Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3682686ybz;
        Mon, 27 Apr 2020 21:21:54 -0700 (PDT)
X-Google-Smtp-Source: APiQypKvZ/ojtc0o51xd+EFGi/Hvu4+wz0NvOQf+YDmc6Xr6PYAcn5u9Of9+uTZkuT+KhqlzNoXx
X-Received: by 2002:a17:906:2f8f:: with SMTP id w15mr23357999eji.255.1588047713998;
        Mon, 27 Apr 2020 21:21:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1588047713; cv=none;
        d=google.com; s=arc-20160816;
        b=ySwIwhL/H6QgfOc84wdhjbe966Ag47vh7t9qDaEieZT/7fqb2wroUqiRf0PNHGsLFQ
         ikJ0Dzmu88QmCqhqUetVzbYqGuIzKwyt+IF39xqzvy+nfKLyn9KPO/8R0Uz1UCj7ld/D
         oZGBw2TLhgnHPwdtG+7bcxGsnSRSpgAaEgY6CewWTgJAj8kdVIxAptZbcT2oVoiUG7wz
         Qbj8Dp9sSTZGb5mO3eTOqEEVcdnbJxcqJbR32DHY+7inYxsP9idBjq5agZVPk9FyfqpK
         Brm8Zlr2icpvUQ1MxS/0UVGT3ksE8LQ8N4oWMVJtbji0lGiFpuGSrG9MZ/X+G+N39SBJ
         pjrQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:in-reply-to:cc:references:message-id
         :date:subject:mime-version:from:content-transfer-encoding
         :dkim-signature;
        bh=8h84Asdal8ddGdf/Sbj5GbMgUMmfxecNR/DGTl7C5Ms=;
        b=BJt9A/zoXvUvn/3PIHTmfylt5nRqDlZ25Uzl7KZSZd+2jDof/w6JZOrxwWsBnlfpzW
         SmLBJ1jEK62GA+rd7dn/noUpHSxkDG4FYjse5bVIrYr66Crh0WFJq2snbJsuONMoEXuu
         FEn9oTZbqI2svkuiMe0aoU37ECnhzQ2KOd5p9XPY7mpIqgDLvxswmhoc+nnsY8YAv2G8
         GmmMNJMZ3X0w/pAV2H0Q7bUoTNZ2oy6RKbwSOPY2T+BQkbt9QH0QR6hplPoW1vqaILyg
         cx4iChbYexe8+YL88p5HebDQ/47tFl5XHmWRmJlv+wEj56P4vwo6kkxVdB0TTlxlKj6k
         gsgA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=yiHvCuge;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id p22si1080518ejw.220.2020.04.27.21.21.31;
        Mon, 27 Apr 2020 21:21:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=yiHvCuge;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726291AbgD1ERb (ORCPT <rfc822;mailist1go@gmail.com>
        + 99 others); Tue, 28 Apr 2020 00:17:31 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51376 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726357AbgD1ERa (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 28 Apr 2020 00:17:30 -0400
Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82B03C03C1AC
        for <linux-kernel@vger.kernel.org>; Mon, 27 Apr 2020 21:17:29 -0700 (PDT)
Received: by mail-pl1-x643.google.com with SMTP id s10so7850971plr.1
        for <linux-kernel@vger.kernel.org>; Mon, 27 Apr 2020 21:17:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=content-transfer-encoding:from:mime-version:subject:date:message-id
         :references:cc:in-reply-to:to;
        bh=8h84Asdal8ddGdf/Sbj5GbMgUMmfxecNR/DGTl7C5Ms=;
        b=yiHvCugecQvQXY4FTuCZbAeqgRSihOJpQiYtv4ucRIIrYF1q36lTJjRozoR5D2wm8l
         VF5mZ+dZWbk4kz4QBYd/2RYXIZsNZUFA3jT2mhccQQOrk4CDxQfdWsRtKyQt+hzc65zA
         /Lwe94WK5jLX/Xkq6KGUGJSydKi60TWSj82uliq2QsNMQOdvgmjwYgBolGWdJVeZIlJw
         zEBx5YWicx1ACchhvJrZuuhjE2KatYX7Roy/bZsMcDTdbNnn9ggDu3FliVQKv3H8etFL
         c1VjXCKqOC68ekMz/k10f3g29XEVCnMCtiCVnoVGRNtETVAeyEvWVFrv+Cxld/ekYTKu
         eJSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:content-transfer-encoding:from:mime-version
         :subject:date:message-id:references:cc:in-reply-to:to;
        bh=8h84Asdal8ddGdf/Sbj5GbMgUMmfxecNR/DGTl7C5Ms=;
        b=j5pReb5pk9W1VvobbofOOVCu9fAHchHj4O9Lcy2WMpc9wniIt455nEEHYlNWOLGM0F
         aEjEkETq2CqVpMwi9ndz6GsWVgtaRQkhJEk5J5zwZmYrAPnqSsXZJh13ZLGsqoSl4/99
         SiTzNVfrAOrvqeJal0HNSkEyhD9Ye0qcVFdzxfuFVRf9RQWr6WTScmz7rYImvQSgEw5B
         ffbrdzqRNcUyvWru688CWYErQhIHvPPrvfSp5dIHrMLOkQT5uz479P52etdiNkOI2nY5
         fzpgI6Z9T24DNeObqMmAh8oTOG1up2zz/Rm88T3NKfm3nxByGq0iJE5FelQhShj4+G/B
         Rylw==
X-Gm-Message-State: AGi0PuZ+H5yBvgacGcOMBXHhRY/REqdTZdsua39ag0G4cwz260SJKIsG
        KnMGt0DSEfI4+rewpCO3LkvK1w==
X-Received: by 2002:a17:90a:2b8f:: with SMTP id u15mr2718879pjd.137.1588047448950;
        Mon, 27 Apr 2020 21:17:28 -0700 (PDT)
Received: from ?IPv6:2601:646:c200:1ef2:95ae:5ea5:619c:8559? ([2601:646:c200:1ef2:95ae:5ea5:619c:8559])
        by smtp.gmail.com with ESMTPSA id z190sm13652412pfb.1.2020.04.27.21.17.27
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 27 Apr 2020 21:17:28 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From:   Andy Lutomirski <luto@amacapital.net>
