* [uml-devel] [patch] 3.6rc1 tracehook
@ 2012-08-06 15:37 Renzo Davoli
2012-08-06 16:05 ` Richard Weinberger
0 siblings, 1 reply; 3+ messages in thread
From: Renzo Davoli @ 2012-08-06 15:37 UTC (permalink / raw)
To: user-mode-linux-devel
Dear uml-developers,
I have seen that in 3.6 rc1 the management of ptrace has been changed:
the functions in arch/um/kernel/ptrace.c now call the tracehooks.
I have seen that the return value of tracehook_report_syscall_entry has not
been taken into account.
(the return value should not be ignored, the header in
include/linux/tracehook.h says:
static inline __must_check int tracehook_report_syscall_entry
)
In the other architectures when tracehook_report_syscall_entry
returns a nonzero value (1) it means that the syscall must be skipped.
The patch here attached adds this behavior for ARCH=um.
(I have also deleted the definition of syscall_trace from
arch/um/include/shared/kern_util.h because the function does not
exist any more).
renzo
Signed-off-by: renzo davoli <renzo@cs.unibo.it>
---
diff -Naur linux-3.6-rc1/arch/um/include/asm/ptrace-generic.h linux-3.6-rc1.tracehook/arch/um/include/asm/ptrace-generic.h
--- linux-3.6-rc1/arch/um/include/asm/ptrace-generic.h 2012-08-03 01:38:10.000000000 +0200
+++ linux-3.6-rc1.tracehook/arch/um/include/asm/ptrace-generic.h 2012-08-06 14:43:01.000000000 +0200
@@ -37,7 +37,7 @@
extern int arch_copy_tls(struct task_struct *new);
extern void clear_flushed_tls(struct task_struct *task);
-extern void syscall_trace_enter(struct pt_regs *regs);
+extern int syscall_trace_enter(struct pt_regs *regs);
extern void syscall_trace_leave(struct pt_regs *regs);
#endif
diff -Naur linux-3.6-rc1/arch/um/include/shared/kern_util.h linux-3.6-rc1.tracehook/arch/um/include/shared/kern_util.h
--- linux-3.6-rc1/arch/um/include/shared/kern_util.h 2012-08-03 01:38:10.000000000 +0200
+++ linux-3.6-rc1.tracehook/arch/um/include/shared/kern_util.h 2012-08-06 14:43:40.000000000 +0200
@@ -57,7 +57,6 @@
extern unsigned long to_irq_stack(unsigned long *mask_out);
extern unsigned long from_irq_stack(int nested);
-extern void syscall_trace(struct uml_pt_regs *regs, int entryexit);
extern int singlestepping(void *t);
extern void segv_handler(int sig, struct siginfo *unused_si, struct uml_pt_regs *regs);
diff -Naur linux-3.6-rc1/arch/um/kernel/ptrace.c linux-3.6-rc1.tracehook/arch/um/kernel/ptrace.c
--- linux-3.6-rc1/arch/um/kernel/ptrace.c 2012-08-03 01:38:10.000000000 +0200
+++ linux-3.6-rc1.tracehook/arch/um/kernel/ptrace.c 2012-08-06 14:45:07.000000000 +0200
@@ -163,7 +163,7 @@
* XXX Check PT_DTRACE vs TIF_SINGLESTEP for singlestepping check and
* PT_PTRACED vs TIF_SYSCALL_TRACE for syscall tracing check
*/
-void syscall_trace_enter(struct pt_regs *regs)
+int syscall_trace_enter(struct pt_regs *regs)
{
audit_syscall_entry(HOST_AUDIT_ARCH,
UPT_SYSCALL_NR(®s->regs),
@@ -173,9 +173,9 @@
UPT_SYSCALL_ARG4(®s->regs));
if (!test_thread_flag(TIF_SYSCALL_TRACE))
- return;
+ return 0;
- tracehook_report_syscall_entry(regs);
+ return tracehook_report_syscall_entry(regs);
}
void syscall_trace_leave(struct pt_regs *regs)
diff -Naur linux-3.6-rc1/arch/um/kernel/skas/syscall.c linux-3.6-rc1.tracehook/arch/um/kernel/skas/syscall.c
--- linux-3.6-rc1/arch/um/kernel/skas/syscall.c 2012-08-03 01:38:10.000000000 +0200
+++ linux-3.6-rc1.tracehook/arch/um/kernel/skas/syscall.c 2012-08-06 14:46:35.000000000 +0200
@@ -18,23 +18,24 @@
long result;
int syscall;
- syscall_trace_enter(regs);
+ if (syscall_trace_enter(regs) == 0)
+ {
+ /*
+ * This should go in the declaration of syscall, but when I do that,
+ * strace -f -c bash -c 'ls ; ls' breaks, sometimes not tracing
+ * children at all, sometimes hanging when bash doesn't see the first
+ * ls exit.
