On Sun, Jan 31, 2021 at 3:39 PM Kyle Huey <m...@kylehuey.com> wrote: > > On Sun, Jan 31, 2021 at 3:36 PM Andy Lutomirski <l...@amacapital.net> wrote: > > > The odd system call tracing part I have no idea who depends on it > > > (apparently "rr", which I assume is some replay thing), and I suspect > > > our semantics for it has been basically random historical one, and > > > it's apparently what changed. > > > > > > That's the one that we _really_ should have a test-case for, along > > > with some documentation and code comment what the actual semantics > > > need to be so that we don't break it again. > > > > This rr thing may be tangled up with the nonsense semantics of SYSRET. > > I’ll muck around with Kyle’s test and try to figure out what broke. > > > > I’m guessing the issue is that we are correctly setting TF in the EFLAGS > > image, but IRET helpfully only traps after the first user insn executes, > > which isn’t what the tracer is expects. > > The state of TF shouldn't really matter here. There should be no user > space code execution in the example I gave. This behavior all happens > in the kernel and not on the silicon. >
I admit that PTRACE_SINGLESTEP seems like an odd way to spell "advance to the end of the syscall", but you're right, it should work.
