Page MenuHomeFreeBSD
Differential D32367

linux: implement PTRACE_EVENT_EXEC
AbandonedPublic
Actions

Authored by trasz on Oct 8 2021, 12:55 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Apr 19, 11:53 AM
Unknown Object (File)
Sun, Apr 7, 10:12 PM
Unknown Object (File)
Mar 18 2024, 8:12 PM
Unknown Object (File)
Feb 11 2024, 9:32 AM
Unknown Object (File)
Jan 30 2024, 10:44 PM
Unknown Object (File)
Dec 22 2023, 1:28 PM
Unknown Object (File)
Dec 20 2023, 3:18 AM
Unknown Object (File)
Dec 16 2023, 4:51 PM
View All 26 Files
Subscribers
emaste
imp

Details

Reviewers
jhb
kib
Group Reviewers
Linux Emulation
Commits
rGfc36cd43fd7f: linux: implement PTRACE_EVENT_EXEC
rG6e66030c4c05: linux: implement PTRACE_EVENT_EXEC
Summary

This fixes strace(1) from Ubuntu Focal.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

trasz created this revision.Oct 8 2021, 12:55 PM
Herald added subscribers: emaste, imp. · View Herald TranscriptOct 8 2021, 12:55 PM
trasz requested review of this revision.Oct 8 2021, 12:55 PM
Harbormaster completed remote builds in B42023: Diff 96470.Oct 8 2021, 12:55 PM
trasz added reviewers: Linux Emulation, jhb, kib.Oct 8 2021, 1:01 PM
trasz mentioned this in D30457: linuxulator: Some ptrace fixes...
kib added inline comments.Oct 9 2021, 7:02 PM
sys/kern/subr_syscall.c
284

TDB_EXEC is cleared two lines below

285

Doesn't it result in two ptracestop()s generated for TDB_EXEC/SV_ABI_LINUX targets?

trasz added inline comments.Oct 10 2021, 4:38 PM
sys/kern/subr_syscall.c
284

Yes, but I don't want this flag set during the second ptracestop().

285

Yes, that's the whole purpose of this patch. I agree it's weird, that's why I've added a comment :-)

trasz added a comment.Oct 10 2021, 4:40 PM

The reason why I don't want this flag set during the second ptracestop() is that I don't want to return LINUX_PTRACE_EVENT_EXEC on the second stop.

jhb added a comment.Oct 11 2021, 8:56 PM

Can you describe what the two stops are? Is it one stop for syscall exit and a second for exec? If so, I think this isn't quite doing what you want. I think the first stop will report (LINUX_SIGTRAP | (0x80 | LINUX_PTRACE_EXEC_EVENT) << 8) << 8 and the second stop will report (LINUX_SIGTRAP | 0x80 << 8) << 8. I think you'd want to change the linux_ptrace bits to ignore SCX if EXEC is set?

sys/kern/subr_syscall.c
279
trasz updated this revision to Diff 96982.Oct 17 2021, 10:13 AM

Emit those in the right order.

Harbormaster completed remote builds in B42185: Diff 96982.Oct 17 2021, 10:14 AM
trasz added a comment.Oct 17 2021, 10:14 AM
In D32367#732149, @jhb wrote:

Can you describe what the two stops are? Is it one stop for syscall exit and a second for exec? If so, I think this isn't quite doing what you want. I think the first stop will report (LINUX_SIGTRAP | (0x80 | LINUX_PTRACE_EXEC_EVENT) << 8) << 8 and the second stop will report (LINUX_SIGTRAP | 0x80 << 8) << 8. I think you'd want to change the linux_ptrace bits to ignore SCX if EXEC is set?

One is for exec, the other is for syscall return. And yeah, those were wrong.

trasz added a comment.Oct 17 2021, 12:20 PM
In D32367#732149, @jhb wrote:

Can you describe what the two stops are? Is it one stop for syscall exit and a second for exec? If so, I think this isn't quite doing what you want. I think the first stop will report (LINUX_SIGTRAP | (0x80 | LINUX_PTRACE_EXEC_EVENT) << 8) << 8 and the second stop will report (LINUX_SIGTRAP | 0x80 << 8) << 8. I think you'd want to change the linux_ptrace bits to ignore SCX if EXEC is set?

One is for exec, the other is for syscall return. And yeah, those were wrong; should be fine now.

jhb accepted this revision.Oct 19 2021, 6:02 PM
jhb added inline comments.
sys/kern/subr_syscall.c
260

Maybe tweak this comment a bit to say something like:

/*
  * Linux debuggers expect an additional stop for exec,
  * between the usual syscall entry and exit.  Raise the
  * exec event now and then clear TDB_EXEC so that
  * the next stop is reported as a syscall exit by
  * linux_ptrace_status().
  */
This revision is now accepted and ready to land.Oct 19 2021, 6:02 PM
kib added a comment.Oct 22 2021, 7:58 PM

BTW, why cannot this be done somewhere in linux_on_exec(), or similar place?

What should the behavior be when process either enters linux ABI or leaves it, instead of simple case of linux binary execing linux binary?

trasz added a comment.Oct 23 2021, 9:17 AM
In D32367#736014, @kib wrote:

BTW, why cannot this be done somewhere in linux_on_exec(), or similar place?

Because it runs too early. This needs to happen after the threads in the execve-ing process are terminated, and do_execve() calls Linux-specific code at the very beginning.

What should the behavior be when process either enters linux ABI or leaves it, instead of simple case of linux binary execing linux binary?

Interesting question. No idea, I'm afraid. I don't think Linux debuggers can handle non-Linux binaries.

Closed by commit rG6e66030c4c05: linux: implement PTRACE_EVENT_EXEC (authored by trasz). · Explain WhyOct 23 2021, 6:46 PM
This revision was automatically updated to reflect the committed changes.
trasz added a commit: rG6e66030c4c05: linux: implement PTRACE_EVENT_EXEC.
trasz reopened this revision.Oct 24 2021, 6:37 PM

Okay, so as usual Konstantin is right: the patch is wrong, in that it adds an extra stop even if the ptracing process is native, not Linux. This needs to be fixed.

Do I remember right that a process can only have at most one ptracing process? And if so - is there a reasonable way to determine the ptracer's ABI?

kib added a comment.Oct 24 2021, 8:25 PM
In D32367#736440, @trasz wrote:

Do I remember right that a process can only have at most one ptracing process? And if so - is there a reasonable way to determine the ptracer's ABI?

If there is a tracer, it is p->p_pptr. Lock order is PROC_LOCK(p) before PROC_LOCK(p->p_pptr).

trasz abandoned this revision.Oct 29 2021, 10:34 AM

Thanks! See https://reviews.freebsd.org/D32726.

trasz added a commit: rGfc36cd43fd7f: linux: implement PTRACE_EVENT_EXEC.Feb 21 2022, 1:51 PM

Revision Contents
Changeset List

PathSize
sys/
amd64/
linux/
9 lines
kern/
12 lines

Diff 97337

View Options

sys/amd64/linux/linux_ptrace.c

Loading...
View Options

sys/kern/subr_syscall.c

Loading...