+ * The assembly looks functionally the same to me. This is
+ * gcc version 4.0.1 20050727 (Red Hat 4.0.1-5)
+ * in case it's a compiler bug.
+ */
+ syscall = UPT_SYSCALL_NR(r);
+ if ((syscall >= NR_SYSCALLS) || (syscall < 0))
+ result = -ENOSYS;
+ else result = EXECUTE_SYSCALL(syscall, regs);
- /*
- * This should go in the declaration of syscall, but when I do that,
- * strace -f -c bash -c 'ls ; ls' breaks, sometimes not tracing
- * children at all, sometimes hanging when bash doesn't see the first
- * ls exit.
- * The assembly looks functionally the same to me. This is
- * gcc version 4.0.1 20050727 (Red Hat 4.0.1-5)
- * in case it's a compiler bug.
- */
- syscall = UPT_SYSCALL_NR(r);
- if ((syscall >= NR_SYSCALLS) || (syscall < 0))
- result = -ENOSYS;
- else result = EXECUTE_SYSCALL(syscall, regs);
-
- PT_REGS_SET_SYSCALL_RETURN(regs, result);
+ PT_REGS_SET_SYSCALL_RETURN(regs, result);
+ }
syscall_trace_leave(regs);
}
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [uml-devel] [patch] 3.6rc1 tracehook
2012-08-06 15:37 [uml-devel] [patch] 3.6rc1 tracehook Renzo Davoli
@ 2012-08-06 16:05 ` Richard Weinberger
2012-08-06 17:03 ` Renzo Davoli
0 siblings, 1 reply; 3+ messages in thread
From: Richard Weinberger @ 2012-08-06 16:05 UTC (permalink / raw)
To: user-mode-linux-devel
[-- Attachment #1.1: Type: text/plain, Size: 4215 bytes --]
Am 06.08.2012 17:37, schrieb Renzo Davoli:
> ---
> diff -Naur linux-3.6-rc1/arch/um/include/asm/ptrace-generic.h linux-3.6-rc1.tracehook/arch/um/include/asm/ptrace-generic.h
> --- linux-3.6-rc1/arch/um/include/asm/ptrace-generic.h 2012-08-03 01:38:10.000000000 +0200
> +++ linux-3.6-rc1.tracehook/arch/um/include/asm/ptrace-generic.h 2012-08-06 14:43:01.000000000 +0200
> @@ -37,7 +37,7 @@
>
> extern int arch_copy_tls(struct task_struct *new);
> extern void clear_flushed_tls(struct task_struct *task);
> -extern void syscall_trace_enter(struct pt_regs *regs);
> +extern int syscall_trace_enter(struct pt_regs *regs);
> extern void syscall_trace_leave(struct pt_regs *regs);
>
> #endif
> diff -Naur linux-3.6-rc1/arch/um/include/shared/kern_util.h linux-3.6-rc1.tracehook/arch/um/include/shared/kern_util.h
> --- linux-3.6-rc1/arch/um/include/shared/kern_util.h 2012-08-03 01:38:10.000000000 +0200
> +++ linux-3.6-rc1.tracehook/arch/um/include/shared/kern_util.h 2012-08-06 14:43:40.000000000 +0200
> @@ -57,7 +57,6 @@
> extern unsigned long to_irq_stack(unsigned long *mask_out);
