Re: [RFC PATCH 00/30] Code tagging framework and applications
From: Steven Rostedt
Date: Mon Sep 05 2022 - 15:16:12 EST
On Mon, 5 Sep 2022 11:44:55 -0700
Nadav Amit <nadav.amit@xxxxxxxxx> wrote:
> I would note that I have a solution in the making (which pretty much works)
> for this matter, and does not require any kernel changes. It produces a
> call stack that leads to the code that lead to syscall failure.
>
> The way it works is by using seccomp to trap syscall failures, and then
> setting ftrace function filters and kprobes on conditional branches,
> indirect branch targets and function returns.
Ooh nifty!
>
> Using symbolic execution, backtracking is performed and the condition that
> lead to the failure is then pin-pointed.
>
> I hope to share the code soon.
Looking forward to it.
-- Steve