From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65970C433EF for ; Fri, 19 Nov 2021 16:58:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2A1E961213 for ; Fri, 19 Nov 2021 16:58:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236345AbhKSRBo (ORCPT ); Fri, 19 Nov 2021 12:01:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37758 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236126AbhKSRBm (ORCPT ); Fri, 19 Nov 2021 12:01:42 -0500 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1759C061756 for ; Fri, 19 Nov 2021 08:58:40 -0800 (PST) Received: by mail-ed1-x52b.google.com with SMTP id g14so45308438edb.8 for ; Fri, 19 Nov 2021 08:58:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kylehuey.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ErEg5lH429+YsanJojZrUh0d3Z7cACpSQZvZBHsD9aM=; b=gHr/2RgEtdOpErOyPDZJcCcSeofSSueWvK1Gfx8uT/hKpyS19T+uOdZRQndugSs/JL KUgewbkMC1HIXARDMGn/NhLLyYOcArTvlm0XSfpZnx468ig2jb1/IwKczWH2d+MDGlvv SbV4gwUgLZ4ZflXxnrD5a5v8CRg1Maib65SwwknmkSoOMLMGzQtaGyrqSbxacY7ZZGLY LhSL2UK6eqbSa/NpDeESxZNHOxkKHgCWECMr7xpyIJ1+RnNTHOScEG36IeoaaiYFT28w zyuiDH/3ReGX3xplGxCk/+zuQEwa9nIf46f6Kw5v/QhIjqHrJ1oWcm97n9ux2SYWpGQz dA3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ErEg5lH429+YsanJojZrUh0d3Z7cACpSQZvZBHsD9aM=; b=u3PAVRyxZ6Q/1Tius2cgcXdpHTf+D3+aFLkfK3+1Cq/IOIDX8ButXIA6m6qUPnS2H9 0MphwnXsYKhICrtz9fLlpcrls2LgRf7q9mfSDcdjyIjNzjSRVVc4hE6jnzyazaWrin/k 0rFCmlG3Ywk72mLy3BZZcDr1gc+9KR+M/tQM+DjqBjiBMTsFaByd7SgnzAfsmLZexhzO OafRgp5JttRrFpxlt0HehN2LlVdSt9Tvds9XW+UqEsSP/mztYWUz9ATVtJDiKu2NPl3j MLUEKLoMQ7TZujjf+2ryVY+PHmRLyQ+ii0nBJ/iZOQkDuTGsatCkVXPg8IsDO9vcTdcH yqwQ== X-Gm-Message-State: AOAM530hlvAzNXzN6ORcp2DQHmz0622QkPmoKiGYEnyYmDvsV2FGZOiK TUwYCk4p6XVKC6STpIt1r+ofMomAb/XUbpEqmzgH2A== X-Google-Smtp-Source: ABdhPJwjwYFQF5TH1tiK/c/KeHtkYUZ2Q17dm1zRuaodp9PMZ8lS3WsNKveiq1lhKT/gzcOUbADx50wPsTEZO1po6ic= X-Received: by 2002:a17:906:4791:: with SMTP id cw17mr9656058ejc.493.1637341119226; Fri, 19 Nov 2021 08:58:39 -0800 (PST) MIME-Version: 1.0 References: <87k0h6334w.fsf@email.froward.int.ebiederm.org> <202111171341.41053845C3@keescook> <202111171728.D85A4E2571@keescook> <875ysp1m39.fsf@email.froward.int.ebiederm.org> <202111190829.C0B365D4@keescook> In-Reply-To: <202111190829.C0B365D4@keescook> From: Kyle Huey Date: Fri, 19 Nov 2021 08:58:24 -0800 Message-ID: Subject: Re: [REGRESSION] 5.16rc1: SA_IMMUTABLE breaks debuggers To: Kees Cook Cc: "Eric W. Biederman" , Linus Torvalds , Andrea Righi , Shuah Khan , Alexei Starovoitov , Andy Lutomirski , Will Drewry , "open list:KERNEL SELFTEST FRAMEWORK" , bpf , open list , linux-hardening@vger.kernel.org, "Robert O'Callahan" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 19, 2021 at 8:36 AM Kees Cook wrote: > > On Fri, Nov 19, 2021 at 08:07:36AM -0800, Kyle Huey wrote: > > On Thu, Nov 18, 2021 at 8:12 AM Eric W. Biederman wrote: > > > Kyle thank you for your explanation of what breaks. For future kernels > > > I do need to do some work in this area and I will copy on the patches > > > going forward. In particular I strongly suspect that changing the > > > sigaction and blocked state of the signal for these synchronous signals > > > is the wrong thing to do, especially if the process is not killed. I > > > want to find another solution that does not break things but that also > > > does not change the program state behind the programs back so things > > > work differently under the debugger. > > > > The heads up in the future is appreciated, thanks. > > Yeah, I wonder if we could add you as a Reviewer in the MAINTAINERS file > for ptrace/signal stuff? Then anyone using scripts/get_maintainers.pl > would have a CC to you added. I don't object to that. I guess we'll see how manageable the email load is. > Also, are there more instructions about running the rr tests? When the > execve refactoring was happening, I tried it[1], but the results were > unclear (there seemed to be a lot of warnings and it made me think I'd > done something wrong on my end). It's a standard cmake test suite. The easiest way to run it is just to run `make check`, wait a while, and see what gets printed out at the end as failing. There's a couple thousand tests that run and they print all sorts of output ... some of them even crash intentionally to make sure we can record specific types of crashes, so the ctest pass/fail output at the very end is the only reliable indicator. If you have specific issues you're seeing I'm happy to follow up here or off list. - Kyle > -Kees > > [1] https://github.com/rr-debugger/rr/wiki/Building-And-Installing#tests > > -- > Kees Cook