Mime-Version: 1.0 (1.0)
Subject: Re: [RFC v2] ptrace, pidfd: add pidfd_ptrace syscall
Date:   Mon, 27 Apr 2020 21:17:26 -0700
Message-Id: <B7A115CB-0C8C-4719-B97B-74D94231CD1E@amacapital.net>
References: <CAHk-=wga3O=BoKZXR27-CDnAFareWcMxXhpWerwtCffdaH6_ow@mail.gmail.com>
Cc:     Aleksa Sarai <cyphar@cyphar.com>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Arnd Bergmann <arnd@arndb.de>,
        Hagen Paul Pfeifer <hagen@jauu.net>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Jann Horn <jannh@google.com>,
        kernel list <linux-kernel@vger.kernel.org>,
        Florian Weimer <fweimer@redhat.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <christian@brauner.io>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>, Brian Gerst <brgerst@gmail.com>,
        Sami Tolvanen <samitolvanen@google.com>,
        David Howells <dhowells@redhat.com>,
        Andy Lutomirski <luto@kernel.org>,
        Oleg Nesterov <oleg@redhat.com>,
        Arnaldo Carvalho de Melo <acme@redhat.com>,
        Sargun Dhillon <sargun@sargun.me>,
        Linux API <linux-api@vger.kernel.org>,
        linux-arch <linux-arch@vger.kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In-Reply-To: <CAHk-=wga3O=BoKZXR27-CDnAFareWcMxXhpWerwtCffdaH6_ow@mail.gmail.com>
To:     Linus Torvalds <torvalds@linux-foundation.org>
X-Mailer: iPhone Mail (17E262)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On Apr 27, 2020, at 6:36 PM, Linus Torvalds <torvalds@linux-foundation.org=
> wrote:
>=20
> =EF=BB=BFOn Mon, Apr 27, 2020 at 5:46 PM Aleksa Sarai <cyphar@cyphar.com> w=
rote:
>>=20
>> I agree. It would be a shame to add a new ptrace syscall and not take
>> the opportunity to fix the multitude of problems with the existing API.
>> But that's a Pandora's box which we shouldn't open unless we want to
>> wait a long time to get an API everyone is okay with -- a pretty high
>> price to just get pidfds support in ptrace.
>=20
> We should really be very very careful with some "smarter ptrace".
> We've had _so_ many security issues with ptrace that it's not even
> funny.
>=20
> And that's ignoring all the practical issues we've had.
>=20
> I would definitely not want to have anything that looks like ptrace AT
> ALL using pidfd. If we have a file descriptor to specify the target
> process, then we should probably take advantage of that file
> descriptor to actually make it more of a asynchronous interface that
> doesn't cause the kinds of deadlocks that we've had with ptrace.
>=20
> The synchronous nature of ptrace() means that not only do we have
> those nasty deadlocks, it's also very very expensive to use. It also
> has some other fundamental problems, like the whole "take over parent"
> and the SIGCHLD behavior.
>=20
> It also is hard to ptrace a ptracer. Which is annoying when you're
> debugging gdb or strace or whatever.
>=20
> So I think the thing to do is ask the gdb (and strace) people if they
> have any _very_ particular painpoints that we could perhaps help with.
>=20
> And then very carefully think things through and not repeat all the
> mistakes ptrace did.
>=20
> I'm not very optimistic.

I hate to say this, but I=E2=80=99m not convinced that asking the gdb folks i=
s the right approach. GDB has an ancient architecture and is *incredibly* bu=
ggy.  I=E2=80=99m sure ptrace is somewhere on the pain point list, but I sus=
pect it=E2=80=99s utterly dwarfed by everything else.

Maybe the LLDB people would have a better perspective?  The rr folks would b=
e a good bet, too. Or, and I know this is sacrilege, the VSCode people?


I think one requirement for a better ptrace is that it should work if you tr=
y to debug, simultaneously, a debugger and its debugee. Maybe not perfectly,=
 but it should work. And you should be able to debug init.

Another major pain point I=E2=80=99ve seen is compat. A 64-bit debugger shou=
ld be able to debug a program that switches back and forth between 32-bit an=
d 64-bit.  A debugger that is entirely unaware of a set of registers should b=
e able to debug a process using those registers.