On Sun, Jan 31, 2021 at 3:36 PM Andy Lutomirski <l...@amacapital.net> wrote: > > The odd system call tracing part I have no idea who depends on it > > (apparently "rr", which I assume is some replay thing), and I suspect > > our semantics for it has been basically random historical one, and > > it's apparently what changed. > > > > That's the one that we _really_ should have a test-case for, along > > with some documentation and code comment what the actual semantics > > need to be so that we don't break it again. > > This rr thing may be tangled up with the nonsense semantics of SYSRET. I’ll > muck around with Kyle’s test and try to figure out what broke. > > I’m guessing the issue is that we are correctly setting TF in the EFLAGS > image, but IRET helpfully only traps after the first user insn executes, > which isn’t what the tracer is expects.
The state of TF shouldn't really matter here. There should be no user space code execution in the example I gave. This behavior all happens in the kernel and not on the silicon. - Kyle
