PTRACE_SYSCALL && vsyscall (Was: arch_check_bp_in_kernelspace: fixthe range check)
From: Oleg Nesterov
Date: Sun Dec 02 2012 - 14:30:59 EST
Amnon, sorry for delay...
On 11/26, Amnon Shiloh wrote:
> > Why do you need to _prevent_, say, sys_gettimeofday()? Why we can't
> > change emulate_vsyscall() to respect PTRACE_SYSCALL and report
> > TRAP_VSYSCALL or PTRACE_EVENT_VSYSCALL as I tried to suggest in
> > http://marc.info/?l=linux-kernel&m=135343635523715 ?
> > Oleg.
> For my own application, I would be happy with this.
> But I suspect it might break current versions of "strace",
> I think it COULD work, but not based on PTRACE_SYSCALL
> (or PTRACE_SYSEMU) alone. A new ptrace option will be needed, saying:
> "Yes, I am aware of TRAP_VSYSCALL and I know how to handle it."
Yes, that is why I said this needs the new option.
However. Of course it would be nice to avoid the new option. IMO it
would be better to do nothing ;) vsyscall is deprecated, and EMULATE
May be we could simply do something like the patch below? (Just in
case, this hack is only for illustration, it is not complete).
If the tracer does PTRACE_SYSCALL the tracee reports syscall exit
_after_ gettimeofday/etc. The tracer can look at regs->orig_ax == -1
and detect that this is not syscall but vsyscall, it can look at
regs->ip then (not with the patch below).
Denys, Jan, Pedro. Do you think this change can break/confuse
> While for my own application, just fixing the range-check in
> arch_check_bp_in_kernelspace will do,
You forgot again that EMULATE does not execute the code in the
@@ -186,6 +186,8 @@ static bool write_ok_or_segv(unsigned long ptr, size_t size)
bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
struct task_struct *tsk;
@@ -312,6 +314,8 @@ do_ret:
regs->ip = caller;
regs->sp += 8;
+ if (test_thread_flag(TIF_SYSCALL_TRACE))
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/