Mark nix::sys::ptrace::ptrace as unsafe, add safe variants of some routines #709
Conversation
…routines. These include: * PTRACE_TRACEME * PTRACE_CONT * PTRACE_ATTACH * PTRACE_SYSCALL
marmistrz
changed the title
src/sys/ptrace.rs
Outdated
| } | ||
|
|
||
| /// Makes the `PTRACE_CONT` request to ptrace | ||
| pub fn cont(pid: Pid) -> Result<()> { |
There was a problem hiding this comment.
Call this "continue" instead.
And provide better docs here.
There was a problem hiding this comment.
I wanted to keep consistent with the C API: PTRACE_TRACEME => ptrace::traceme, so PTRACE_CONT => ptrace::cont
There was a problem hiding this comment.
I understand why it's this way, but nix does renaming as is appropriate to make things more clear, and I think this is one of those times. So let's change it to "continue"
There was a problem hiding this comment.
Sorry, continue will not work:
error: expected identifier, found keyword `continue`
--> src/sys/ptrace.rs:193:8
|
193 | pub fn continue(pid: Pid) -> Result<()> {
| ^^^^^^^^
Leaving this as it is.
src/sys/ptrace.rs
Outdated
| @@ -70,7 +70,7 @@ mod ffi { | |||
|
|
|||
| /// Performs a ptrace request. If the request in question is provided by a specialised function | |||
| /// this function will return an unsupported operation error. | |||
| pub fn ptrace(request: ptrace::PtraceRequest, pid: Pid, addr: *mut c_void, data: *mut c_void) -> Result<c_long> { | |||
| pub unsafe fn ptrace(request: ptrace::PtraceRequest, pid: Pid, addr: *mut c_void, data: *mut c_void) -> Result<c_long> { | |||
There was a problem hiding this comment.
This needs to be expanded to report UnsupportedOperation for all 4 added specialized functions.
Also, what are the specific usecases of ptrace that will generate unsafety as Rust defines it (crashing isn't necessarily unsafe)? Since you pulled this out of another PR, I don't know where that discussion went.
There was a problem hiding this comment.
And thus break the specialized functions: ptrace::syscall calls ptrace::ptrace with request=PTRACE_SYSCALL.
ptrace can dereference arbitrary pointer in the child process memory.
src/sys/ptrace.rs
Outdated
| } | ||
| } | ||
|
|
||
| /// Makes the `PTRACE_SYSCALL` request to ptrace |
There was a problem hiding this comment.
This comment should be more descriptive on the first sentence and include a really good extended description explaining what it does.
There was a problem hiding this comment.
Should I copy-paste the ptrace manual? I thought that the user should be familiar with what ptrace does.
There was a problem hiding this comment.
Not the whole thing, but providing a little more detail would be nice. nix documentation can also be used as a form of discovery for users who aren't familiar with the POSIX APIs. While I don't expect nix to replace the man pages or other sources of documentation, it should allow people unfamiliar with the concepts to understand a little of the functionality.
src/sys/ptrace.rs
Outdated
| } | ||
| } | ||
|
|
||
| /// Makes the `PTRACE_ATTACH` request to ptrace |
src/sys/ptrace.rs
Outdated
| @@ -140,3 +140,51 @@ pub fn setsiginfo(pid: Pid, sig: &siginfo_t) -> Result<()> { | |||
| Err(e) => Err(e), | |||
| } | |||
| } | |||
|
|
|||
| /// Sets the process as traceable with `PTRACE_TRACEME` | |||
There was a problem hiding this comment.
Needs an extended description that elaborates a bit here.
|
Please don't break up PRs unless we ask you too as it makes it hard for us to follow the discussion (see my comments about safety). It also generates a lot of email traffic for a lot of us. |
|
Well, the problem is that #666 has gotten far too big and complex and if I keep it in one chunk, we won't merge it for another two weeks. And I have trouble isolating the cause of tests failing, especially that they succeed on my machine. It'll be much easier to ditch #666 (and close it when all the related changes are in) and successfully merge the changes by chunks. |
|
@marmistrz Let's refocus #666 on just adding the register ptrace wrapper since that's what most of it is about. Closing it we lose the history of the discussion, which has mostly been around that single feature, so let's keep it around. |
|
I'm wondering about the Currently
pub fn cont(pid: Pid, sig: Option<Signal>) -> Result<()> {
pub fn cont(pid: Pid) -> Result<()> {
pub fn cont_signal(pid: Pid, sig: Signal) -> Result<()> {I really think about settling with solution 2 because the most common use case is not to deliver any signal. What do you think? |
|
Let's use: pub fn cont<T: Into<Option<Signal>>>(pid: Pid, sig: T) -> Result<()>;I don't see the need for two functions just because it's too hard to add a |
|
It looks like we've got some problems with qemu. Should I disable the test on these arm/ppc? |
|
@marmistrz If you think it's a QEMU failure, just document it and disable them for it. |
|
The tests have succeeded but Github still shows them as not yet finished: https://travis-ci.org/nix-rust/nix/builds/259406655?utm_source=github_status&utm_medium=notification |
test/sys/test_ptrace.rs
Outdated
| @@ -58,6 +58,7 @@ fn test_ptrace_cont() { | |||
|
|
|||
| // FIXME: qemu-user doesn't implement ptrace on all arches and gives ENOSYS then. | |||
| // use it to filter out the affected platforms | |||
There was a problem hiding this comment.
Both of these comments could use proper punctuation and capitalization.
|
Is it ok now? |
|
@marmistrz Not yet. You haven't expanded the list of ptrace operations that return and |
|
@Susurrus, but this will break And |
|
@marmistrz You're correct, you should change these functions to use |
|
So you're asking me to add 4 more matches now, 6 more in #666... That's poor for readability, maintanance, that's ~3 rows of listing enum variants! And there are about 30 ptrace routines in total! Man, it's breaking other people's code without a single, smallest warning, without a single compile-time message. If a program starts tracing another using Let's just mark it as deprecated: |
|
Yes I am. This isn't that onerous and is not a large maintenance concern. Eventually As to the breaking people's code piece, yes we are. Every release will likely have breaking changes as we improve or stabilize our APIs. |
|
@Susurrus It's one thing to break the API so it doesn't compile and another to introduce runtime error in the most unexpected place. API changes should be clear from the developers perspective and this, in any case, is not. And I can't stress how sneaky the change is - you may realized it weeks after updating the dependency because you simply used the supported operations. It's just as though Rust decided that Moreover, Rust favors compile-time checking and falls back to runtime errors only when it's absolutely necessary. Deprecating a 1/10 of an API because we have a 1/10 of a new API is just insane. It's just as though you had to use methods I suggest we annotate the current state of the API in the documentation. The general |
|
@marmistrz I understand your viewpoint on this, but I don't see it as as big of an issue as you suggest. That being said, I think we should go ahead and add Additionally I'm fine with you not expanding the |
|
It's great we've found a compromise! I think we should document the internal functions As far as I can see, I think the name |
|
@marmistrz I think you're on the right track for cleaning up these helper functions. I don't think you need feedback from me, so why don't you go ahead and clean those up. You can put it as the first commit in this series or file a new PR, whatever you want. As to why |
|
Sure. I'll do this in a separate PR. Let's finally have it merged :) |
|
Thanks for your hard work pushing on this @marmistrz! Love that we have more tests for this too. bors r+ |
These include:
This is a part of #666, which is being split up into a couple smaller PRs.