On 09/17, Roland McGrath wrote:
>
> > If the tracee enters PTRACE_EVENT_EXEC stop without TIF_SYSCALL_TRACE
> > and then the tracer does ptrace(PTRACE_SYSCALL), we should report
> > SYSCALL_EXIT event.
>
> Indeed. But note that without PTRACE_O_TRACEEXEC, we do not have an "event
> stop", but just send ourselves a normal signal.
Yes,
> In that case, a
> PTRACE_SYSCALL resuming from the entry stop for execve will hit the exit
> stop first (just like any other syscall), and then dequeue the signal.
Confused... Do you think something is wrong with the current code?
Yes, without PTRACE_O_TRACEEXEC ptrace_report_exec() doesn't push the
event, it sends SIGTRAP to itself. This signal will be reported after
SYSCALL_EXIT (if we were resumed by PTRACE_SYSCALL after SYSCAL_ENTRY).
IOW, I assume this test-case
int main(void)
{
int pid, stat;
pid = fork();
if (!pid) {
assert(0 == ptrace(PTRACE_TRACEME, 0,0,0));
kill(getpid(), SIGSTOP);
execl("/bin/true", "true", NULL);
assert(0);
}
assert(wait(&stat) == pid);
assert(WIFSTOPPED(stat) && WSTOPSIG(stat) == SIGSTOP);
assert(0 == ptrace(PTRACE_SETOPTIONS, pid, 0,
PTRACE_O_TRACESYSGOOD));
// ----must be exec syscall_entry ------------
assert(0 == ptrace(PTRACE_SYSCALL, pid, 0, 0));
assert(waitpid(pid, &stat, __WALL) == pid);
assert(stat == 0x857F);
// ----must be exec syscall_exit --------------
assert(0 == ptrace(PTRACE_SYSCALL, pid, 0, 0));
assert(waitpid(pid, &stat, __WALL) == pid);
assert(stat == 0x857F);
// ----must be SIGTRAP ------------------------
assert(0 == ptrace(PTRACE_SYSCALL, pid, 0, 0));
assert(waitpid(pid, &stat, __WALL) == pid);
assert(stat == 0x057F);
return 0;
}
is right, correct?
Oleg.
