Yes, I agree. Most time INT 3(CD03) instruction is not generated by gcc assemblers, this opcode is created by direct numeric code or self-modifying code. And currently kprobe mainly works for kernel part, I have one suggestion, if int3 instruction happens in user mode, just skip it, and let uprobe handler it later. - if (kprobe_handler(args->regs)) + if (!user_mode(args->regs) && kprobe_handler(args->regs)) ret = NOTIFY_STOP; And it is ok for stolen_int/brk.c test case, which jumps into LDT instruction area by lcall instruction and then causes trap. And IA32 considers this condition but x86_64 has not considered this. thanks bibo,mao >-----Original Message----- >From: Prasanna S Panchamukhi [mailto:prasanna@in.ibm.com] >Sent: 2006年2月24日 13:19 >To: Mao, Bibo >Cc: Keshavamurthy, Anil S; systemtap@sources.redhat.com >Subject: Re: Kprobes might be stealing int3 > >Bibo, > >In fact, Stas earlier had pointed this problem on the lkml and >I had posted a patch to fix it. >URL for this patch is below. >http://lkml.org/lkml/2004/12/9/43 > >Thanks >Prasanna > > > >On Fri, Feb 24, 2006 at 08:56:47AM +0800, Mao, Bibo wrote: >> Anil, >> I search the x86 assembly manual, about INT instruction there are three kinds: >> CC INT 3 Interrupt 3―trap to debugger >> CD ib INT imm8 Interrupt vector number specified by immediate >byte >> CE INTO Interrupt 4―if overflow flag is 1 >> So like this test program, the instruction encoding will be 0x03cd, it has >the same effect with 0xcc encoding. >> And currently in kprobe BREAK_INSTRUCTION is only defined as 0xcc. Maybe >another encoding also need be judged. >> >> Thanks >> bibo,mao >> >> >-----Original Message----- >> >From: systemtap-owner@sourceware.org >[mailto:systemtap-owner@sourceware.org] >> >On Behalf Of Keshavamurthy, Anil S >> >Sent: 2006年2月24日 7:34 >> >To: systemtap@sources.redhat.com >> >Subject: FW: Kprobes might be stealing int3 >> > >> >I went little further and found why the application is segmentation >> >fault'ing. >> > >> >In the kprobes_handler() code, we are checking >> >If (*addr != BREAK_INSTRUCTION) and this is where the >> >app is crashing since we are trying to dereference this address >> >which is not a linear address. >> > >> >I would be happy to tryout any fix that any one provides. >> > >> >Thanks, >> >Anil >> >-----Original Message----- >> >From: Keshavamurthy Anil S [mailto:anil.s.keshavamurthy@intel.com] >> >Sent: Thursday, February 23, 2006 12:11 PM >> >To: Systemtap >> >Cc: Keshavamurthy, Anil S >> >Subject: Kprobes might be stealing int3 >> > >> >Hi, >> > I tried running the below program on both >> >x86_64 and i386 and on both architecture, >> >if the kernel is compiled with CONFIG_KPROBES, >> >my below application segmentation faults. >> > >> >On kernel where CONFIG_KPROBES set to N, the >> >same test program passes. >> > >> >Here goes the test program... >> >------------------------- >> >#include >> >#include >> > >> >void my_trap(int sig) >> >{ >> > printf("Test passed, all OK\n"); >> > exit(0); >> >} >> > >> >int main() >> >{ >> > signal(SIGTRAP, my_trap); >> > asm volatile (".byte 0xcd,3"); >> > printf("Stolen interrupt, very bad!\n"); >> >} >> >---------------------------------- >> > >> > >> > >> > >> > >> > > >-- >Prasanna S Panchamukhi >Linux Technology Center >India Software Labs, IBM Bangalore >Email: prasanna@in.ibm.com >Ph: 91-80-51776329