On 09/08, Pierre Morel wrote:Yes it can but what if the application forget to do it?
--- linux-2.6.26.orig/arch/s390/kernel/signal.c
+++ linux-2.6.26/arch/s390/kernel/signal.c
@@ -409,6 +409,11 @@ handle_signal(unsigned long sig, struct spin_unlock_irq(¤t->sighand->siglock);
}
+ if (current->instrumentation) {
+ clear_thread_flag(TIF_SYSCALL_TRACE);
+ current->instrumentation &= ~PTS_SELF;
+ }
+
return ret;
}
I still think this patch shouldn't change handle_signal().
Once again. The signal handler for SIGSYS can first do
sys_ptrace(PTRACE_SELF_OFF) (which is filtered out), and then use any
other syscall, so this change is not needed, afaics.
The overhead of the additional PTRACE_SELF_OFF syscall is very small,Yes you are right, in fact I do not need two flags, I will remove
especially compared to signal delivery. I don't think this functionality
will be widely used, but this change adds the unconditional overhead
to handle_signal().
Btw, the check above looks wrong, shouldn't it be
if (current->instrumentation & PTS_SELF)
?
And. According to the prior discussion, this requires to hook everyYes, I remove PTS_INSTRUMENTED, a bad idea.
signal handler in user space, otherwise we can miss syscall. But every
hook should start with PTRACE_SELF_ON, so I can't see any gain.
+#define PTS_INSTRUMENTED 0x00000001
+#define PTS_SELF 0x00000002
I don't really understand why do we need 2 flags, see also below,
--- linux-2.6.26.orig/kernel/ptrace.c
+++ linux-2.6.26/kernel/ptrace.c
@@ -543,6 +543,38 @@ asmlinkage long sys_ptrace(long request,
* This lock_kernel fixes a subtle race with suid exec
*/
lock_kernel();
+ if (request == PTRACE_SELF_ON) {
+ task_lock(current);
+ if (current->ptrace) {
+ task_unlock(current);
+ ret = -EPERM;
+ goto out;
+ }
+ set_thread_flag(TIF_SYSCALL_TRACE);
+ current->instrumentation |= PTS_INSTRUMENTED|PTS_SELF;
+ task_unlock(current);
+ ret = 0;
+ goto out;
The code looks strange. How about
if (request == PTRACE_SELF_ON) {
ret = -EPERM;
task_lock(current);
if (!current->ptrace) {
set_thread_flag(TIF_SYSCALL_TRACE);
current->instrumentation |= PTS_INSTRUMENTED|PTS_SELF;
ret = 0;
}
task_unlock(current);
goto out;
}
?
I don't understand how task_lock() can help. This code runs under
lock_kernel(), and without this lock the code is racy anyway.
You are right again, I will remove the PTS_INSTRUMENTED flag.+ }
+ if (request == PTRACE_SELF_OFF) {
+ task_lock(current);
+ if (current->ptrace) {
+ task_unlock(current);
+ ret = -EPERM;
+ goto out;
+ }
+ clear_thread_flag(TIF_SYSCALL_TRACE);
+ current->instrumentation &= ~PTS_SELF;
So. PTRACE_SELF_OFF doesn't clear PTS_INSTRUMENTED? How can the task
reset ->instrumentation ?
I think that having two tracing system one over the other may be+ if (current->instrumentation) {
+ ret = -EPERM;
+ goto out;
+ }
So, PTRACE_SELF_XXX disables the "normal" ptrace. Not sure this is good.
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/