From: Alejandro Colomar <alx.manpages@gmail.com>
To: Sergei Zhirikov <sfzhi@yahoo.com>, Oleg Nesterov <oleg@redhat.com>
Cc: linux-man@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>
Subject: Re: Checking for support of ptrace(PTRACE_SEIZE,...) on older kernels
Date: Fri, 14 Apr 2023 21:53:22 +0200 [thread overview]
Message-ID: <0d95a96b-dd49-db45-ab3c-1d9cee51381d@gmail.com> (raw)
In-Reply-To: <997950238.3486335.1681414225118@mail.yahoo.com>
[-- Attachment #1.1: Type: text/plain, Size: 2061 bytes --]
Hi Sergei,
On 4/13/23 21:30, Sergei Zhirikov wrote:
> Hello,
>
> I've been studying the ptrace(2) man page and experimenting with ptrace() recently and came across this unexpected aspect of its behavior that I think would be good to have documented.
>
> I would like to use PTRACE_SEIZE in my project because of the advantages it offers, but I would also like to support kernels older than 3.4 (where it was fully introduced). My thinking was that I would call ptrace(PTRACE_SEIZE, ...) and if it fails with the appropriate error code indicating that it's not supported I would fall back to PTRACE_ATTACH. That is where a little surprise was waiting for me. According to the man page, ptrace will fail with errno=EIO if called with an invalid request code. Logically, that was the error code I expected to get when PTRACE_SEIZE is not supported. In reality I got ESRCH instead. In my attempts to make sense of it I had to resort to reading the kernel source. Apparently, the logic in the kernel ( https://elixir.bootlin.com/linux/v3.0.101/source/kernel/ptrace.c#L944 ) seems to assume that any request other than PTRACE_ATTACH must come for an already existing tracee. So it proceeds to look for such a tracee (by calling ptrace_check_attach) before trying to interpret the request code. Obviously, in case of PTRACE_SEIZE, the target process/thread is not being traced yet, so ESRCH is returned. As far as I can tell by looking at the source code, that will happen for any request code (with a couple of exceptions), valid or otherwise. The relevant piece of logic seems to remain unchanged to this day, so this isn't just a problem with an ancient kernel that nobody cares about. I am not sure whether this behavior is intentional (I would guess it's not), but in any case it's probably good to have it documented in the man page.
I've added some CCs. Feel free to send a patch.
Cheers,
Alex
>
> Thanks and regards,
> Sergei.
--
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next parent reply other threads:[~2023-04-14 19:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <997950238.3486335.1681414225118.ref@mail.yahoo.com>
[not found] ` <997950238.3486335.1681414225118@mail.yahoo.com>
2023-04-14 19:53 ` Alejandro Colomar [this message]
2023-04-17 11:50 ` Checking for support of ptrace(PTRACE_SEIZE,...) on older kernels Oleg Nesterov
2023-04-17 18:46 ` Alejandro Colomar
2023-04-18 7:54 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0d95a96b-dd49-db45-ab3c-1d9cee51381d@gmail.com \
--to=alx.manpages@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=sfzhi@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox