> > arch/i386/kernel/ptrace.c:syscall_trace (and similarly for other arches)
> > to see if the syscall was made from kernel mode. If so, the parent
> > should not be notified.
>
> Thats the fast path though. I think you just need to clear the ptrace
> flags in kernel_thread()
syscall_trace is in the fast path?!? It only gets called when a process
is being traced, and nobody expects traced processes to run extremely
fast, do they?
The problem isn't that the child thread is traced, it's that the `clone'
call itself from `kernel_thread' is traced. So one would have to clear
the flag and then reset it in the parent.
Besides, this doesn't suffice. There are other places in the kernel
that make system calls (there's a `waitpid' in `request_module' for
instance). We would need to find and change all of these and institute
a rule for the future, or else change the inline asm definitions in
asm/unistd.h. Either seems a lot more complex.
Am I missing something?
--Nate Eldredge nate@cartsys.com
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/