Skip to content

usertrap: disable syscall patching when ptraced #12325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
copybara-service merged 2 commits into from
Dec 8, 2025
Merged

usertrap: disable syscall patching when ptraced #12325

copybara-service merged 2 commits into from
Dec 8, 2025

Conversation

@ret2libc
Copy link
Contributor

@ret2libc ret2libc commented Nov 21, 2025

Workaround the issue in #12266 .

It's not clear to me yet why the issue appears, but it happens intermittently when ptracing a program. I think also #11649 is related. This patch is similar to --systrap-disable-syscall-patching but instead of disabling syscall patching globally, we just disable it for some tasks.

What do you think?

@konstantin-s-bogom
Copy link
Member

konstantin-s-bogom commented Nov 21, 2025

IIRC the issue with debuggers and systrap is that they enable single-stepping, which is completely incompatible with the "syshandler" routine used to handle patched syscalls. When the process is inside this routine and subsequently receives a SIGTRAP for every instruction, the signal handler proceeds to blow away the register state of the user process.

So this patch is insufficient, because if the workload enters some piece of code where patches have already been applied before patching got disabled, this will result in exactly the same error.

I've described what I think the proper solution is in #11649 (we need to roll back the patches in addition to disabling them).

All that said I don't see too much harm with merging this (maybe with a better comment and a TODO to implement the rest). This partial fix may be enough for a good chunk of ptraced workloads. @avagin WDYT?

@ret2libc
Copy link
Contributor Author

ret2libc commented Nov 24, 2025

You are right, I guess it will not work when you ptrace-attach to an already existing process that has been patched, but it will work better for programs that are ptraced as soon as cloned, right? I will improve the comment!

@ret2libc
Copy link
Contributor Author

ret2libc commented Nov 24, 2025

I've rewritten the comment and added the TODO. Let me know what else I can do!

@konstantin-s-bogom
Copy link
Member

konstantin-s-bogom commented Dec 1, 2025

Sorry for not replying for a while, I was out. Thanks for fixing the comment! I think you should also add a loud warning log in case State.nextTrap > 0, which indicates that this subprocess already had some patched syscalls; something like LIKELY ERROR: Attached tracer to process with patched syscalls! Systrap is not fully compatible with ptrace/debuggers, program may die unexpectedly soon!

@ret2libc
Copy link
Contributor Author

ret2libc commented Dec 3, 2025

@konstantin-s-bogom interestingly, I hit the the warning even by just running gdb -q --batch -ex "run" --args /bin/true. A few syscalls have already been patched even there.

copybara-service bot pushed a commit that referenced this pull request Dec 4, 2025
@ret2libc @gvisor-bot
usertrap: disable syscall patching when ptraced
4948dc2 
Workaround the issue in #12266 .

It's not clear to me yet why the issue appears, but it happens intermittently when ptracing a program. I think also #11649 is related. This patch is similar to `--systrap-disable-syscall-patching` but instead of disabling syscall patching globally, we just disable it for some tasks.

What do you think?

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12325 from trail-of-forks:ptrace-issue 3c52fed
PiperOrigin-RevId: 840404296
@copybara-service copybara-service bot mentioned this pull request Dec 4, 2025
Open
copybara-service bot pushed a commit that referenced this pull request Dec 4, 2025
@ret2libc @gvisor-bot
usertrap: disable syscall patching when ptraced
2fa45d6 
Workaround the issue in #12266.

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12325 from trail-of-forks:ptrace-issue 3c52fed
PiperOrigin-RevId: 840404296
copybara-service bot pushed a commit that referenced this pull request Dec 4, 2025
@ret2libc @gvisor-bot
usertrap: disable syscall patching when ptraced
a45ff50 
Workaround the issue in #12266.

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12325 from trail-of-forks:ptrace-issue 3c52fed
PiperOrigin-RevId: 840404296
copybara-service bot pushed a commit that referenced this pull request Dec 5, 2025
@ret2libc @gvisor-bot
usertrap: disable syscall patching when ptraced
0e99a3a 
Workaround the issue in #12266.

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12325 from trail-of-forks:ptrace-issue 3c52fed
PiperOrigin-RevId: 840404296
copybara-service bot pushed a commit that referenced this pull request Dec 5, 2025
@ret2libc @gvisor-bot
usertrap: disable syscall patching when ptraced
db6142e 
Workaround the issue in #12266.

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12325 from trail-of-forks:ptrace-issue 3c52fed
PiperOrigin-RevId: 840404296
copybara-service bot pushed a commit that referenced this pull request Dec 5, 2025
@ret2libc @gvisor-bot
usertrap: disable syscall patching when ptraced
e55a473 
Workaround the issue in #12266.

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12325 from trail-of-forks:ptrace-issue 3c52fed
PiperOrigin-RevId: 840404296
copybara-service bot pushed a commit that referenced this pull request Dec 5, 2025
@ret2libc @gvisor-bot
usertrap: disable syscall patching when ptraced
b0b15bb 
Workaround the issue in #12266.

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12325 from trail-of-forks:ptrace-issue 3c52fed
PiperOrigin-RevId: 840404296
copybara-service bot pushed a commit that referenced this pull request Dec 5, 2025
@ret2libc @gvisor-bot
usertrap: disable syscall patching when ptraced
c9cb883 
Workaround the issue in #12266.

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12325 from trail-of-forks:ptrace-issue 3c52fed
PiperOrigin-RevId: 840814557
@copybara-service copybara-service bot mentioned this pull request Dec 5, 2025
Merged
copybara-service bot pushed a commit that referenced this pull request Dec 5, 2025
@ret2libc @gvisor-bot
usertrap: disable syscall patching when ptraced
e00d5f7 
Workaround the issue in #12266.

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12325 from trail-of-forks:ptrace-issue 3c52fed
PiperOrigin-RevId: 840814557
copybara-service bot pushed a commit that referenced this pull request Dec 5, 2025
@ret2libc @gvisor-bot
usertrap: disable syscall patching when ptraced
2a2cd54 
Workaround the issue in #12266.

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12325 from trail-of-forks:ptrace-issue 3c52fed
PiperOrigin-RevId: 840814557
@avagin
Copy link
Collaborator

avagin commented Dec 8, 2025

@konstantin-s-bogom interestingly, I hit the the warning even by just running gdb -q --batch -ex "run" --args /bin/true. A few syscalls have already been patched even there.

Because gdb attaches to a child process before it execs the target binary...

copybara-service bot pushed a commit that referenced this pull request Dec 8, 2025
@ret2libc @gvisor-bot
usertrap: disable syscall patching when ptraced
e2f1c61 
Workaround the issue in #12266.

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12325 from trail-of-forks:ptrace-issue 3c52fed
PiperOrigin-RevId: 840814557
@copybara-service copybara-service bot merged commit 2d946ce into google:master Dec 8, 2025
4 of 5 checks passed
@ret2libc
Copy link
Contributor Author

ret2libc commented Dec 9, 2025

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@konstantin-s-bogom konstantin-s-bogom konstantin-s-bogom left review comments

Assignees

No one assigned

Labels

ready to pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ret2libc @konstantin-s-bogom @avagin