[rfc] new generic ptrace api for setting syscall info

Mon Oct 25 11:20:50 UTC 2021

(Thank you Eugene to have forwarded Mike's message)

Mike, I am actually working on the kernel support for PTRACE_SET_SYSCALL_INFO.

I need it to implement a portable version of the virtualsquare's project vuos.
https://github.com/virtualsquare/vuos

The first kernel patch here attached is a proof-of-concept implementation of
the arch independent part of the support.
It is already able to update syscall args, exit values.

The arch specific code needed to complete the support of PTRACE_SET_SYSCALL_INFO
consists of three (simple) functions:
void instruction_pointer_set(struct pt_regs *regs, unsigned long val)
void user_stack_pointer_set(struct pt_regs *regs, unsigned long val)
void syscall_set_nr(struct task_struct *task, struct pt_regs *regs, int sysno)

Now, it needs some time-consuming effort to find the right registers for each
architecture, write the arch-dependent functions and test the code.
(some of the missing functions are already available for some archs).

I've also added a new tag PTRACE_SYSCALL_INFO_SECCOMP_SKIP, it should support
the situation described in the seccomp man page:
" The tracer can skip the system call by changing the system  call
number  to  -1.  Alternatively, the tracer can change the system
call requested by changing the system call  to  a  valid  system
call  number.   If the tracer asks to skip the system call, then
the system call will appear to return the value that the  tracer
puts in the return value register."
PTRACE_SYSCALL_INFO_SECCOMP_SKIP uses the 'exit' branch of the union in
struct ptrace_syscall_info.
When notified for a SECCOMP_RET_TRACE, a process can decide to run the syscall
maybe using different args (PTRACE_SYSCALL_INFO_SECCOMP) or skip the syscall and
provide a return value or an errno (PTRACE_SYSCALL_INFO_SECCOMP_SKIP).
PTRACE_SYSCALL_INFO_SECCOMP_SKIP is meaningful only for PTRACE_SET_SYSCALL_INFO and not
for PTRACE_GET_SYSCALL_INFO.

The second patch here attached adds a selftest to check some basic features of
PTRACE_SET_SYSCALL_INFO.

I think this proposal needs also:
* code review
* support to the discussion on the LKML for the acceptance of the (final) patch

Any contribution is welcome.

All the Best,

renzo
virtualsquare.org
+ Department of Computer Scince and Engineering, University of Bologna (Italy).
rd235 on github

On Mon, Oct 25, 2021 at 06:37:56AM +0200, Eugene Syromyatnikov wrote:
> Cc: Renzo Davoli <renzo at cs.unibo.it>
> Cc: Davide Berardi <berardi.dav at gmail.com>
> 
> On Mon, Oct 25, 2021 at 4:54 AM Mike Frysinger <vapier at gentoo.org> wrote:
> >
> > PTRACE_GET_SYSCALL_INFO is great for writing a generalized tracer -- no need to
> > write a per-arch ptrace call or register inspector.  unfortunately, there is no
> > converse to this operation: setting the syscall number, args, return, or error.
> > has there been any discussion for implementing this already ?
> >
> > starting with this group as it's realistically the most active user of ptrace,
> > and i don't think there's any kernel group covering it specifically.
> > -mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ptrace_set_syscall_info.patch
Type: text/x-diff
Size: 4846 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20211025/692d49e3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ptrace_set_syscall_test.patch
Type: text/x-diff
Size: 9418 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20211025/692d49e3/attachment-0001.bin>