On 11/07, Elvira Khabirova wrote: > > In short, if a 64-bit task performs a syscall through int 0x80, its tracer > has no reliable means to find out that the syscall was, in fact, > a compat syscall, and misidentifies it. > * Syscall-enter-stop and syscall-exit-stop look the same for the tracer.
Yes, this was discussed many times... So perhaps it makes sense to encode compat/is_enter in ->ptrace_message, debugger can use PTRACE_GETEVENTMSG to get this info. > Secondly, ptracers also have to support a lot of arch-specific code for > obtaining information about the tracee. For some architectures, this > requires a ptrace(PTRACE_PEEKUSER, ...) invocation for every syscall > argument and return value. I am not sure about this change... I won't really argue, but imo this needs a separate patch. > +#define PT_IN_SYSCALL_STOP 0x00000004 /* task is in a syscall-stop */ ... > -static inline int ptrace_report_syscall(struct pt_regs *regs) > +static inline int ptrace_report_syscall(struct pt_regs *regs, > + unsigned long message) > { > int ptrace = current->ptrace; > > if (!(ptrace & PT_PTRACED)) > return 0; > + current->ptrace |= PT_IN_SYSCALL_STOP; > > + current->ptrace_message = message; > ptrace_notify(SIGTRAP | ((ptrace & PT_TRACESYSGOOD) ? 0x80 : 0)); > > /* > @@ -76,6 +79,7 @@ static inline int ptrace_report_syscall(struct pt_regs > *regs) > current->exit_code = 0; > } > > + current->ptrace &= ~PT_IN_SYSCALL_STOP; > return fatal_signal_pending(current); ... > + case PTRACE_GET_SYSCALL_INFO: > + if (child->ptrace & PT_IN_SYSCALL_STOP) > + ret = ptrace_get_syscall(child, datavp); > + break; Why? If debugger uses PTRACE_O_TRACESYSGOOD it can know if the tracee reported syscall entry/exit or not. PTRACE_GET_SYSCALL_INFO is pointless if not, but nothing bad can happen. Oleg.