lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 7 Nov 2018 19:12:44 +0300
From:   "Dmitry V. Levin" <ldv@...linux.org>
To:     Oleg Nesterov <oleg@...hat.com>
Cc:     Elvira Khabirova <lineprinter@...linux.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...nel.org>,
        Andy Lutomirski <luto@...nel.org>,
        Eugene Syromyatnikov <esyr@...hat.com>,
        linux-kernel@...r.kernel.org, strace-devel@...ts.strace.io
Subject: Re: [RFC PATCH] ptrace: add PTRACE_GET_SYSCALL_INFO request

On Wed, Nov 07, 2018 at 12:21:01PM +0100, Oleg Nesterov wrote:
> On 11/07, Elvira Khabirova wrote:
> >
> > In short, if a 64-bit task performs a syscall through int 0x80, its tracer
> > has no reliable means to find out that the syscall was, in fact,
> > a compat syscall, and misidentifies it.
> > * Syscall-enter-stop and syscall-exit-stop look the same for the tracer.
> 
> Yes, this was discussed many times...
> 
> So perhaps it makes sense to encode compat/is_enter in ->ptrace_message,
> debugger can use PTRACE_GETEVENTMSG to get this info.

This would mean for the debugger an extra syscall invocation for each
syscall stop.  When strace doesn't have to fetch memory, it invokes three
syscalls per syscall stop (wait4, PTRACE_GETREGSET, and PTRACE_SYSCALL).
We definitely want to avoid adding PTRACE_GETEVENTMSG on top of that.


-- 
ldv

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