Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3195713imu; Fri, 23 Nov 2018 23:51:01 -0800 (PST) X-Google-Smtp-Source: AFSGD/WDWsgISlEQ1qz9tE3P43icSXqkSqfbdtV8DGcRlVt0CeAXXXISOS+B7Hkd/rSCeQuD1fQV X-Received: by 2002:a17:902:9881:: with SMTP id s1-v6mr18508620plp.328.1543045861406; Fri, 23 Nov 2018 23:51:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543045861; cv=none; d=google.com; s=arc-20160816; b=PqoqCbfumY1yk11Za7wbYAISc30RZB+tCpcSEZFwgZ+aEVLgM5uiHOLG7xIvwAbgrT JhsYHMIQj+DlMRYJ4HNPzDryou9N7mGbqmCHZxrXA3/OuI8SZPBeL+ffZpye4Woes0Hf 7/1F/muzzbEhC9q3Ag2kf+7SXGITBx3RScDrkh5Jeg6izI3yhvlq+RriKQjXB/FSot2n 5Ew5WKAAyliUAqyn5YwdJwgMQoApW7/NdB3OwbJnZDIPH8mZdKTzGEq0kcIwdA4eC/cU 0zw7FQlauexs2d/95cgiueX+D/ZQi6VOXy51w8RdQVVQs1IHdg3jBI++2wiQms4/g8hz PkDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=z+SI+NjrGWL7zy8S0TG2k0pUXe+vbUkKHUE41DkrUW4=; b=rUl3kcAqqxYPpadorw+9lkQd3HFMMDS+soHR2Pfj7z5VYZgFtr27uUYbLhKtxaPw1i WhvyR+vK7VdA4EbDclBHm2ZCUATCYIAMGEPLm6sQVAXRsyCGpvB0SOCIHs+lxQ5ipXZW VpptdMfFClmjCm0SYqfokUlubBcEMGVwdmLtwVFkyDZeJyU25RQVdFzruqHThlw/Fo6e urBxa1wDpQiOe/LILmDVwfPf6DodCTg/GHpCn1enfvOmjn8fpGhg+N1D9BMhooRmx8o3 fPEra5jr0XMdBNtLmPfVUPwOvakE9ydxfqNX25ce6ro51JMksUn7bNRvwNPa2TVZOWr9 upww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HSo4j7P4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j14si42464729pfd.113.2018.11.23.23.50.47; Fri, 23 Nov 2018 23:51:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HSo4j7P4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2407947AbeKWLBS (ORCPT + 99 others); Fri, 23 Nov 2018 06:01:18 -0500 Received: from mail.kernel.org ([198.145.29.99]:52694 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2405050AbeKWLBS (ORCPT ); Fri, 23 Nov 2018 06:01:18 -0500 Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4FD2B20878 for ; Fri, 23 Nov 2018 00:19:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542932364; bh=8/wxv7W73DqHr6kxpiRnZfl3rIoXdiSPP4K8G497PhM=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=HSo4j7P4b0HS7a4HgOdg92NKKfpXG217fQzs5iCA3q1kxd+XxAEdhPZ+nkhT/wBDk fnGIdUCWscOpzCCYhG8+VVjTXIAA3B7lNMBH/Uj2YCTzM903u5RQXQKCmTtxpV3M7r VVjnJnfNgaGX/DgSjgphmpxeflqMPxVscv3ooUy4= Received: by mail-wr1-f43.google.com with SMTP id j2so10752990wrw.1 for ; Thu, 22 Nov 2018 16:19:24 -0800 (PST) X-Gm-Message-State: AA+aEWYbQCQZPyfnmOPL4cnGhv3+KAY2EduKu2v/8zLeJ/7mcgdwHrke /7L+bfFsiP/r/a/ZuKE8EUREq+uYmdhkgKbGCVVxyg== X-Received: by 2002:a5d:5541:: with SMTP id g1mr12065543wrw.330.1542932362678; Thu, 22 Nov 2018 16:19:22 -0800 (PST) MIME-Version: 1.0 References: <20181121165806.07da7c98@akathisia> <20181121235634.GA14146@altlinux.org> <20181122191504.GB27204@altlinux.org> In-Reply-To: <20181122191504.GB27204@altlinux.org> From: Andy Lutomirski Date: Thu, 22 Nov 2018 16:19:10 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v2] ptrace: add PTRACE_GET_SYSCALL_INFO request To: "Dmitry V. Levin" Cc: Andrew Lutomirski , Elvira Khabirova , Kees Cook , Linux API , Jann Horn , Oleg Nesterov , Steven Rostedt , Ingo Molnar , LKML , Eugene Syromiatnikov , strace-devel@lists.strace.io Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 22, 2018 at 11:15 AM Dmitry V. Levin wrote: > > On Thu, Nov 22, 2018 at 06:55:29AM -0800, Andy Lutomirski wrote: > > On Wed, Nov 21, 2018 at 3:56 PM Dmitry V. Levin wrote: > > > On Wed, Nov 21, 2018 at 02:56:57PM -0800, Andy Lutomirski wrote: > > > > Please cc linux-api@vger.kernel.org for future versions. > > > > > > > > On Wed, Nov 21, 2018 at 7:58 AM Elvira Khabirova wrote: > > > > > > > > > > struct ptrace_syscall_info { > > > > > __u8 op; /* 0 for entry, 1 for exit */ > > > > > > > > Can you add proper defines, like: > > > > > > > > #define PTRACE_SYSCALL_ENTRY 0 > > > > #define PTRACE_SYSCALL_EXIT 1 > > > > #define PTRACE_SYSCALL_SECCOMP 2 > > > > > > > > and make seccomp work from the start? I'd rather we don't merge an > > > > implementation that doesn't work for seccomp and then have to rework > > > > it later. > > > > > > What's the difference between PTRACE_EVENT_SECCOMP and syscall-entry-stop > > > with regards to PTRACE_GET_SYSCALL_INFO request? At least they have the > > > same entry_info to return. > > > > I'm not sure there's any material difference. > > In that case we don't really need PTRACE_SYSCALL_SECCOMP: op field > describes the structure inside the union to use, not the ptrace stop. Unless we think the structures might diverge in the future. > > > > As long as implementation (ab)uses ptrace_message to tell one kind of stop > > > from another, it can distinguish syscall-entry-stop and syscall-exit-stop > > > from each other and from many other kinds of stops, but it cannot > > > distinguish PTRACE_EVENT_SECCOMP from e.g. PTRACE_EVENT_EXIT. > > > > Hmm. PTRACE_GET_SYSCALL_INFO should fail for PTRACE_EVENT_EXIT, I think. > > Unless we can change PTRACE_EVENT_SECCOMP to set some higher bits of > ptrace_message (beyond SECCOMP_RET_DATA) which is very unlikely because > it would qualify as an ABI change, this would require an additional field > in struct task_struct because ptrace_message wouldn't be enough > to distinguish PTRACE_EVENT_SECCOMP from PTRACE_EVENT_EXIT. At the risk of making the patch more complicated, there's room to massively clean up the ptrace state. We could add a struct ptrace_tracee and put a struct ptrace_tracee *ptrace_tracee into task_struct. The struct would contain a pointer to the task_struct as well as ptrace (the flag field, I think), ptrace_entry, ptracer_cred, ptrace_message, and last_siginfo. And then we could add a field for the ptrace stop state that would indicate the actual reason for the current stop. We'd only allocate ptrace_tracee when someone attaches with ptrace, thus saving quite a few bytes for each task. It's a bit unfortunate if we allow PTRACE_GET_SYSCALL_INFO to success if the event is PTRACE_EVENT_EXIT. I'd also be a bit nervous about info leaks if we start calling the syscall accessors for tasks that aren't in syscalls. --Andy