So, this patch makes call to forget_syscall() conditional by only calling
> it when syscall number is not execve() or execveat().
>
> Signed-off-by: Francis Laniel <flaniel@xxxxxxxxxxxxxxxxxxx>
> ---
> arch/arm64/include/asm/processor.h | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
> index 73e38d9a540c..e12ceb363d6a 100644
> --- a/arch/arm64/include/asm/processor.h
> +++ b/arch/arm64/include/asm/processor.h
> @@ -34,6 +34,8 @@
>
> #include <vdso/processor.h>
>
> +#include <asm-generic/unistd.h>
> +
> #include <asm/alternative.h>
> #include <asm/cpufeature.h>
> #include <asm/hw_breakpoint.h>
> @@ -250,8 +252,12 @@ void tls_preserve_current_state(void);
>
> static inline void start_thread_common(struct pt_regs *regs, unsigned long pc)
> {
> + s32 previous_syscall = regs->syscallno;
> memset(regs, 0, sizeof(*regs));
> - forget_syscall(regs);
> + if (previous_syscall == __NR_execve || previous_syscall == __NR_execveat)
> + regs->syscallno = previous_syscall;
> + else
> + forget_syscall(regs);
Hmm, this really looks like a bodge and it doesn't handle the compat case
either.
How do other architectures handle this?
Will
|