Re: ptrace in 2.6.5

From: Andi Kleen
Date: Mon May 10 2004 - 13:51:19 EST

Next message: viro: "Re: [PATCH] [RFC] adding support for .patches and /proc/patches.gz"
Previous message: Dipankar Sarma: "Re: dentry bloat."
In reply to: Fabiano Ramos: "Re: ptrace in 2.6.5"
Next in thread: Davide Libenzi: "Re: ptrace in 2.6.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fabiano Ramos <ramos_fabiano@xxxxxxxxxxxx> writes:

> Hi All.
>
> Is ptrace(), in singlestep mode, required to stop after a int 0x80?
> When tracing a sequence like
>
> mov ...
> int 0x80
> mov ....
>
> ptrace would notify the tracer after the two movs, but not after the
> int 0x80. I want to know if it is a bug or the expected behaviour.

What happens is that after the int 0x80 the CPU is in ring 0 (you
don't get an trace event in that mode unless you use a kernel debugger).
Then when the kernel returns the last instruction executed before it is an
IRET. But the IRET is also executed still in ring 0 and you should not get
an event for it (you can not even access its code from user space).

So it's expected behaviour.

-Andi

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: viro: "Re: [PATCH] [RFC] adding support for .patches and /proc/patches.gz"
Previous message: Dipankar Sarma: "Re: dentry bloat."
In reply to: Fabiano Ramos: "Re: ptrace in 2.6.5"
Next in thread: Davide Libenzi: "Re: ptrace in 2.6.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]