On 09/23, Roland McGrath wrote: > > It's a further oddity that you can single-step (or not) "into" the > system call and then get a ptrace stop "inside" it, that being for > PTRACE_EVENT_FORK et al. From there, the thread register state shows > it being after the syscall insn, but (in vanilla ptrace, and at the > time of report_clone callbacks at utrace level) without the return > value register having been written yet.
And how we can implement this? regs->ax is updated right after "call *sys_call_table[]", and we report PTRACE_EVENT_FORK or PTRACE_EVENT_EXEC much later. Oh. What if we change utrace_report_exec() and tracehook_report_clone_complete() to use finish_resume_report() and actually stop? This way all problems go away, and the stacked events are not needed. The current logic which delays the stop adds so many complications... Oleg.