> extern unsigned long from_irq_stack(int nested);
>
> -extern void syscall_trace(struct uml_pt_regs *regs, int entryexit);
> extern int singlestepping(void *t);
>
> extern void segv_handler(int sig, struct siginfo *unused_si, struct uml_pt_regs *regs);
> diff -Naur linux-3.6-rc1/arch/um/kernel/ptrace.c linux-3.6-rc1.tracehook/arch/um/kernel/ptrace.c
> --- linux-3.6-rc1/arch/um/kernel/ptrace.c 2012-08-03 01:38:10.000000000 +0200
> +++ linux-3.6-rc1.tracehook/arch/um/kernel/ptrace.c 2012-08-06 14:45:07.000000000 +0200
> @@ -163,7 +163,7 @@
> * XXX Check PT_DTRACE vs TIF_SINGLESTEP for singlestepping check and
> * PT_PTRACED vs TIF_SYSCALL_TRACE for syscall tracing check
> */
> -void syscall_trace_enter(struct pt_regs *regs)
> +int syscall_trace_enter(struct pt_regs *regs)
> {
> audit_syscall_entry(HOST_AUDIT_ARCH,
> UPT_SYSCALL_NR(®s->regs),
> @@ -173,9 +173,9 @@
> UPT_SYSCALL_ARG4(®s->regs));
>
> if (!test_thread_flag(TIF_SYSCALL_TRACE))
> - return;
> + return 0;
>
> - tracehook_report_syscall_entry(regs);
> + return tracehook_report_syscall_entry(regs);
> }
>
> void syscall_trace_leave(struct pt_regs *regs)
> diff -Naur linux-3.6-rc1/arch/um/kernel/skas/syscall.c linux-3.6-rc1.tracehook/arch/um/kernel/skas/syscall.c
> --- linux-3.6-rc1/arch/um/kernel/skas/syscall.c 2012-08-03 01:38:10.000000000 +0200
> +++ linux-3.6-rc1.tracehook/arch/um/kernel/skas/syscall.c 2012-08-06 14:46:35.000000000 +0200
> @@ -18,23 +18,24 @@
> long result;
> int syscall;
>
> - syscall_trace_enter(regs);
> + if (syscall_trace_enter(regs) == 0)
> + {
> + /*
> + * This should go in the declaration of syscall, but when I do that,
> + * strace -f -c bash -c 'ls ; ls' breaks, sometimes not tracing
> + * children at all, sometimes hanging when bash doesn't see the first
> + * ls exit.
> + * The assembly looks functionally the same to me. This is
> + * gcc version 4.0.1 20050727 (Red Hat 4.0.1-5)
> + * in case it's a compiler bug.
> + */
> + syscall = UPT_SYSCALL_NR(r);
> + if ((syscall >= NR_SYSCALLS) || (syscall < 0))
> + result = -ENOSYS;
> + else result = EXECUTE_SYSCALL(syscall, regs);
>
> - /*
> - * This should go in the declaration of syscall, but when I do that,
> - * strace -f -c bash -c 'ls ; ls' breaks, sometimes not tracing
> - * children at all, sometimes hanging when bash doesn't see the first
> - * ls exit.
> - * The assembly looks functionally the same to me. This is
> - * gcc version 4.0.1 20050727 (Red Hat 4.0.1-5)
> - * in case it's a compiler bug.
