From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23450 invoked by alias); 24 Feb 2006 06:39:47 -0000 Received: (qmail 23441 invoked by uid 22791); 24 Feb 2006 06:39:46 -0000 X-Spam-Status: No, hits=-2.0 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from fmr20.intel.com (HELO orsfmr005.jf.intel.com) (134.134.136.19) by sourceware.org (qpsmtpd/0.31) with ESMTP; Fri, 24 Feb 2006 06:39:44 +0000 Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17]) by orsfmr005.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id k1O6dIvk009582; Fri, 24 Feb 2006 06:39:18 GMT Received: from pdsmsxvs01.pd.intel.com (pdsmsxvs01.pd.intel.com [172.16.12.122]) by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id k1O6dGWl005021; Fri, 24 Feb 2006 06:39:17 GMT Received: from pdsmsx331.ccr.corp.intel.com ([172.16.12.58]) by pdsmsxvs01.pd.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2006022414391523943 ; Fri, 24 Feb 2006 14:39:15 +0800 Received: from pdsmsx405.ccr.corp.intel.com ([172.16.12.95]) by pdsmsx331.ccr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 24 Feb 2006 14:39:11 +0800 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Subject: RE: Kprobes might be stealing int3 Date: Fri, 24 Feb 2006 06:39:00 -0000 Message-ID: <9FBCE015AF479F46B3B410499F3AE05B0898FE@pdsmsx405> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Kprobes might be stealing int3 Thread-Index: AcY5AeaMEjYh86cUTiuixVrumv5CtQAB2+yQ From: "Mao, Bibo" To: Cc: "Keshavamurthy, Anil S" , X-OriginalArrivalTime: 24 Feb 2006 06:39:11.0646 (UTC) FILETIME=[0582E3E0:01C6390D] X-Scanned-By: MIMEDefang 2.52 on 10.7.209.17 X-IsSubscribed: yes Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Post: List-Help: , Sender: systemtap-owner@sourceware.org X-SW-Source: 2006-q1/txt/msg00615.txt.bz2 Yes, I agree. Most time INT 3(CD03) instruction is not generated by gcc assemblers, this = opcode is created by direct numeric code or self-modifying code. And currently kprobe mainly works for kernel part, I have one suggestion, i= f int3 instruction happens in user mode, just skip it, and let uprobe handl= er it later. - if (kprobe_handler(args->regs)) + if (!user_mode(args->regs) && kprobe_handler(args->regs)) ret =3D NOTIFY_STOP; And it is ok for stolen_int/brk.c test case, which jumps into LDT instructi= on area by lcall instruction and then causes trap. And IA32 considers this = condition but x86_64 has not considered this. thanks bibo,mao >-----Original Message----- >From: Prasanna S Panchamukhi [mailto:prasanna@in.ibm.com] >Sent: 2006=C4=EA2=D4=C224=C8=D5 13:19 >To: Mao, Bibo >Cc: Keshavamurthy, Anil S; systemtap@sources.redhat.com >Subject: Re: Kprobes might be stealing int3 > >Bibo, > >In fact, Stas earlier had pointed this problem on the lkml and >I had posted a patch to fix it. >URL for this patch is below. >http://lkml.org/lkml/2004/12/9/43 > >Thanks >Prasanna > > > >On Fri, Feb 24, 2006 at 08:56:47AM +0800, Mao, Bibo wrote: >> Anil, >> I search the x86 assembly manual, about INT instruction there are three = kinds: >> CC INT 3 Interrupt 3=A8Dtrap to debugger >> CD ib INT imm8 Interrupt vector number specified by immediate >byte >> CE INTO Interrupt 4=A8Dif overflow flag is 1 >> So like this test program, the instruction encoding will be 0x03cd, it h= as >the same effect with 0xcc encoding. >> And currently in kprobe BREAK_INSTRUCTION is only defined as 0xcc. Maybe >another encoding also need be judged. >> >> Thanks >> bibo,mao >> >> >-----Original Message----- >> >From: systemtap-owner@sourceware.org >[mailto:systemtap-owner@sourceware.org] >> >On Behalf Of Keshavamurthy, Anil S >> >Sent: 2006=C4=EA2=D4=C224=C8=D5 7:34 >> >To: systemtap@sources.redhat.com >> >Subject: FW: Kprobes might be stealing int3 >> > >> >I went little further and found why the application is segmentation >> >fault'ing. >> > >> >In the kprobes_handler() code, we are checking >> >If (*addr !=3D BREAK_INSTRUCTION) and this is where the >> >app is crashing since we are trying to dereference this address >> >which is not a linear address. >> > >> >I would be happy to tryout any fix that any one provides. >> > >> >Thanks, >> >Anil >> >-----Original Message----- >> >From: Keshavamurthy Anil S [mailto:anil.s.keshavamurthy@intel.com] >> >Sent: Thursday, February 23, 2006 12:11 PM >> >To: Systemtap >> >Cc: Keshavamurthy, Anil S >> >Subject: Kprobes might be stealing int3 >> > >> >Hi, >> > I tried running the below program on both >> >x86_64 and i386 and on both architecture, >> >if the kernel is compiled with CONFIG_KPROBES, >> >my below application segmentation faults. >> > >> >On kernel where CONFIG_KPROBES set to N, the >> >same test program passes. >> > >> >Here goes the test program... >> >------------------------- >> >#include >> >#include >> > >> >void my_trap(int sig) >> >{ >> > printf("Test passed, all OK\n"); >> > exit(0); >> >} >> > >> >int main() >> >{ >> > signal(SIGTRAP, my_trap); >> > asm volatile (".byte 0xcd,3"); >> > printf("Stolen interrupt, very bad!\n"); >> >} >> >---------------------------------- >> > >> > >> > >> > >> > >> > > >-- >Prasanna S Panchamukhi >Linux Technology Center >India Software Labs, IBM Bangalore >Email: prasanna@in.ibm.com >Ph: 91-80-51776329