Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3160304imu; Wed, 7 Nov 2018 06:08:14 -0800 (PST) X-Google-Smtp-Source: AJdET5fQjGg2LTAEh4sxMkfbIpvZxwHwVIMTdluny8iaxFfYXBhhnKIWmGPvmmigV0w2kr4hc3zv X-Received: by 2002:a17:902:9346:: with SMTP id g6-v6mr369649plp.148.1541599694125; Wed, 07 Nov 2018 06:08:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541599693; cv=none; d=google.com; s=arc-20160816; b=WLvG+0WTgwggbcjiP2eoxB2YOclsihC3/SqivLx6dzebucOY95Cv3dMPdhRHwAux+8 eQ1L//Y7vTqVNtqBmvyIcHNGTBruadsaCJkR7LJZhjzDWHs3y8I9Evbrun30cxG4wq6Q h+rSpa1qyhsqrVCtE63oWJQh/IPKymcWRkOYJuHnnbOtp4oGzLdM8OKoD52DE8RXnmWK iWZ4eoRtlaMuQJLvyrtPrrOc8UhRQLJRg41btKDddNfm7TVD9Jmj5UHh0hGRGilPRFCq bzU3XSFHvvZxscsve+mC8GCAv6tJqxO2NrCtO4fQ5yGCHsxvlu1hPQpPTB/itfe9ib6Y P/RA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=Cq44L2Lzc2SYuidGokBvhmfP9O2TQxHES7y8bZuOJVw=; b=n7NQ8trSarAvV6kpad1lXzo8xzR5M/ROYKhKwQpCNLeCUxXf3+gaFU96OpsUe5lKiU M0aY/DxiG48/HIHX+2nxtnrP2z0baQrWVUklIBlIfPLT36SBFeK6bJxtcE18WlEfuAB5 I4gupDzTOt2gzSBnemcrsiB6VvG7m2cWdZZTXXvhBmb37P+DQdfjtAVTgRFJmuyHnODY Ly4CRjdRwi40OTEn3u2QD/XOosIXBlwDFGLU2UTb/e4+oEscLVDr3RGJ6YndNKqym0cx O6ygVq4CJGDWzRc8ScocPQEY1nBaWxo+b/W1kntytWsV27I6cKwDTNZN1EsN4251Sg4o oiBA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=NdXVteev; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m126-v6si802373pfc.265.2018.11.07.06.07.57; Wed, 07 Nov 2018 06:08:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=NdXVteev; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727802AbeKGXhS (ORCPT + 99 others); Wed, 7 Nov 2018 18:37:18 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:40732 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726635AbeKGXhS (ORCPT ); Wed, 7 Nov 2018 18:37:18 -0500 Received: by mail-pl1-f196.google.com with SMTP id q19-v6so4915892pll.7 for ; Wed, 07 Nov 2018 06:06:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Cq44L2Lzc2SYuidGokBvhmfP9O2TQxHES7y8bZuOJVw=; b=NdXVteevIYUltfBgsXPByN6Fss6IKTjzMseZhfv/LwZShwtTXbkapQIyZGKHd1kG7E M5QCsRQhaDpiEXnnwtAzIAxZQkTf1fOsji9DTrSkBJW6jShlTCtAB4jtHhB60cofBkMQ UZPskeuMLR56g1gGUbsUwJzCVOVuKV96CbgoBPPoYYuSjm+wXOouo6Q7kxeqbHGWDWFI /QvNGYsOsrhdvSMHPqnjiozTCzRPfnBmBq1sDEzLlH1hRPPW8RfrzjkEFHF6jsddaVvU 37KUCmIoXIZFhN8tJwIwMEQFUpMVJo2Z46r++kKtgrCI7NasF3IPBdUJNuRUno/bEPgO iFEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Cq44L2Lzc2SYuidGokBvhmfP9O2TQxHES7y8bZuOJVw=; b=dgxEjpC3D6LSPAsDKv+Yn99H1dot6Bf8E2kPEGr+dDyQDAi1lbm/E0Up0RLV+K+uWF Lc55VZBb3zQ3XeTIWWJNtfU/CPfseBPNP0gdrLFaTiUKCaTEv6UQ2vn98hVlHOmWg96d +2P5cs20q43z1kHnbRQUZW6m3VUQ2LVNUy2U/+swcmGeNEnHQwYPIEnzlvUmSLE4pKqc 0su40W1AqBIdGBRRPyuEjBvu3unZCVruUwGyfsyeFjUwihVESuIHRUmd9ppCip9l1SxL kgmB1rcvHlqCTSAjSh2YJ77dcOd7So1EgR8Z9uTzeYAfyGvJ14u1TViyVgPbIVsyUDSH bwVA== X-Gm-Message-State: AGRZ1gLJGCK/9GoQPXnXPusQfMBzx3xrTZyKrTMLT1wR9/sWN1VD42lR K2DH+fh+BnNE4VmXzqYZhfDmvQ== X-Received: by 2002:a17:902:7613:: with SMTP id k19-v6mr372065pll.98.1541599606057; Wed, 07 Nov 2018 06:06:46 -0800 (PST) Received: from [192.168.0.178] (c-71-202-137-17.hsd1.ca.comcast.net. [71.202.137.17]) by smtp.gmail.com with ESMTPSA id p82-v6sm1069206pfa.47.2018.11.07.06.06.