ptrace PTRACE_PEEKUSER behavior

From: Anoop
Date: Mon May 05 2008 - 07:02:17 EST

Next message: Christoph Hellwig: "Re: [patch 09/15] vfs: immutable inode checking cleanup"
Previous message: Christoph Hellwig: "Re: [patch 03/15] cgroup: dont call vfs_mkdir"
Next in thread: Andi Kleen: "Re: ptrace PTRACE_PEEKUSER behavior"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The call ptrace(PTRACE_PEEKUSER, <pid>, ...) does not work as described in the
man page.

Specifically, the man page states:
PTRACE_PEEKUSER
Reads a word at offset addr in the child's USER area, which
holds the registers and other information about the process (see
<linux/user.h> and <sys/user.h>). The word is returned as the
result of the ptrace() call. Typically the offset must be word-
aligned, though this might vary by architecture. (data is
ignored.)

Using the PTRACE_PEEKUSER action, the "regs" component can be read, but the
values past regs are not obtained. Even the reg values are not retrieved from a
'user' structure, but from the 'task_struct' of the process.

linux-2.6.26-rc1/include/asm-x86/user_32.h defines struct user like this.

/* When the kernel dumps core, it starts by dumping the user struct -
this will be used by gdb to figure out where the data and stack segments
are within the file, and what virtual addresses to use. */
struct user{
/* We start with the registers, to mimic the way that "memory" is returned
from the ptrace(3,...) function. */
struct user_regs_struct regs; /* Where the registers are actually stored
*/
/* ptrace does not yet supply these. Someday.... */ <===================
int u_fpvalid; /* True if math co-processor being used. */
/* for this mess. Not yet used. */
struct user_i387_struct i387; /* Math Co-processor registers. */
/* The rest of this junk is to help gdb figure out what goes where */
unsigned long int u_tsize; /* Text segment size (pages). */
unsigned long int u_dsize; /* Data segment size (pages). */
unsigned long int u_ssize; /* Stack segment size (pages). */
unsigned long start_code; /* Starting virtual address of text. */
unsigned long start_stack; /* Starting virtual address of stack area.
This is actually the bottom of the stack, the top of the stack is always
found in the esp register. */
long int signal; /* Signal that caused the core dump. */
int reserved; /* No longer used */
struct user_pt_regs * u_ar0; /* Used by gdb to help find the values for */
/* the registers. */
struct user_i387_struct* u_fpstate; /* Math Co-processor pointer. */
unsigned long magic; /* To uniquely identify a core file */
char u_comm[32]; /* User command that was responsible */
int u_debugreg[8];
};

Noting the comment after 'struct user_regs_struct regs', is there any specific
reason why ptrace doesn't provide the rest of the members of this structure? In
that case shouldn't the man pages be corrected?

- Anoop

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Hellwig: "Re: [patch 09/15] vfs: immutable inode checking cleanup"
Previous message: Christoph Hellwig: "Re: [patch 03/15] cgroup: dont call vfs_mkdir"
Next in thread: Andi Kleen: "Re: ptrace PTRACE_PEEKUSER behavior"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]