From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 25484 invoked by alias); 24 Feb 2006 06:53:26 -0000 Received: (qmail 25476 invoked by uid 22791); 24 Feb 2006 06:53:26 -0000 X-Spam-Status: No, hits=-0.8 required=5.0 tests=AWL,BAYES_00,DNS_FROM_RFC_ABUSE,SPF_SOFTFAIL X-Spam-Check-By: sourceware.org Received: from e2.ny.us.ibm.com (HELO e2.ny.us.ibm.com) (32.97.182.142) by sourceware.org (qpsmtpd/0.31) with ESMTP; Fri, 24 Feb 2006 06:53:25 +0000 Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e2.ny.us.ibm.com (8.12.11/8.12.11) with ESMTP id k1O6rNxT017832 for ; Fri, 24 Feb 2006 01:53:23 -0500 Received: from d01av02.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by d01relay04.pok.ibm.com (8.12.10/NCO/VERS6.8) with ESMTP id k1O6rL82225602 for ; Fri, 24 Feb 2006 01:53:23 -0500 Received: from d01av02.pok.ibm.com (loopback [127.0.0.1]) by d01av02.pok.ibm.com (8.12.11/8.13.3) with ESMTP id k1O6rK66003846 for ; Fri, 24 Feb 2006 01:53:20 -0500 Received: from newton.in.ibm.com ([9.124.35.47]) by d01av02.pok.ibm.com (8.12.11/8.12.11) with ESMTP id k1O6rJe0003814; Fri, 24 Feb 2006 01:53:20 -0500 Received: by newton.in.ibm.com (Postfix, from userid 500) id 533CBCE3; Fri, 24 Feb 2006 12:24:57 +0530 (IST) Date: Fri, 24 Feb 2006 06:53:00 -0000 From: Prasanna S Panchamukhi To: "Mao, Bibo" Cc: "Keshavamurthy, Anil S" , systemtap@sources.redhat.com Subject: Re: Kprobes might be stealing int3 Message-ID: <20060224065457.GA15685@in.ibm.com> Reply-To: prasanna@in.ibm.com References: <9FBCE015AF479F46B3B410499F3AE05B0898FE@pdsmsx405> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <9FBCE015AF479F46B3B410499F3AE05B0898FE@pdsmsx405> User-Agent: Mutt/1.4.1i X-IsSubscribed: yes Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Post: List-Help: , Sender: systemtap-owner@sourceware.org X-SW-Source: 2006-q1/txt/msg00616.txt.bz2 On Fri, Feb 24, 2006 at 02:39:10PM +0800, Mao, Bibo wrote: > Yes, I agree. > Most time INT 3(CD03) instruction is not generated by gcc assemblers, this opcode is created by direct numeric code or self-modifying code. > And currently kprobe mainly works for kernel part, I have one suggestion, if int3 instruction happens in user mode, just skip it, and let uprobe handler it later. > - if (kprobe_handler(args->regs)) > + if (!user_mode(args->regs) && kprobe_handler(args->regs)) > ret = NOTIFY_STOP; This looks good to me. Thanks Prasanna > And it is ok for stolen_int/brk.c test case, which jumps into LDT instruction area by lcall instruction and then causes trap. And IA32 considers this condition but x86_64 has not considered this. > > thanks > bibo,mao > > >-----Original Message----- > >From: Prasanna S Panchamukhi [mailto:prasanna@in.ibm.com] > >Sent: 2006年2月24日 13:19 > >To: Mao, Bibo > >Cc: Keshavamurthy, Anil S; systemtap@sources.redhat.com > >Subject: Re: Kprobes might be stealing int3 > > > >Bibo, > > > >In fact, Stas earlier had pointed this problem on the lkml and > >I had posted a patch to fix it. > >URL for this patch is below. > >http://lkml.org/lkml/2004/12/9/43 > > > >Thanks > >Prasanna > > > > > > > >On Fri, Feb 24, 2006 at 08:56:47AM +0800, Mao, Bibo wrote: > >> Anil, > >> I search the x86 assembly manual, about INT instruction there are three kinds: > >> CC INT 3 Interrupt 3?Dtrap to debugger > >> CD ib INT imm8 Interrupt vector number specified by immediate > >byte > >> CE INTO Interrupt 4?Dif overflow flag is 1 > >> So like this test program, the instruction encoding will be 0x03cd, it has > >the same effect with 0xcc encoding. > >> And currently in kprobe BREAK_INSTRUCTION is only defined as 0xcc. Maybe > >another encoding also need be judged. > >> > >> Thanks > >> bibo,mao > >> > >> >-----Original Message----- > >> >From: systemtap-owner@sourceware.org > >[mailto:systemtap-owner@sourceware.org] > >> >On Behalf Of Keshavamurthy, Anil S > >> >Sent: 2006年2月24日 7:34 > >> >To: systemtap@sources.redhat.com > >> >Subject: FW: Kprobes might be stealing int3 > >> > > >> >I went little further and found why the application is segmentation > >> >fault'ing. > >> > > >> >In the kprobes_handler() code, we are checking > >> >If (*addr != BREAK_INSTRUCTION) and this is where the > >> >app is crashing since we are trying to dereference this address > >> >which is not a linear address. > >> > > >> >I would be happy to tryout any fix that any one provides. > >> > > >> >Thanks, > >> >Anil > >> >-----Original Message----- > >> >From: Keshavamurthy Anil S [mailto:anil.s.keshavamurthy@intel.com] > >> >Sent: Thursday, February 23, 2006 12:11 PM > >> >To: Systemtap > >> >Cc: Keshavamurthy, Anil S > >> >Subject: Kprobes might be stealing int3 > >> > > >> >Hi, > >> > I tried running the below program on both > >> >x86_64 and i386 and on both architecture, > >> >if the kernel is compiled with CONFIG_KPROBES, > >> >my below application segmentation faults. > >> > > >> >On kernel where CONFIG_KPROBES set to N, the > >> >same test program passes. > >> > > >> >Here goes the test program... > >> >------------------------- > >> >#include > >> >#include > >> > > >> >void my_trap(int sig) > >> >{ > >> > printf("Test passed, all OK\n"); > >> > exit(0); > >> >} > >> > > >> >int main() > >> >{ > >> > signal(SIGTRAP, my_trap); > >> > asm volatile (".byte 0xcd,3"); > >> > printf("Stolen interrupt, very bad!\n"); > >> >} > >> >---------------------------------- > >> > > >> > > >> > > >> > > >> > > >> > > > > >-- > >Prasanna S Panchamukhi > >Linux Technology Center > >India Software Labs, IBM Bangalore > >Email: prasanna@in.ibm.com > >Ph: 91-80-51776329 -- Prasanna S Panchamukhi Linux Technology Center India Software Labs, IBM Bangalore Email: prasanna@in.ibm.com Ph: 91-80-51776329