Re: [RFC PATCH] ptrace: add PTRACE_GET_SYSCALL_INFO request

From: Dmitry V. Levin
Date: Wed Nov 07 2018 - 11:12:48 EST


On Wed, Nov 07, 2018 at 12:21:01PM +0100, Oleg Nesterov wrote:
> On 11/07, Elvira Khabirova wrote:
> >
> > In short, if a 64-bit task performs a syscall through int 0x80, its tracer
> > has no reliable means to find out that the syscall was, in fact,
> > a compat syscall, and misidentifies it.
> > * Syscall-enter-stop and syscall-exit-stop look the same for the tracer.
>
> Yes, this was discussed many times...
>
> So perhaps it makes sense to encode compat/is_enter in ->ptrace_message,
> debugger can use PTRACE_GETEVENTMSG to get this info.

This would mean for the debugger an extra syscall invocation for each
syscall stop. When strace doesn't have to fetch memory, it invokes three
syscalls per syscall stop (wait4, PTRACE_GETREGSET, and PTRACE_SYSCALL).
We definitely want to avoid adding PTRACE_GETEVENTMSG on top of that.


--
ldv