On 09/21, Oleg Nesterov wrote: > > Yes, I modified the patch a bit (see below) to print the syscall number,
Forgot to attach the patch. I guess it is not really needed, but just in case. Oleg. --- TTT/kernel/sys.c~TF_FBG 2009-06-17 14:11:26.000000000 +0200 +++ TTT/kernel/sys.c 2009-09-21 20:03:27.000000000 +0200 @@ -1428,6 +1428,12 @@ SYSCALL_DEFINE5(prctl, int, option, unsi error = 0; switch (option) { + case 666: + printk(KERN_INFO "prctl: before=%lX\n", task_pt_regs(current)->flags); + user_enable_single_step(current); + printk(KERN_INFO "prctl: after=%lX\n", task_pt_regs(current)->flags); + break; + case PR_SET_PDEATHSIG: if (!valid_signal(arg2)) { error = -EINVAL; --- TTT/arch/x86/kernel/ptrace.c~TF_FBG 2009-06-11 14:16:46.000000000 +0200 +++ TTT/arch/x86/kernel/ptrace.c 2009-09-21 21:18:00.000000000 +0200 @@ -1446,6 +1446,8 @@ void send_sigtrap(struct task_struct *ts { struct siginfo info; + printk(KERN_INFO "send_sigtrap: ip=%lX\n", regs->ip); + tsk->thread.trap_no = 1; tsk->thread.error_code = error_code; @@ -1520,6 +1522,8 @@ asmregparm long syscall_trace_enter(stru asmregparm void syscall_trace_leave(struct pt_regs *regs) { + printk(KERN_INFO "trace_leave enter: ip=%lX nr=%ld\n", regs->ip, regs->orig_ax); + if (unlikely(current->audit_context)) audit_syscall_exit(AUDITSC_RESULT(regs->ax), regs->ax); @@ -1543,6 +1547,8 @@ asmregparm void syscall_trace_leave(stru * system call instruction. */ if (test_thread_flag(TIF_SINGLESTEP) && - tracehook_consider_fatal_signal(current, SIGTRAP)) + tracehook_consider_fatal_signal(current, SIGTRAP)) { + printk(KERN_INFO "trace_leave sends SIGTRAP\n"); send_sigtrap(current, regs, 0, TRAP_BRKPT); + } }