> Yes. But we attach to parent->parent, not to parent == current.
Ah yes, I see your point.
> In short: ptrace_report_clone() should "copy" the tracing state from
> current to child when needed. And it should never attach if current
> is not traced.
Correct.
> In particular, this means that
>
> if (event || (clone_flags & CLONE_PTRACE)) {
> child_engine = utrace_attach_task(child, UTRACE_ATTACH_CREATE
> ...
>
> is not right. CLONE_PTRACE should be ignored unless task_ptrace(current).
Ok, well this is implicitly assuming that ptrace won't properly detach its
utrace engine when it should. In the case of PTRACE_DETACH, the tracee
(potential parent, here) must be stopped, so it cannot be forking at the
time. So you must be worried only about the exit_ptrace() case.
The code triggered from report_clone that adds the new child to the
tracer's tracees list has to synchronize with exit_ptrace() anyway. So
that logic should also cover setup/teardown of the utrace engine.
Thanks,
Roland
