a method to distinguish between syscall-enter/exit-stop

[PATCH v5 0/5] x86: two-phase syscall tracing and seccomp fastpath · Andy Lutomirski <luto@amacapital.net> · 2014-09-05
[PATCH v5 1/5] x86,x32,audit: Fix x32's AUDIT_ARCH wrt audit · Andy Lutomirski <luto@amacapital.net> · 2014-09-05
[PATCH v5 2/5] x86,entry: Only call user_exit if TIF_NOHZ · Andy Lutomirski <luto@amacapital.net> · 2014-09-05
[PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Andy Lutomirski <luto@amacapital.net> · 2014-09-05
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Dmitry V. Levin <hidden> · 2015-02-05
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Kees Cook <hidden> · 2015-02-05
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Dmitry V. Levin <hidden> · 2015-02-05
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Andy Lutomirski <luto@amacapital.net> · 2015-02-05
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Kees Cook <hidden> · 2015-02-05
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Dmitry V. Levin <hidden> · 2015-02-05
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Kees Cook <hidden> · 2015-02-05
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Andy Lutomirski <luto@amacapital.net> · 2015-02-06
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Dmitry V. Levin <hidden> · 2015-02-06
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Andy Lutomirski <luto@amacapital.net> · 2015-02-06
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Kees Cook <hidden> · 2015-02-06
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Andy Lutomirski <luto@amacapital.net> · 2015-02-06
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Kees Cook <hidden> · 2015-02-06
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Andy Lutomirski <luto@amacapital.net> · 2015-02-06
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Kees Cook <hidden> · 2015-02-06
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · Andy Lutomirski <luto@amacapital.net> · 2015-02-06
Re: a method to distinguish between syscall-enter/exit-stop · Dmitry V. Levin <hidden> · 2015-02-06
Re: a method to distinguish between syscall-enter/exit-stop · Kees Cook <hidden> · 2015-02-07
Re: a method to distinguish between syscall-enter/exit-stop · Dmitry V. Levin <hidden> · 2015-02-07
Re: [PATCH v5 3/5] x86: Split syscall_trace_enter into two phases · "H. Peter Anvin" <hpa@zytor.com> · 2015-02-06
[PATCH v5 4/5] x86_64,entry: Treat regs->ax the same in fastpath and slowpath syscalls · Andy Lutomirski <luto@amacapital.net> · 2014-09-05
[PATCH v5 5/5] x86_64,entry: Use split-phase syscall_trace_enter for 64-bit syscalls · Andy Lutomirski <luto@amacapital.net> · 2014-09-05
Re: [PATCH v5 0/5] x86: two-phase syscall tracing and seccomp fastpath · Kees Cook <hidden> · 2014-09-08
Re: [PATCH v5 0/5] x86: two-phase syscall tracing and seccomp fastpath · "H. Peter Anvin" <hpa@zytor.com> · 2014-09-08

From: Dmitry V. Levin <hidden>
Date: 2015-02-06 23:17:24
Also in: linux-arch, linux-mips, lkml

On Fri, Feb 06, 2015 at 12:07:03PM -0800, Kees Cook wrote:

On Fri, Feb 6, 2015 at 11:32 AM, Andy Lutomirski [off-list ref] wrote:

quoted

On Fri, Feb 6, 2015 at 11:23 AM, Kees Cook [off-list ref] wrote:

[...]

quoted

And an unrelated thought:

3) Can't we find some way to fix the inability of a ptracer to
distinguish between syscall-enter-stop and syscall-exit-stop?

Couldn't we add PTRACE_O_TRACESYSENTRY and PTRACE_O_TRACESYSEXIT along
the lines of PTRACE_O_TRACESYSGOOD?

That might be a nice idea. I haven't written a test to see, but what
does PTRACE_GETEVENTMSG return on syscall-enter/exit-stop?

The value returned by PTRACE_GETEVENTMSG is the value set along with the
latest PTRACE_EVENT_*.
In case of syscall-enter/exit-stop (which is not a PTRACE_EVENT_*),
there is no particular value set for PTRACE_GETEVENTMSG.


-- 
ldv

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help