Ordering of rec_process_syscall

Robert O'Callahan robert at ocallahan.org
Thu Nov 13 11:57:01 PST 2014


On Fri, Nov 14, 2014 at 8:23 AM, Kyle Huey <me at kylehuey.com> wrote:

> rec_process_syscall is called *after* the syscall executes in the
> tracee.  The handlers for certain irregular syscalls seem like they
> would be better placed before the syscall executes in the tracee.
> e.g. the handler for open can veto the opening of certain paths, but
> because it happens after the open syscall has executed that results in
> a leaked fd in the tracee.
>
> This is more of a problem on ARM, because in the ARM syscall ABI the
> return value of a syscall clobbers the register containing the first
> argument (instead of the register containing the syscall number like
> on x86).  This is not insurmountable, since ARM has an orig_r0
> containing the original value much like x86 has an orig_eax.  But it
> does mean that naive attempts to access the arguments after syscall
> execution will fail.
>
> It seems like it would be logical to split rec_process_syscall into
> one function performing handling at syscall entry and another
> performing handling at syscall exit.
>

We already have rec_prepare_syscall_arch performing handling at syscall
entry. Can you do what you need to do there?

Rob
-- 
oIo otoeololo oyooouo otohoaoto oaonoyooonoeo owohooo oioso oaonogoroyo
owoiotoho oao oboroootohoeoro oooro osoiosotoeoro owoiololo oboeo
osouobojoeocoto otooo ojouodogomoeonoto.o oAogoaoiono,o oaonoyooonoeo
owohooo
osoaoyoso otooo oao oboroootohoeoro oooro osoiosotoeoro,o o‘oRoaocoao,o’o
oioso
oaonosowoeoroaoboloeo otooo otohoeo ocooouoroto.o oAonodo oaonoyooonoeo
owohooo
osoaoyoso,o o‘oYooouo ofooooolo!o’o owoiololo oboeo oiono odoaonogoeoro
ooofo
otohoeo ofoioroeo ooofo ohoeololo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rr-dev/attachments/20141114/4ea0bdf5/attachment.html>


More information about the rr-dev mailing list