Re: [RFC] [Patch 1/1] [Self Ptrace] System call notification with self_ptrace

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pierre Morel <pmorel@linux.vnet.ibm.com>
To: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	linux-kernel@vger.kernel.org, Roland McGrath <roland@redhat.com>,
	Heiko Carstens <heicars2@linux.vnet.ibm.com>,
	sameske@linux.vnet.ibm.com,
	Martin Schwidefsky <schwidefsky@de.ibm.com>
Subject: Re: [RFC] [Patch 1/1] [Self Ptrace] System call notification with self_ptrace
Date: Thu, 28 Aug 2008 15:24:42 +0200	[thread overview]
Message-ID: <48B6A71A.9010305@linux.vnet.ibm.com> (raw)
In-Reply-To: <20080828123242.GA187@tv-sign.ru>

Oleg Nesterov wrote:
> On 08/28, Pierre Morel wrote:
>   
>> Oleg Nesterov wrote:
>>     
>>> On 08/27, Pierre Morel wrote:
>>>
>>>       
>>>> Oleg Nesterov wrote:
>>>>
>>>>
>>>>         
>>>>> On s390 the patch changes handle_signal(), this is not clear to me too.
>>>>>
>>>>>
>>>>>           
>>>> The patch clears the trace flags before delivering the signal so
>>>> that the signal handler can use system call without bouncing again.
>>>>
>>>>         
>>> Yes I see. But the signal handler for SIGSYS can fisrt do
>>> sys_ptrace(PTRACE_SELF_OFF) (which is filtered out), and then use any
>>> other syscall.
>>>
>>>       
>> It is right but brings the overhead of a syscall.
>>     
>
> Well, this overhead is very small compared to the signal delivery.
>   
May be, but very high compared to the operation to just
clear a flag in the task struct.
This operation must be done anyway.
>   
>>> With this patch PT_SELF is cleared on any signal. This doesn't look
>>> right. Let's suppose that another signal comes in parallel with SIGSYS.
>>> It is very possible that the handler for that another signal will be
>>> called first, this handler can do some syscall which will be "missed".
>>>
>>>       
>> If the tracing application catches all signals before delivering
>> them to the instrumented original handler there is no problem,
>> the catching code can reset PTRACE_SELF_ON before calling the
>> instrumented application's original handler.
>> The instrumented code will then bounce as expected.
>>     
>
> Sorry, can't understand the text above :(
>
> OK, let's suppose the application does
>
> 	ptrace(PTRACE_SELF_ON);
> 	...
> 	syscall();
>
> This "syscall()" above should trigger the handler for SIGSYS.
> But what if another signal (with handler) comes in between?
> In that case handle_signal() clears PT_SELF/TIF_SYSCALL_TRACE,
> this syscall() (or any other) doesn't send SIGSYS.
>   
ok, please read "set PTRACE_SELF_ON"
where I wrote "reset PTRACE_SELF_ON" above.

Now, suppose the application does the following:

sigsys_handler(sig)
{
....
ptrace(PTRACE_SELF_ON);
}

sigx_handler(sig)
{
....
ptrace(PTRACE_SELF_ON);
if (sig_has_a_handler)
call_the_handler()
ptrace(PTRACE_SELF_OFF);
...
ptrace(PTRACE_SELF_ON);
}

main(){
...
signal(SIGSYS, sigsys_handler);
for(i=0; i<MAXSIGS; i++)
signal(i, sigx_handler);
ptrace(PTRACE_SELF_ON);
jump_into_instrumented_code;
...
}

If the instrumented code ever does a call to
signal(2), the call will be received by sig_sys() handler,
where the call the application signal handler can be performed with
PTRACE_SELF_ON.
This implies appropriate instrumentation of signal(2) and sigaction(2).

Pierre

-- 
=============
Pierre Morel
RTOS and Embedded Linux

     prev parent reply	other threads:[~2008-08-28 13:29 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-25  7:34 [RFC] [Patch 1/1] [Self Ptrace] System call notification with self_ptrace Pierre Morel
2008-08-25 16:33 ` Dave Hansen
2008-08-26 12:33   ` Pierre Morel
2008-08-25 16:54 ` Oleg Nesterov
2008-08-26 14:04   ` Pierre Morel
2008-08-26 16:27     ` Oleg Nesterov
2008-08-27 14:32       ` Pierre Morel
2008-08-27 16:24         ` Oleg Nesterov
2008-08-28 12:03           ` Pierre Morel
2008-08-28 12:32             ` Oleg Nesterov
2008-08-28 13:24               ` Pierre Morel [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48B6A71A.9010305@linux.vnet.ibm.com \
    --to=pmorel@linux.vnet.ibm.com \
    --cc=akpm@linux-foundation.org \
    --cc=heicars2@linux.vnet.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=oleg@tv-sign.ru \
    --cc=roland@redhat.com \
    --cc=sameske@linux.vnet.ibm.com \
    --cc=schwidefsky@de.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.