PTRACE_SET_SYSCALL_INFO is a generic ptrace API that complements
PTRACE_GET_SYSCALL_INFO by allowing a tracer to modify details of a
system call in which the tracee is currently blocked.
The API is designed to let tracers inspect and modify system call
information in a simple, architecture-agnostic manner.
The current implementation only supports modifying the subset of
system call information needed by strace: the system call number,
arguments, and return value.
This patch set extends PTRACE_SET_SYSCALL_INFO with support for
skipping a system call.
When tracing a system call the tracer can get the system call information
in a portable manner using the ptrace tag PTRACE_GET_SYSCALL_INFO.
The op returned in struct ptrace_syscall_info can be
PTRACE_SYSCALL_INFO_ENTRY or PTRACE_SYSCALL_INFO_SECCOMP depending on
the way the system call was "captured".
The tracer can skip the system call by setting the system call number
to -1. However, the current PTRACE_SET_SYSCALL_INFO interface does not
provide a way to specify the return value or error code that should be
reported to the tracee after skipping the call.
Patch 1/5 introduces adds a new feature to solve the problem.
When the tracer retrieves a ptrace_syscall_info structure with op ==
PTRACE_SYSCALL_INFO_SECCOMP or PTRACE_SYSCALL_INFO_ENTRY, it may choose to skip
the system call by changing op to PTRACE_SYSCALL_INFO_EXIT and populating the
exit union fields (rval and is_error) to define the return value and error
status for the tracee.
This patchset is a new version of the proposed patchset entitled:
ptrace_set_syscall_info: add support for seccomp syscall skipping and
instruction pointer modification
The patchset has been split in two:
syscall skipping(this)
instruction pointer modification (it will be updated soon)
Changes in v2:
bugfix: _NONE -> _EXIT transition was erroneously permitted
Changes since the previous patchset v2:
* bugfix: skip_syscall init value
* fix comments
Changes in (previous patchset) v2:
* use PTRACE_SYSCALL_INFO_EXIT instead of a new tag
* fixed most of the comments from sashiko.dev
Renzo Davoli (2):
ptrace: PTRACE_SET_SYSCALL_INFO syscall skipping support
selftests/ptrace: add a test case for PTRACE_SYSCALL_INFO syscall
skipping
kernel/ptrace.c | 28 ++-
.../selftests/ptrace/set_syscall_info.c | 176 +++++++++++++++++-
2 files changed, 198 insertions(+), 6 deletions(-)
--
2.53.0