Re: [PATCH RESEND v3 1/3] ptrace: pass type of a syscall-stop in ptrace_message

[Dmitry V. Levin]

On Tue, Nov 27, 2018 at 03:53:57AM +0100, Elvira Khabirova wrote:
> On Mon, 26 Nov 2018 15:56:43 +0100, Oleg Nesterov wrote:
> > On 11/25, Elvira Khabirova wrote:
> > >
> > > + * These values are stored in task->ptrace_message by tracehook_report_syscall_*
> > > + * to describe current syscall-stop.
> > > + *
> > > + * Values for these constants are chosen so that they do not appear
> > > + * in task->ptrace_message by other means.
> > > + */
> > > +#define PTRACE_EVENTMSG_SYSCALL_ENTRY	0x80000000U
> > > +#define PTRACE_EVENTMSG_SYSCALL_EXIT	0x90000000U  
> > 
> > Stupid question, why not
> > 
> > 	#define PTRACE_EVENT_SYSCALL_ENTRY	8
> > 	#define PTRACE_EVENT_SYSCALL_EXIT	9
> > 
> > right after other PTRACE_EVENT_* constants?
> 
> I thought about adding new events for syscall {entry,exit}.
> For tracers, using new events means setting new options and checking
> for new values after waitpid(). They will also have to switch from using
> PTRACE_SYSCALL to PTRACE_CONT.
> Right now (with this version of the patch) tracers can use
> PTRACE_GETEVENTMSG without doing any additional configuration.
> More importantly, adding these events would require much more complex
> modifications of kernel code than this patch does.

To be honest, we don't see any way of introducing PTRACE_EVENT_* support
in PTRACE_GET_SYSCALL_INFO without adding new fields to struct task_struct.

> The only benefit I see from adding these events instead of letting
> syscall-stops put a value in ptrace_message is an ability to subscribe
> to syscall entries, but not to exits, and vice-versa, and I don't think
> it is worth it.


-- 
ldv

Attachment: signature.asc
Description: PGP signature