Soft
commented
6 years ago The system call filtering code should now be working . I guess the problem with 32-bit binaries segfaulting is related to what the guest OS does after the stepped-over instruction. I mean, it would only makes sense that the program would likely crash if you just randomly ignore some instructions. I think it should be up to the event handler to make sure that the guest is in a state where it can safely continue even after an ignored instruction.
Wenzel
So this is the patch set I've been working on, it is still quite experimental but it certainly seems promising.
I've rearchitectured the event handling pipeline to report system call entry events to the user space BEFORE they are executed. The system call exit events are still reported after they are executed to keep compatibility with the older behaviour. This patch introduces a new
CONTINUE_STEP_OVERioctl for stepping over system calls. Obviously this requires support from Nitro's user space components and I've created patches over there to support the functionality provided by this patch set.What should be mostly working is stepping over system calls from syscall entry handlers in 64-bit binaries as well as continuing execution normally.
However, there are still a few problems with this. First, sysenter/sysret seems to be broken, the binaries using those instructions crash with segfaults. For me this is not a major problem for my use cases as Linux systems tend to be purely 64-bit. Also, the patch set does not play nicely with system call filtering but I've been actively working on figuring out why that is.
While I do not think this is in any state to be merged, I still opened this pull request to highlight the work I've been doing on this front.