From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 129870 invoked by alias); 31 Mar 2016 01:10:00 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 129856 invoked by uid 89); 31 Mar 2016 01:09:59 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=jistone@redhat.com, jistoneredhatcom, news X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Thu, 31 Mar 2016 01:09:58 +0000 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (Postfix) with ESMTPS id 84C6963158; Thu, 31 Mar 2016 01:09:56 +0000 (UTC) Received: from [10.3.113.101] (ovpn-113-101.phx2.redhat.com [10.3.113.101]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u2V19txg014460; Wed, 30 Mar 2016 21:09:55 -0400 Subject: Re: [PATCH v4] Implement 'catch syscall' for gdbserver To: Yao Qi References: <1449196006-13759-2-git-send-email-jistone@redhat.com> <1452308954-13679-1-git-send-email-jistone@redhat.com> <5694EC0E.2080904@redhat.com> <56954F8C.6010100@redhat.com> <56955283.1060502@redhat.com> <56955B84.7050905@redhat.com> <86mvphs6kv.fsf@gmail.com> <56FAC588.6060200@redhat.com> <56FB1486.60208@redhat.com> <86io04rw7k.fsf@gmail.com> Cc: Pedro Alves , gdb-patches@sourceware.org, philippe.waroquiers@skynet.be, sergiodj@redhat.com, eliz@gnu.org, xdje42@gmail.com, scox@redhat.com From: Josh Stone Message-ID: <56FC78E3.6020300@redhat.com> Date: Thu, 31 Mar 2016 01:10:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.1 MIME-Version: 1.0 In-Reply-To: <86io04rw7k.fsf@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-SW-Source: 2016-03/txt/msg00581.txt.bz2 On 03/30/2016 05:23 AM, Yao Qi wrote: > Josh Stone writes: > > Hi Josh, > Thanks for the looking into this... > >> So, it seems those architectures don't preserve their original syscall >> numbers across an execve. >> >> $ gdb -ex 'catch syscall execve' -ex 'run' -ex 'catch syscall' \ >> -ex 'continue' --args sh -c /bin/true >> >> PPC64 and Aarch64 both read their syscall numbers from registers, and >> here they both get 0 ("restart_syscall" and "io_setup" respectively). >> S390X tries to decode it from the SVC instruction at PC-2, which will >> definitely fail after an execve -- gdb reports syscall -1. > > I think it reveals a bug on getting syscall number. If the register > having syscall number isn't preserved across the syscall, GDB should > read syscall number somewhere else. Well, sure, but I have no idea where that somewhere else could be. Note these architectures do work for other syscall returns. It's just that execve is a bit special by switching the whole process out. I suppose we could try to save the number on syscall entry, and just report that again when it returns. But it's not 100% sure that we'll see every entry first. For instance, one could 'catch execve' first, which will continue until PTRACE_EVENT_EXEC mid-syscall, then turn on 'catch syscall' and see what returns. (This is similar to what test_catch_syscall_mid_vfork checks.) BTW, even x86 is a little suspect if you cross compat modes. The number is preserved in orig_rax, but if you exec'ed from a 64-bit process to 32-bit, that number would still be the 64-bit NR_execve. It happens to still apparently work in that case because gdb isn't reloading its syscall mapping. But continue and it next gets: Catchpoint 2 (call to syscall recvfrom), 0xf7ff29b9 in brk () from /lib/ld-linux.so.2 i.e. 32-bit syscall brk is incorrectly called recvfrom. >> So when the catchpoint is only for execve, they continue past this one >> since the number doesn't look like execve. >> >> The good news is that all three do call it a syscall *return*, which was >> the main point of this particular test. If there's no objection, I can >> try to update the test to work more like my command above, matching any >> syscall at all on the return side of execve. >