> - */
> - syscall = UPT_SYSCALL_NR(r);
> - if ((syscall >= NR_SYSCALLS) || (syscall < 0))
> - result = -ENOSYS;
> - else result = EXECUTE_SYSCALL(syscall, regs);
> -
> - PT_REGS_SET_SYSCALL_RETURN(regs, result);
> + PT_REGS_SET_SYSCALL_RETURN(regs, result);
> + }
>
> syscall_trace_leave(regs);
Hmm, is it a good idea to call syscall_trace_leave() in any case?
E.g. if syscall_trace_enter() fails for whatever reason...
Thanks,
//richard
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 490 bytes --]
[-- Attachment #2: Type: text/plain, Size: 395 bytes --]
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
[-- Attachment #3: Type: text/plain, Size: 194 bytes --]
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [uml-devel] [patch] 3.6rc1 tracehook
2012-08-06 16:05 ` Richard Weinberger
@ 2012-08-06 17:03 ` Renzo Davoli
0 siblings, 0 replies; 3+ messages in thread
From: Renzo Davoli @ 2012-08-06 17:03 UTC (permalink / raw)
To: Richard Weinberger; +Cc: user-mode-linux-devel
On Mon, Aug 06, 2012 at 06:05:30PM +0200, Richard Weinberger wrote:
> Hmm, is it a good idea to call syscall_trace_leave() in any case?
> E.g. if syscall_trace_enter() fails for whatever reason...
I have replicated the behavior of other architectures.
For example in x86/32 a.k.a. i386:
arch/x86/kernel/entry_32.S:
489 ENTRY(system_call)
490 RING0_INT_FRAME # can't unwind into user space anyway
491 pushl_cfi %eax # save orig_eax
492 SAVE_ALL
493 GET_THREAD_INFO(%ebp)
494 # system call tracing in operation / emulation
495 testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
496 jnz syscall_trace_entry
497 cmpl $(NR_syscalls), %eax
498 jae syscall_badsys
499 syscall_call:
500 call *sys_call_table(,%eax,4)
501 movl %eax,PT_EAX(%esp) # store the return value
502 syscall_exit:
503 LOCKDEP_SYS_EXIT
504 DISABLE_INTERRUPTS(CLBR_ANY) # make sure we don't miss an interrupt
505 # setting need_resched or sigpending
506 # between sampling and the iret
507 TRACE_IRQS_OFF
508 movl TI_flags(%ebp), %ecx
509 testl $_TIF_ALLWORK_MASK, %ecx # current->work
510 jne syscall_exit_work
....
647 syscall_trace_entry:
648 movl $-ENOSYS,PT_EAX(%esp)
649 movl %esp, %eax
650 call syscall_trace_enter
651 /* What it returned is what we'll actually use. */
652 cmpl $(NR_syscalls), %eax
653 jnae syscall_call
654 jmp syscall_exit
655 END(syscall_trace_entry)
....
659 syscall_exit_work:
660 testl $_TIF_WORK_SYSCALL_EXIT, %ecx
661 jz work_pending
662 TRACE_IRQS_ON
663 ENABLE_INTERRUPTS(CLBR_ANY) # could let syscall_trace_leave() call
664 # schedule() instead
665 movl %esp, %eax
666 call syscall_trace_leave
667 jmp resume_userspace
as you can see:
if the process is traced line 496 jumps to syscall_trace_entry:
if syscall_trace_entry returns nonzero (line 652-654) jumps to syscall_exit (skipping the
system call) otherwise returns to syscall_call.
whatever is the return value of syscall_trace_enter, if the process is traced
(line 510: it jumps to syscall_exit_work) and then it will call syscall_trace_leave.
So I think we must replicate the same beavior for user-mode linux, too.
renzo
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-08-06 17:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-08-06 15:37 [uml-devel] [patch] 3.6rc1 tracehook Renzo Davoli
2012-08-06 16:05 ` Richard Weinberger
2012-08-06 17:03 ` Renzo Davoli
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.