Re: ptrace in 2.6.5

From: Davide Libenzi
Date: Tue May 11 2004 - 01:53:05 EST


On Mon, 10 May 2004, Davide Libenzi wrote:

> On Mon, 10 May 2004, Davide Libenzi wrote:
>
> > On the kernel side, this would be pretty much solved by issuing a ptrace
> > op, with a modified EIP (+2) on return from a syscall (if in single-step
> > mode).
>
> Actaully, the EIP should not be changed (since it already points to the
> intruction following INT 0x80) and I believe it is sufficent to replace
> the test for _TIF_SYSCALL_TRACE with (_TIF_SYSCALL_TRACE | TIF_SINGLESTEP)
> in the system call return path. This should generate a ptrace trap with
> EIP pointing to the next instruction following INT 0x80.

The patch below (for i386) should work.



- Davide




Index: arch/i386/kernel/entry.S
===================================================================
RCS file: /usr/src/bkcvs/linux-2.5/arch/i386/kernel/entry.S,v
retrieving revision 1.83
diff -u -r1.83 entry.S
--- arch/i386/kernel/entry.S 12 Apr 2004 20:29:12 -0000 1.83
+++ arch/i386/kernel/entry.S 11 May 2004 06:35:29 -0000
@@ -354,7 +354,7 @@
# perform syscall exit tracing
ALIGN
syscall_exit_work:
- testb $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT), %cl
+ testb $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SINGLESTEP), %cl
jz work_pending
sti # could let do_syscall_trace() call
# schedule() instead
Index: include/asm-i386/thread_info.h
===================================================================
RCS file: /usr/src/bkcvs/linux-2.5/include/asm-i386/thread_info.h,v
retrieving revision 1.19
diff -u -r1.19 thread_info.h
--- include/asm-i386/thread_info.h 12 Apr 2004 20:29:12 -0000 1.19
+++ include/asm-i386/thread_info.h 11 May 2004 06:34:47 -0000
@@ -165,7 +165,7 @@

/* work to do on interrupt/exception return */
#define _TIF_WORK_MASK \
- (0x0000FFFF & ~(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT))
+ (0x0000FFFF & ~(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SINGLESTEP))
#define _TIF_ALLWORK_MASK 0x0000FFFF /* work to do on any return to u-space */

/*
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/