Re: Ptrace documentation, draft #1
From: Oleg Nesterov
Date: Mon May 23 2011 - 08:11:52 EST
On 05/20, Denys Vlasenko wrote:
>
> On Thu, May 19, 2011 at 9:49 PM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> > Once again, PTRACE_KILL == ptrace(PTRACE_CONT, SIGKILL), except it
> > doesn't return the error if the tracee is not stopped.
>
> Oleg, this doesn't explain the resulting behavior in terms understandable
> to mere mortals. *What will happen* when user does ptrace(PTRACE_KILL)?
>
> Yes, it's obvious that the tracee gets SIGKILLed,
No, it is not necessarily killed. Once again, it is equivalent to PTRACE_CONT
except it returns 0 (but does nothing) if the tracee is not stopped.
"does nothing" is not 100% true, it does wake_up_process() but this shouldn't
be documented, this should be fixed.
> >> >> ??? can this SIGTRAP be distinguished from "real" user-generated SIGTRAP
> >> >> by looking at its siginfo?
> >> >
> >> > Afaics no. Well, except .si_pid shows that the signal was sent by the
> >> > tracing process to itself.
> >>
> >> What about si_code? Is it set to SI_KERNEL for this signal?
> >
> > No, SI_USER.
>
> This is stupid. This signal is sent by kernel. Why is it flagged as "from user"?
> Maybe we should change it?
Well, may be... I dunno actually. Hmm. On a second thought you are probably
right. ptrace_report_syscall() does send_sig() too, but it sets SI_KERNEL.
I am starting to think, at least they should use the same si_code.
> (BTW, where is it generated in the kernel source? I found
> PTRACE_EVENT_EXEC generation, but failed to find
> "old-school SIGTRAP" generation code...)
tracehook_report_exec()->send_sig(SIGTRAP).
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/