* What is ptrace flag PT_TRACESYSGOOD for?
@ 2006-03-14 10:26 Chuck Ebbert
2006-03-14 14:01 ` Charles P. Wright
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Chuck Ebbert @ 2006-03-14 10:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Roland McGrath, Linus Torvalds
I am trying to document PTRACE_SETOPTIONS and I can't figure out what
the option PTRACE_O_TRACESYSGOOD is used for. Google is no help;
I can't find an explanation for _why_ it's there. All I can see is that
it causes ptrace() to deliver syscall stops with SIGTRAP | 0x80
instead of just SIGTRAP and it can be used with PTRACE_SYSEMU.
--
Chuck
"Penguins don't come from next door, they come from the Antarctic!"
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: What is ptrace flag PT_TRACESYSGOOD for?
2006-03-14 10:26 What is ptrace flag PT_TRACESYSGOOD for? Chuck Ebbert
@ 2006-03-14 14:01 ` Charles P. Wright
2006-03-14 20:00 ` Jeff Dike
2006-03-14 23:00 ` Pavel Machek
2 siblings, 0 replies; 5+ messages in thread
From: Charles P. Wright @ 2006-03-14 14:01 UTC (permalink / raw)
To: Chuck Ebbert; +Cc: linux-kernel, Roland McGrath, Linus Torvalds
On Tue, 2006-03-14 at 05:26 -0500, Chuck Ebbert wrote:
> I am trying to document PTRACE_SETOPTIONS and I can't figure out what
> the option PTRACE_O_TRACESYSGOOD is used for. Google is no help;
> I can't find an explanation for _why_ it's there. All I can see is that
> it causes ptrace() to deliver syscall stops with SIGTRAP | 0x80
> instead of just SIGTRAP and it can be used with PTRACE_SYSEMU.
Chuck,
The PTRACE_O_TRACESYSGOOD is useful, because it allows you to
differentiate between a standard SIGTRAP and a system call entry or
exit. For example, if you have a ptrace monitor and receive a SIGTRAP,
without O_SYSGOOD, it isn't clear if the kernel returned from wait (1)
because someone did kill -TRAP pid, or (2) the process was entering a
system call.
Charles
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: What is ptrace flag PT_TRACESYSGOOD for?
2006-03-14 10:26 What is ptrace flag PT_TRACESYSGOOD for? Chuck Ebbert
2006-03-14 14:01 ` Charles P. Wright
@ 2006-03-14 20:00 ` Jeff Dike
2006-03-14 23:00 ` Pavel Machek
2 siblings, 0 replies; 5+ messages in thread
From: Jeff Dike @ 2006-03-14 20:00 UTC (permalink / raw)
To: Chuck Ebbert; +Cc: linux-kernel, Roland McGrath, Linus Torvalds
On Tue, Mar 14, 2006 at 05:26:52AM -0500, Chuck Ebbert wrote:
> I am trying to document PTRACE_SETOPTIONS and I can't figure out what
> the option PTRACE_O_TRACESYSGOOD is used for.
It makes it easier to distinguish between the child receiving a
SIGTRAP and making a system call. On x86, without TRACESYSGOOD, you
can see if orig_eax == -1 to check for a real SIGTRAP. I'm not sure
about the other arches, but it's nice to have an arch-independent way
of doing it, even if there are equivalents in every arch.
Jeff
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: What is ptrace flag PT_TRACESYSGOOD for?
2006-03-14 10:26 What is ptrace flag PT_TRACESYSGOOD for? Chuck Ebbert
2006-03-14 14:01 ` Charles P. Wright
2006-03-14 20:00 ` Jeff Dike
@ 2006-03-14 23:00 ` Pavel Machek
2006-03-15 1:13 ` Jeff Dike
2 siblings, 1 reply; 5+ messages in thread
From: Pavel Machek @ 2006-03-14 23:00 UTC (permalink / raw)
To: Chuck Ebbert; +Cc: linux-kernel, Roland McGrath, Linus Torvalds
On Út 14-03-06 05:26:52, Chuck Ebbert wrote:
> I am trying to document PTRACE_SETOPTIONS and I can't figure out what
> the option PTRACE_O_TRACESYSGOOD is used for. Google is no help;
> I can't find an explanation for _why_ it's there. All I can see is that
> it causes ptrace() to deliver syscall stops with SIGTRAP | 0x80
> instead of just SIGTRAP and it can be used with PTRACE_SYSEMU.
Yes.. and unless you deliver ptrace() syscall stops with different
signal, you can't tell difference between syscall stop and real
SIGTRAP.
See subterfugue.org for example user.
Basically we'd like all the new users to set PTRACE_O_TRACESYSGOOD.
Pavel
--
181:
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: What is ptrace flag PT_TRACESYSGOOD for?
2006-03-14 23:00 ` Pavel Machek
@ 2006-03-15 1:13 ` Jeff Dike
0 siblings, 0 replies; 5+ messages in thread
From: Jeff Dike @ 2006-03-15 1:13 UTC (permalink / raw)
To: Pavel Machek; +Cc: Chuck Ebbert, linux-kernel, Roland McGrath, Linus Torvalds
On Wed, Mar 15, 2006 at 12:00:56AM +0100, Pavel Machek wrote:
> Yes.. and unless you deliver ptrace() syscall stops with different
> signal, you can't tell difference between syscall stop and real
> SIGTRAP.
You can, but you have to examine registers in order to do this. This
is a concern when running gdb inside UML. gdb breakpoints will cause
real SIGTRAPs, while system calls cause synthetic ones. Before
switching to TRACESYS_GOOD, UML examined orig_eax to distinguish
between them.
Jeff
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2006-03-15 1:12 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-14 10:26 What is ptrace flag PT_TRACESYSGOOD for? Chuck Ebbert
2006-03-14 14:01 ` Charles P. Wright
2006-03-14 20:00 ` Jeff Dike
2006-03-14 23:00 ` Pavel Machek
2006-03-15 1:13 ` Jeff Dike
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox