Re: ptrace in 2.6.5

[Davide Libenzi]

On Mon, 10 May 2004, Fabiano Ramos wrote:

> The question is: the int 0x80 can be seen as complex instructions that
> is only completed after the iret. This way, I do not see why a debug
> trap is not generated afer the int 0x80 and BEFORE the mov.
> 
> I reinvented the wheel and built a module that did the same thing as
> a singlestep ptrace, and a the trap WAS generated after the int 0x80
> completed, before the mov. 
> 
> So I think it has sth to do with the debug trap handler. 
> 
> I DO NOT BELIEVE THIS BEAVIOUR is right, since if it is not stopping
> after the int 0x80, ptrace is not TRULLY singlestepping.

If you look at the Intel manual 24319202 page 44 (TF bit), it clearly says 
that the trap is generated on the instruction that follows the IRET. In 
the same doc, at page 145, it also says that the return address seen by 
the trap handler is the one following the trapped instructuion (INT#1 is a 
trap). Ideally, I'm with you in expecting a full trace on all the 
instructions (out of INTs), but this doesn't seem to be what documented.
On the kernel side, this would be pretty much solved by issuing a ptrace 
op, with a modified EIP (+2) on return from a syscall (if in single-step 
mode).



- Davide

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/