lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110516155253.GA20624@htj.dyndns.org>
Date:	Mon, 16 May 2011 17:52:53 +0200
From:	Tejun Heo <tj@...nel.org>
To:	Oleg Nesterov <oleg@...hat.com>
Cc:	Denys Vlasenko <vda.linux@...glemail.com>,
	jan.kratochvil@...hat.com, linux-kernel@...r.kernel.org,
	torvalds@...ux-foundation.org, akpm@...ux-foundation.org,
	indan@....nu
Subject: Re: Ptrace documentation, draft #1

Hello,

I haven't read the whole thing yet but wanna comment on some.

On Mon, May 16, 2011 at 05:31:22PM +0200, Oleg Nesterov wrote:
> > Kernel delivers an extra SIGTRAP to tracee after execve syscall
> > returns. This is an ordinary signal (similar to one generated by kill
> > -TRAP), not a special kind of ptrace-stop. If PTRACE_O_TRACEEXEC option
> > is in effect, a PTRACE_EVENT_EXEC-stop is generated instead.
> >
> > ??? can this SIGTRAP be distinguished from "real" user-generated SIGTRAP
> >     by looking at its siginfo?
> 
> Afaics no. Well, except .si_pid shows that the signal was sent by the
> tracing process to itself.

If you do GETSIGINFO and look at si->si_code, user generated signals
can't have non-zero value there (assuming SETSIGINFO doesn't allow
uploading __SI_TRAP siginfo), so, if si->si_code contains SIGTRAP |
PTRACE_EVENT_* << 8, I think it reliably identifies a specific trap.
We probably want to add more PTRACE_EVENT_* so that each trap site can
be identified uniquely.  Note that the si_code is also returned as
exit_code on wait(2) and combined with CLD_TRAPPED ptrace traps should
be reliably identifiable.

> > Note that restarting ptrace commands issued in ptrace-stops other than
> > signal-delivery-stop do NOT inject a signal, even if sig is nonzero. No
> > error is reported either. This is a cause of confusion among ptrace
> > users.
> 
> Yes. Except syscall entry/exit. But in this case SET_SIGINFO doesn't work
> to add more confusion ;)

Yeah, I hate these signal injections.  Maybe we can remove these if
SEIZED?  Tracer might as well just do tkill().  I don't really see the
point of the signal injection feature.

> > Syscall-enter-stop and syscall-exit-stop are indistinguishable by
> > tracer.
> 
> Almost... at least on x86 rax = -ENOSYS in syscall-enter-stop.

We can add PTRACE_EVENT_* values if SEIZED.

> > 	ptrace(PTRACE_cmd, pid, 0, sig);
> > where cmd is CONT, DETACH, SYSCALL, SINGLESTEP, SYSEMU,
> > SYSEMU_SINGLESTEP. If tracee is in signal-delivery-stop, sig is the
> > signal to be injected. Otherwise, sig is ignored.
> 
> There is another special case. If the tracee single-stepps into the
> signal handler, it reports SIGTRAP as if it recieved this SIGNAL.
> But ptrace(PTRACE, ..., sig) doesn't inject after that.

Ditto as PTRACE_SYSCALL.  I think resuming from signal delivery trap
should be the only place where @data means signo.

> >     Is signal injected if they were in signal-delivery-stop?
> 
> Yes, The tracee resumes and handles the previously reported signal.

Please note that this one really isn't an injection.  It's just given
a chance to either suppress or alter a signal which is being
delivered.  It's not creating a new one.

Thank you.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