Re: pt_regs->ax == -ENOSYS
From: H. Peter Anvin
Date: Tue Apr 27 2021 - 20:47:09 EST
On 4/27/21 5:20 PM, H. Peter Anvin wrote:
We *used* to truncate the system call number; that was unsigned. It
causes massive headache to ptrace if a 32-bit ptrace wants to write -1,
which is a bit hacky.
I would personally like to see orig_ax to be the register passed in and
for the truncation to happen by syscall_get_nr().
I also note that kernel/seccomp.c and the tracing infrastructure all
expect a signed int as the system call number. Yes, orig_ax is a 64-bit
field, but so are the other register fields which doesn't necessarily
directly reflect the value of an argument -- like, say, %rdi in the case
of sys_write - it is an int argument so it gets sign extended; this is
*not* reflected in ptrace.
-hpa
We could even do this, to make it perhaps harder to mess up:
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
index 409f661481e1..4e8e5c2e35f4 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -41,7 +41,10 @@ struct pt_regs {
unsigned short gs;
unsigned short __gsh;
/* On interrupt, this is the error code. */
- unsigned long orig_ax;
+ union {
+ unsigned long orig_ax;
+ int syscall_nr;
+ };
unsigned long ip;
unsigned short cs;
unsigned short __csh;
@@ -78,7 +81,10 @@ struct pt_regs {
* On syscall entry, this is syscall#. On CPU exception, this is error
code.
* On hw interrupt, it's IRQ number:
*/
- unsigned long orig_ax;
+ union {
+ unsigned long orig_ax;
+ int syscall_nr;
+ };
/* Return frame for iretq */
unsigned long ip;
unsigned long cs;