Issues I ran into

  • check of retval stackgap_alloc() in systrace_replace() if we do not have necessary space for args rewrtiting, we should just bail out. 
    if ((ubase = stackgap_alloc(&sg, repl->strr_len)) == NULL)
          return(NULL);
  • As Milos Urbanek (urbanek at openbsd dot cz) noted, there should be some locking in systraceopen(): there should be locking of file structure: 
              FILE_LOCK(fp);
          fp->f_flag = FREAD | FWRITE;
          fp->f_type = DTYPE_MISC;
          fp->f_ops = &systracefops;
          fp->f_data = (caddr_t) fst;
          FILE_UNLOCK(fp);
  • another one by Milos Urbanek:
    more locking: instead of SYSTRACE_LOCK/UNLOCK we should use 5.x locking functions such as mtx_lock()/mtx_unlock. the lock provided by systrace_lock() is EXCLUSIVE, this means, we cannot go to sleep while holding it. (spinlock)
  • race condition in parameter rewriting
    As noted in BUGS section in systrace man page, there exists a race condition when two threads/processes share same address space. After systrace has made its decision, the second process can rewrite arguments of the first one before kernel will actually run the syscall. this can happen e.g. when cloning processes via clone()-like syscall.
    There is no easy solution for this problem. If we consider lookaside buffer, we have to copy all arguments to kernel address space and check the just before a syscall is called. The problem is, that some arguments are just pointers, so we will have to resolve their type.

    • Vladimir Kotal <vlada--at--devnull.cz>
    $Id: porting-issues.html,v 1.1 2003/12/17 22:03:52 techie Exp $