ptrace + EFLAGS_RF
From: Udo A. Steinberg
Date: Fri Nov 07 2003 - 17:53:58 EST
In arch/i386/kernel/ptrace.c the kernel defines which bits of the eflags
register user programs have access to using ptrace (PTRACE_SETREGS). Among
the "forbidden" bits is the resume flag (0x10000), i.e. the kernel masks
it out if userland sets it.
/* determines which flags the user has access to. */
/* 1 = access 0 = no access */
#define FLAG_MASK 0x00044dd5
When using hardware-assisted breakpoints via the debug registers (DR0...7),
it would be helpful if the debugger could set the resume flag in order not
to immediately hit the same breakpoint again at PTRACE_CONT/SYSCALL.
What is the motivation for disallowing user programs to set the RF flag?
I see no obvious reason how setting it could possibly screw the kernel.
Am I overlooking something?
Alternatively - what is the suggested approach to skip over breakpointed
instructions? Resetting the breakpoint, doing a singlestep and setting it
again doesn't seem very convenient to me.
Description: PGP signature