> > it being after the syscall insn, but (in vanilla ptrace, and at the > > time of report_clone callbacks at utrace level) without the return > > value register having been written yet. > > And how we can implement this? > > regs->ax is updated right after "call *sys_call_table[]", and we > report PTRACE_EVENT_FORK or PTRACE_EVENT_EXEC much later.
I didn't intend to. This is a change I think is more desireable than the bug-compatibility. In today's ptrace these extra stops are the sole exceptions where the register state you fiddle with ptrace gets clobbered later. I've never thought that was useful. > The current logic which delays the stop adds so many complications... Of course, everything is open for debate. IMHO it is the old ptrace ABI's totally wrong model that introduces complexity. We don't want that same wrongness in the utrace API model. It's only the legacy ptrace behavior that necessitates these hacks. Thanks, Roland
