Re: Hacking gnumach to track parental relationship of tasks

[Ludovic Courtès]

Justus Winter <4win...@informatik.uni-hamburg.de> skribis:

> Quoting Samuel Thibault (2013-09-09 19:40:23)
>> Ludovic Courtès, le Mon 09 Sep 2013 18:48:03 +0200, a écrit :
>> > Samuel Thibault <samuel.thiba...@gnu.org> skribis:
>> > > Ludovic Courtès, le Sat 07 Sep 2013 22:04:06 +0200, a écrit :
>> > >> However, wouldn’t it be preferable to fix it by interposing on
>> > >> ‘task_create’ calls, à la clans & chiefs?  (IIUC, this can be done with
>> > >> by setting the TASK_KERNEL_PORT of a task.)
>> > >
>> > > Apparently task_create is a kernel trap.
>> > 
>> > Isn’t rpctrace able to interpose on it?
>> 
>> I don't think there is any way to interpose a trap.
>> 
>> It probably happens that libc nicely uses the RPC, but nothing prevents
>> a process from raising a trap.
>
> As I understand [0] one can interpose all Mach system calls

Yes, and ‘task_create’ is no exception to the rule:

--8<---------------cut here---------------start------------->8---
ludo@darnassus:~$ rpctrace -o ,,s sh -c 'sleep 2 & true'
rpctrace: get an unknown send right from process 19817
rpctrace: get an unknown send right from process 19816
rpctrace: get an unknown send right from process 19816
rpctrace: get an unknown send right from process 19816
ludo@darnassus:~$ grep task_ ,,s
task110(pid19816)->task_get_special_port (4) = 0    117<--115(pid19816)
task110(pid19816)->task_set_special_port (4  (null)) = 0 
task110(pid19816)->vm_allocate (0 4096 
1)task110(pid19816)->task_set_special_port (3    117<--130(pid-1)) = 0 19226624
task110(pid19816)->task_create (1) = 0    140<--139(pid19816)
task110(pid19816)->task_threads () = 0 {thread112(pid19816) thread128(pid19816)}
task140(pid19816)->task_set_special_port (3  115) = 0 
task140(pid19817)->mach_port_set_qlimit (pn{ 20} 
1)task110(pid19816)->task_terminate () = 0 
task140(pid19817)->task_get_special_port (4) = 0    141<--136(pid19817)
task140(pid19817)->task_set_special_port (4  (null)) = 0 
task140(pid19817)->vm_allocate (0 4096 
1)task140(pid19817)->task_set_special_port (3    141<--159(pid-1)) = 0 19226624
--8<---------------cut here---------------end--------------->8---

So what about using that technique to achieve what you want?  :-)

Ludo’.