lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <m31u0466wm.fsf@redhat.com>
Date:	Sun, 19 Jan 2014 00:29:29 -0200
From:	Sergio Durigan Junior <sergiodj@...hat.com>
To:	Denys Vlasenko <vda.linux@...glemail.com>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Oleg Nesterov <oleg@...hat.com>,
	Roland McGrath <roland@...k.frob.com>
Subject: Re: [RFC/PATCH] Implement new PTRACE_EVENT_SYSCALL_{ENTER,EXIT}

On Monday, January 13 2014, Denys Vlasenko wrote:

> On Mon, Jan 6, 2014 at 11:52 PM, Sergio Durigan Junior
> <sergiodj@...hat.com> wrote:
>> The other nice thing that I have implemented is the ability to obtain
>> the syscall number related to the event by using PTRACE_GET_EVENTMSG.
>> This way, we don't need to inspect registers anymore when we want to
>> know which syscall is responsible for this or that event.
>
> OTOH, by fetching registers using just one ptrace call you
> get a lot more data.
> So, this isn't *that* useful -- the debuggers already know how to fetch
> and interpret regs - but it is also a cheap change. Why not?

Thanks for the review, and sorry for the delay in answering.

I hope I have already touched this point in my other message to Oleg,
about making a single interface for all targets supported by the Linux
kernel and GDB, thus enabling them to obtain this information directly
from Linux instead of having to go and fetch the regs by themselves.

>> -static inline int ptrace_report_syscall(struct pt_regs *regs)
>> +static inline int ptrace_report_syscall(struct pt_regs *regs, int entry,
>> +       unsigned int sysno)
>
>
> This function looks ripe for de-inlining.

Done.

>>  /* Wait extended result codes for the above trace options.  */
>> -#define PTRACE_EVENT_FORK      1
>> -#define PTRACE_EVENT_VFORK     2
>> -#define PTRACE_EVENT_CLONE     3
>> -#define PTRACE_EVENT_EXEC      4
>> -#define PTRACE_EVENT_VFORK_DONE        5
>> -#define PTRACE_EVENT_EXIT      6
>> -#define PTRACE_EVENT_SECCOMP   7
>> +#define PTRACE_EVENT_FORK              1
>> +#define PTRACE_EVENT_VFORK             2
>> +#define PTRACE_EVENT_CLONE             3
>> +#define PTRACE_EVENT_EXEC              4
>> +#define PTRACE_EVENT_VFORK_DONE                5
>> +#define PTRACE_EVENT_EXIT              6
>> +#define PTRACE_EVENT_SECCOMP           7
>> +#define PTRACE_EVENT_SYSCALL_ENTER     8
>> +#define PTRACE_EVENT_SYSCALL_EXIT      9
>> +
>>  /* Extended result codes which enabled by means other than options.  */
>>  #define PTRACE_EVENT_STOP      128
>>
>> @@ -87,11 +90,13 @@ struct ptrace_peeksiginfo_args {
>>  #define PTRACE_O_TRACEVFORKDONE        (1 << PTRACE_EVENT_VFORK_DONE)
>>  #define PTRACE_O_TRACEEXIT     (1 << PTRACE_EVENT_EXIT)
>>  #define PTRACE_O_TRACESECCOMP  (1 << PTRACE_EVENT_SECCOMP)
>> +#define PTRACE_O_SYSCALL_ENTER (1 << PTRACE_EVENT_SYSCALL_ENTER)
>> +#define PTRACE_O_SYSCALL_EXIT  (1 << PTRACE_EVENT_SYSCALL_EXIT)
>>
>>  /* eventless options */
>>  #define PTRACE_O_EXITKILL      (1 << 20)
>>
>> -#define PTRACE_O_MASK          (0x000000ff | PTRACE_O_EXITKILL)
>> +#define PTRACE_O_MASK          (0x00000fff | PTRACE_O_EXITKILL)
>
>
> You added just two bits, why did you extend the mask by four bits?
> IOW: shouldn't it be 0x00003ff instead?

No particular reason, I just didn't give it much thinking.  But thanks
for pointing that out, I've changed it.

-- 
Sergio
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