lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAK1hOcNUgMne1Nh_GmU=+MygKu0uVV20jOLXX5ScWzDNafBqQA@mail.gmail.com>
Date:	Mon, 13 Jan 2014 14:35:27 +0100
From:	Denys Vlasenko <vda.linux@...glemail.com>
To:	Sergio Durigan Junior <sergiodj@...hat.com>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Oleg Nesterov <oleg@...hat.com>,
	Roland McGrath <roland@...k.frob.com>
Subject: Re: [RFC/PATCH] Implement new PTRACE_EVENT_SYSCALL_{ENTER,EXIT}

On Mon, Jan 6, 2014 at 11:52 PM, Sergio Durigan Junior
<sergiodj@...hat.com> wrote:
> The other nice thing that I have implemented is the ability to obtain
> the syscall number related to the event by using PTRACE_GET_EVENTMSG.
> This way, we don't need to inspect registers anymore when we want to
> know which syscall is responsible for this or that event.

OTOH, by fetching registers using just one ptrace call you
get a lot more data.
So, this isn't *that* useful -- the debuggers already know how to fetch
and interpret regs - but it is also a cheap change. Why not?


> -static inline int ptrace_report_syscall(struct pt_regs *regs)
> +static inline int ptrace_report_syscall(struct pt_regs *regs, int entry,
> +       unsigned int sysno)


This function looks ripe for de-inlining.


>  /* Wait extended result codes for the above trace options.  */
> -#define PTRACE_EVENT_FORK      1
> -#define PTRACE_EVENT_VFORK     2
> -#define PTRACE_EVENT_CLONE     3
> -#define PTRACE_EVENT_EXEC      4
> -#define PTRACE_EVENT_VFORK_DONE        5
> -#define PTRACE_EVENT_EXIT      6
> -#define PTRACE_EVENT_SECCOMP   7
> +#define PTRACE_EVENT_FORK              1
> +#define PTRACE_EVENT_VFORK             2
> +#define PTRACE_EVENT_CLONE             3
> +#define PTRACE_EVENT_EXEC              4
> +#define PTRACE_EVENT_VFORK_DONE                5
> +#define PTRACE_EVENT_EXIT              6
> +#define PTRACE_EVENT_SECCOMP           7
> +#define PTRACE_EVENT_SYSCALL_ENTER     8
> +#define PTRACE_EVENT_SYSCALL_EXIT      9
> +
>  /* Extended result codes which enabled by means other than options.  */
>  #define PTRACE_EVENT_STOP      128
>
> @@ -87,11 +90,13 @@ struct ptrace_peeksiginfo_args {
>  #define PTRACE_O_TRACEVFORKDONE        (1 << PTRACE_EVENT_VFORK_DONE)
>  #define PTRACE_O_TRACEEXIT     (1 << PTRACE_EVENT_EXIT)
>  #define PTRACE_O_TRACESECCOMP  (1 << PTRACE_EVENT_SECCOMP)
> +#define PTRACE_O_SYSCALL_ENTER (1 << PTRACE_EVENT_SYSCALL_ENTER)
> +#define PTRACE_O_SYSCALL_EXIT  (1 << PTRACE_EVENT_SYSCALL_EXIT)
>
>  /* eventless options */
>  #define PTRACE_O_EXITKILL      (1 << 20)
>
> -#define PTRACE_O_MASK          (0x000000ff | PTRACE_O_EXITKILL)
> +#define PTRACE_O_MASK          (0x00000fff | PTRACE_O_EXITKILL)


You added just two bits, why did you extend the mask by four bits?
IOW: shouldn't it be 0x00003ff instead?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