Fix debugging inside proot

Fix killing of tracees that haven't issued any syscall yet,
previously we've used last_restart_how which was 0,
which happened to be PTRACE_TRACEME which caused hang

Suppress seccomp SIGSYS also when it happens on ptraced process
and don't deliver SIGSYS to ptracer

Improve logging, show detected syscall order when we detect seccomp

src/ptrace/wait.c

@@ -235,6 +235,7 @@ int translate_wait_exit(Tracee *ptracer)
 bool handle_ptracee_event(Tracee *ptracee, int event)
 {
 	bool handled_by_proot_first = false;
+	bool handled_by_proot_first_may_suppress = false;
 	Tracee *ptracer = PTRACEE.ptracer;
 	bool keep_stopped;
 
@@ -287,6 +288,11 @@ bool handle_ptracee_event(Tracee *ptracee, int event)
 			 * ptrace emulation.  */
 			return false;
 
+		case SIGSYS:
+			handled_by_proot_first = true;
+			handled_by_proot_first_may_suppress = true;
+			break;
+
 		default:
 			PTRACEE.tracing_started = true;
 			break;
@@ -314,10 +320,21 @@ bool handle_ptracee_event(Tracee *ptracee, int event)
 		signal = handle_tracee_event(ptracee, PTRACEE.event4.proot.value);
 		PTRACEE.event4.proot.value = signal;
 
-		/* The computed signal is always 0 since we can come
-		 * in this block only on sysexit and special events
-		 * (as for now).  */
-		assert(signal == 0);
+		if (handled_by_proot_first_may_suppress) {
+			/* If we've decided to suppress signal
+			 * (e.g. because seccomp policy blocked syscall
+			 * but we emulate that syscall),
+			 * don't notify ptracer and let ptracee resume.  */
+			if (signal == 0) {
+				restart_tracee(ptracee, 0);
+				return true;
+			}
+		} else {
+			/* The computed signal is always 0 since we can come
+			 * in this block only on sysexit and special events
+			 * (as for now).  */
+			assert(signal == 0);
+		}
 	}
 
 	/* Remember what the new event is, this will be required by

src/syscall/syscall.c

@@ -190,10 +190,10 @@ void translate_syscall(Tracee *tracee)
 	int push_regs_status = push_specific_regs(tracee, override_sysnum);
 
 	/* Handle inability to change syscall number */
-	print_current_regs(tracee, 4, "pre_push");
 	if (push_regs_status < 0 && override_sysnum) {
 		word_t orig_sysnum = peek_reg(tracee, ORIGINAL, SYSARG_NUM);
 		word_t current_sysnum = peek_reg(tracee, CURRENT, SYSARG_NUM);
+		print_current_regs(tracee, 4, "pre_push");
 		if (orig_sysnum != current_sysnum) {
 			/* Restart current syscall as chained */
 			if (current_sysnum != SYSCALL_AVOIDER) {

src/tracee/event.c

@@ -540,10 +540,11 @@ int handle_tracee_event(Tracee *tracee, int tracee_status)
 			signal = 0;
 
 			if (!seccomp_detected) {
-				VERBOSE(tracee, 1, "ptrace acceleration (seccomp mode 2) enabled");
 				tracee->seccomp = ENABLED;
 				seccomp_detected = true;
 				seccomp_after_ptrace_enter = !IS_IN_SYSENTER(tracee);
+				VERBOSE(tracee, 1, "ptrace acceleration (seccomp mode 2, %s syscall order) enabled",
+						seccomp_after_ptrace_enter ? "new" : "old");
 			}
 
 			tracee->skip_next_seccomp_signal = false;
@@ -609,7 +610,9 @@ int handle_tracee_event(Tracee *tracee, int tracee_status)
 		case SIGTRAP | PTRACE_EVENT_EXEC  << 8:
 		case SIGTRAP | PTRACE_EVENT_EXIT  << 8:
 			signal = 0;
-			tracee->restart_how = tracee->last_restart_how;
+			if (tracee->last_restart_how) {
+				tracee->restart_how = tracee->last_restart_how;
+			}
 			break;
 
 		case SIGSTOP:
@@ -633,6 +636,8 @@ int handle_tracee_event(Tracee *tracee, int tracee_status)
 			ptrace(PTRACE_GETSIGINFO, tracee->pid, NULL, &siginfo);
 			if (siginfo.si_code == SYS_SECCOMP) {
 				if (tracee->skip_next_seccomp_signal) {
+					VERBOSE(tracee, 4, "suppressed SIGSYS after void syscall");
+					tracee->skip_next_seccomp_signal = false;
 					signal = 0;
 				} else {
 					signal = handle_seccomp_event(tracee);
@@ -678,6 +683,7 @@ bool restart_tracee(Tracee *tracee, int signal)
 
 	/* Restart the tracee and stop it at the next instruction, or
 	 * at the next entry or exit of a system call. */
+	assert(tracee->restart_how != 0);
 	status = ptrace(tracee->restart_how, tracee->pid, NULL, signal);
 	if (status < 0)
 		return false; /* The process likely died in a syscall.  */