From b0b15bbf015366fd4e143465ecdfc33c63eb9ef4 Mon Sep 17 00:00:00 2001 From: Riccardo Schirone Date: Thu, 4 Dec 2025 14:29:53 -0800 Subject: [PATCH] usertrap: disable syscall patching when ptraced Workaround the issue in #12266. FUTURE_COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/12325 from trail-of-forks:ptrace-issue 3c52fedd53da176042cffdc701e31f4262623451 PiperOrigin-RevId: 840404296 --- .../platform/systrap/usertrap/usertrap_amd64.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go b/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go index 730f526533..0442901f01 100644 --- a/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go +++ b/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go @@ -193,6 +193,22 @@ func (s *State) PatchSyscall(ctx context.Context, ac *arch.Context64, mm memoryM return fmt.Errorf("no task found") } + // Skip syscall patching when the task is being ptraced, because + // single-stepping and other debugger features are incompatible with + // the "syshandler" routine used to handle patched syscalls (see + // syshandler_amd64.S). This incompatibility can result in inconsistent + // process states and failures (e.g. SIGSEGV). + // TODO(gvisor.dev/issue/11649): for a full fix we'd need to roll back + // existing patched syscalls, in case the traced program was patched + // before being traced (e.g. PTRACE_ATTACH on an already running + // process). + if task.Tracer() != nil { + if s.nextTrap > 0 { + ctx.Warningf("LIKELY ERROR: Attached tracer to process with patched syscalls (traps %d)! Systrap is not fully compatible with ptrace/debuggers, program may die unexpectedly soon!", s.nextTrap) + } + return nil + } + s.mu.Lock() defer s.mu.Unlock()