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Nov 2018 06:06:45 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [RFC PATCH] ptrace: add PTRACE_GET_SYSCALL_INFO request From: Andy Lutomirski X-Mailer: iPhone Mail (16A404) In-Reply-To: <20181107112100.GA20419@redhat.com> Date: Wed, 7 Nov 2018 06:06:43 -0800 Cc: Elvira Khabirova , rostedt@goodmis.org, mingo@redhat.com, linux-kernel@vger.kernel.org, ldv@altlinux.org, esyr@redhat.com, luto@kernel.org, strace-devel@lists.strace.io Content-Transfer-Encoding: quoted-printable Message-Id: <3BDB914D-12F3-4703-A033-EBE02226EC45@amacapital.net> References: <20181107042751.3b519062@akathisia> <20181107112100.GA20419@redhat.com> To: Oleg Nesterov Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Nov 7, 2018, at 3:21 AM, Oleg Nesterov wrote: >=20 >> On 11/07, Elvira Khabirova wrote: >>=20 >> In short, if a 64-bit task performs a syscall through int 0x80, its trace= r >> has no reliable means to find out that the syscall was, in fact, >> a compat syscall, and misidentifies it. >> * Syscall-enter-stop and syscall-exit-stop look the same for the tracer. >=20 > Yes, this was discussed many times... >=20 > So perhaps it makes sense to encode compat/is_enter in ->ptrace_message, > debugger can use PTRACE_GETEVENTMSG to get this info. As I said before, I strongly object to the use of =E2=80=9Ccompat=E2=80=9D h= ere. Compat meant =E2=80=9Cnot the kernel=E2=80=99s native syscall API =E2=80= =94 uses the 32-bit structure format instead=E2=80=9D. This does not have a= sensible meaning to user code, especially in the case where the tracer is 3= 2-bit. >=20 >> Secondly, ptracers also have to support a lot of arch-specific code for >> obtaining information about the tracee. For some architectures, this >> requires a ptrace(PTRACE_PEEKUSER, ...) invocation for every syscall >> argument and return value. >=20 > I am not sure about this change... I won't really argue, but imo this > needs a separate patch. Why? Having a single struct that the tracer can read to get the full state i= s extremely helpful. Also, we really want it to work for seccomp events as well as PTRACE_SYSCALL= , and the event info trick doesn=E2=80=99t make sense for seccomp events. >=20 >> +#define PT_IN_SYSCALL_STOP 0x00000004 /* task is in a syscall-stop= */ > ... >> -static inline int ptrace_report_syscall(struct pt_regs *regs) >> +static inline int ptrace_report_syscall(struct pt_regs *regs, >> + unsigned long message) >> { >> int ptrace =3D current->ptrace; >>=20 >> if (!(ptrace & PT_PTRACED)) >> return 0; >> + current->ptrace |=3D PT_IN_SYSCALL_STOP; >>=20 >> + current->ptrace_message =3D message; >> ptrace_notify(SIGTRAP | ((ptrace & PT_TRACESYSGOOD) ? 0x80 : 0)); >>=20 >> /* >> @@ -76,6 +79,7 @@ static inline int ptrace_report_syscall(struct pt_regs *= regs) >> current->exit_code =3D 0; >> } >>=20 >> + current->ptrace &=3D ~PT_IN_SYSCALL_STOP; >> return fatal_signal_pending(current); > ... >=20 >> + case PTRACE_GET_SYSCALL_INFO: >> + if (child->ptrace & PT_IN_SYSCALL_STOP) >> + ret =3D ptrace_get_syscall(child, datavp); >> + break; >=20 > Why? If debugger uses PTRACE_O_TRACESYSGOOD it can know if the tracee repo= rted > syscall entry/exit or not. PTRACE_GET_SYSCALL_INFO is pointless if not, bu= t > nothing bad can happen. >=20 >=20 I think it=E2=80=99s considerably nicer to the user to avoid reporting garba= ge if the user misused the API. (And Elvira got this right in the patch =E2= =80=94 I just missed it.) >=20