Re: [RFC] [Patch 1/1] [Self Ptrace] System call notification with self_ptrace

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Pierre Morel <pmorel@linux.vnet.ibm.com>
To: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	linux-kernel@vger.kernel.org, Roland McGrath <roland@redhat.com>,
	Heiko Carstens <heicars2@linux.vnet.ibm.com>,
	sameske@linux.vnet.ibm.com,
	Martin Schwidefsky <schwidefsky@de.ibm.com>
Subject: Re: [RFC] [Patch 1/1] [Self Ptrace] System call notification with self_ptrace
Date: Thu, 28 Aug 2008 15:24:42 +0200	[thread overview]
Message-ID: <48B6A71A.9010305@linux.vnet.ibm.com> (raw)
In-Reply-To: <20080828123242.GA187@tv-sign.ru>

Oleg Nesterov wrote:
> On 08/28, Pierre Morel wrote:
>   
>> Oleg Nesterov wrote:
>>     
>>> On 08/27, Pierre Morel wrote:
>>>
>>>       
>>>> Oleg Nesterov wrote:
>>>>
>>>>
>>>>         
>>>>> On s390 the patch changes handle_signal(), this is not clear to me too.
>>>>>
>>>>>
>>>>>           
>>>> The patch clears the trace flags before delivering the signal so
>>>> that the signal handler can use system call without bouncing again.
>>>>
>>>>         
>>> Yes I see. But the signal handler for SIGSYS can fisrt do
>>> sys_ptrace(PTRACE_SELF_OFF) (which is filtered out), and then use any
>>> other syscall.
>>>
>>>       
>> It is right but brings the overhead of a syscall.
>>     
>
> Well, this overhead is very small compared to the signal delivery.
>   
May be, but very high compared to the operation to just
clear a flag in the task struct.
This operation must be done anyway.
>   
>>> With this patch PT_SELF is cleared on any signal. This doesn't look
>>> right. Let's suppose that another signal comes in parallel with SIGSYS.
>>> It is very possible that the handler for that another signal will be
>>> called first, this handler can do some syscall which will be "missed".
>>>
>>>       
>> If the tracing application catches all signals before delivering
>> them to the instrumented original handler there is no problem,
>> the catching code can reset PTRACE_SELF_ON before calling the
>> instrumented application's original handler.
>> The instrumented code will then bounce as expected.
>>     
>
> Sorry, can't understand the text above :(
>
> OK, let's suppose the application does
>
> 	ptrace(PTRACE_SELF_ON);
> 	...
> 	syscall();
>
> This "syscall()" above should trigger the handler for SIGSYS.
> But what if another signal (with handler) comes in between?
> In that case handle_signal() clears PT_SELF/TIF_SYSCALL_TRACE,
> this syscall() (or any other) doesn't send SIGSYS.
>   
ok, please read "set PTRACE_SELF_ON"
where I wrote "reset PTRACE_SELF_ON" above.

Now, suppose the application does the following:

sigsys_handler(sig)
{
....
ptrace(PTRACE_SELF_ON);
}

sigx_handler(sig)
{
....
ptrace(PTRACE_SELF_ON);
if (sig_has_a_handler)
call_the_handler()
ptrace(PTRACE_SELF_OFF);
...
ptrace(PTRACE_SELF_ON);
}

main(){
...
signal(SIGSYS, sigsys_handler);
for(i=0; i<MAXSIGS; i++)
signal(i, sigx_handler);
ptrace(PTRACE_SELF_ON);
jump_into_instrumented_code;
...
}

If the instrumented code ever does a call to
signal(2), the call will be received by sig_sys() handler,
where the call the application signal handler can be performed with
PTRACE_SELF_ON.
This implies appropriate instrumentation of signal(2) and sigaction(2).

Pierre

-- 
=============
Pierre Morel
RTOS and Embedded Linux

     prev parent reply	other threads:[~2008-08-28 13:29 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-25  7:34 [RFC] [Patch 1/1] [Self Ptrace] System call notification with self_ptrace Pierre Morel
2008-08-25 16:33 ` Dave Hansen
2008-08-26 12:33   ` Pierre Morel
2008-08-25 16:54 ` Oleg Nesterov
2008-08-26 14:04   ` Pierre Morel
2008-08-26 16:27     ` Oleg Nesterov
2008-08-27 14:32       ` Pierre Morel
2008-08-27 16:24         ` Oleg Nesterov
2008-08-28 12:03           ` Pierre Morel
2008-08-28 12:32             ` Oleg Nesterov
2008-08-28 13:24               ` Pierre Morel [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48B6A71A.9010305@linux.vnet.ibm.com \
    --to=pmorel@linux.vnet.ibm.com \
    --cc=akpm@linux-foundation.org \
    --cc=heicars2@linux.vnet.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=oleg@tv-sign.ru \
    --cc=roland@redhat.com \
    --cc=sameske@linux.vnet.ibm.com \
    --cc=schwidefsky@de.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox