public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed
* RE: Kprobes might be stealing int3
@ 2006-02-24  6:39 Mao, Bibo
  2006-02-24  6:53 ` Prasanna S Panchamukhi
  0 siblings, 1 reply; 6+ messages in thread
From: Mao, Bibo @ 2006-02-24  6:39 UTC (permalink / raw)
  To: prasanna; +Cc: Keshavamurthy, Anil S, systemtap

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; 	charset="gb2312", Size: 3582 bytes --]

Yes, I agree.
Most time INT 3(CD03) instruction is not generated by gcc assemblers, this opcode is created by direct numeric code or self-modifying code.
And currently kprobe mainly works for kernel part, I have one suggestion, if int3 instruction happens in user mode, just skip it, and let uprobe handler it later.
-               if (kprobe_handler(args->regs))
+               if (!user_mode(args->regs) && kprobe_handler(args->regs))
                        ret = NOTIFY_STOP;
And it is ok for stolen_int/brk.c test case, which jumps into LDT instruction area by lcall instruction and then causes trap. And IA32 considers this condition but x86_64 has not considered this.

thanks
bibo,mao

>-----Original Message-----
>From: Prasanna S Panchamukhi [mailto:prasanna@in.ibm.com]
>Sent: 2006Äê2ÔÂ24ÈÕ 13:19
>To: Mao, Bibo
>Cc: Keshavamurthy, Anil S; systemtap@sources.redhat.com
>Subject: Re: Kprobes might be stealing int3
>
>Bibo,
>
>In fact, Stas earlier had pointed this problem on the lkml and
>I had posted a patch to fix it.
>URL for this patch is below.
>http://lkml.org/lkml/2004/12/9/43
>
>Thanks
>Prasanna
>
>
>
>On Fri, Feb 24, 2006 at 08:56:47AM +0800, Mao, Bibo wrote:
>> Anil,
>> I search the x86 assembly manual, about INT instruction there are three kinds:
>> 	CC 		INT 3 		Interrupt 3¨Dtrap to debugger
>> 	CD ib 	INT imm8 		Interrupt vector number specified by immediate
>byte
>> 	CE 		INTO 		Interrupt 4¨Dif overflow flag is 1
>> So like this test program, the instruction encoding will be 0x03cd, it has
>the same effect with 0xcc encoding.
>> And currently in kprobe BREAK_INSTRUCTION is only defined as 0xcc. Maybe
>another encoding also need be judged.
>>
>> Thanks
>> bibo,mao
>>
>> >-----Original Message-----
>> >From: systemtap-owner@sourceware.org
>[mailto:systemtap-owner@sourceware.org]
>> >On Behalf Of Keshavamurthy, Anil S
>> >Sent: 2006Äê2ÔÂ24ÈÕ 7:34
>> >To: systemtap@sources.redhat.com
>> >Subject: FW: Kprobes might be stealing int3
>> >
>> >I went little further and found why the application is segmentation
>> >fault'ing.
>> >
>> >In the kprobes_handler() code, we are checking
>> >If (*addr != BREAK_INSTRUCTION)  and this is where the
>> >app is crashing since we are trying to dereference this address
>> >which is not a linear address.
>> >
>> >I would be happy to tryout any fix that any one provides.
>> >
>> >Thanks,
>> >Anil
>> >-----Original Message-----
>> >From: Keshavamurthy Anil S [mailto:anil.s.keshavamurthy@intel.com]
>> >Sent: Thursday, February 23, 2006 12:11 PM
>> >To: Systemtap
>> >Cc: Keshavamurthy, Anil S
>> >Subject: Kprobes might be stealing int3
>> >
>> >Hi,
>> >	I tried running the below program on both
>> >x86_64 and i386 and on both architecture,
>> >if the kernel is compiled with CONFIG_KPROBES,
>> >my below application segmentation faults.
>> >
>> >On kernel where CONFIG_KPROBES set to N, the
>> >same test program passes.
>> >
>> >Here goes the test program...
>> >-------------------------
>> >#include <stdlib.h>
>> >#include <signal.h>
>> >
>> >void my_trap(int sig)
>> >{
>> > printf("Test passed, all OK\n");
>> > exit(0);
>> >}
>> >
>> >int main()
>> >{
>> > signal(SIGTRAP, my_trap);
>> > asm volatile (".byte 0xcd,3");
>> > printf("Stolen interrupt, very bad!\n");
>> >}
>> >----------------------------------
>> >
>> >
>> >
>> >
>> >
>> >
>
>--
>Prasanna S Panchamukhi
>Linux Technology Center
>India Software Labs, IBM Bangalore
>Email: prasanna@in.ibm.com
>Ph: 91-80-51776329

^ permalink raw reply	[flat|nested] 6+ messages in thread
* RE: Kprobes might be stealing int3
@ 2006-02-24  0:56 Mao, Bibo
  2006-02-24  2:39 ` Ananth N Mavinakayanahalli
  2006-02-24  5:17 ` Prasanna S Panchamukhi
  0 siblings, 2 replies; 6+ messages in thread
From: Mao, Bibo @ 2006-02-24  0:56 UTC (permalink / raw)
  To: Keshavamurthy, Anil S; +Cc: systemtap

Anil,
I search the x86 assembly manual, about INT instruction there are three kinds:
	CC 		INT 3 		Interrupt 3―trap to debugger
	CD ib 	INT imm8 		Interrupt vector number specified by immediate byte
	CE 		INTO 		Interrupt 4―if overflow flag is 1
So like this test program, the instruction encoding will be 0x03cd, it has the same effect with 0xcc encoding. 
And currently in kprobe BREAK_INSTRUCTION is only defined as 0xcc. Maybe another encoding also need be judged.

Thanks
bibo,mao

>-----Original Message-----
>From: systemtap-owner@sourceware.org [mailto:systemtap-owner@sourceware.org]
>On Behalf Of Keshavamurthy, Anil S
>Sent: 2006年2月24日 7:34
>To: systemtap@sources.redhat.com
>Subject: FW: Kprobes might be stealing int3
>
>I went little further and found why the application is segmentation
>fault'ing.
>
>In the kprobes_handler() code, we are checking
>If (*addr != BREAK_INSTRUCTION)  and this is where the
>app is crashing since we are trying to dereference this address
>which is not a linear address.
>
>I would be happy to tryout any fix that any one provides.
>
>Thanks,
>Anil
>-----Original Message-----
>From: Keshavamurthy Anil S [mailto:anil.s.keshavamurthy@intel.com]
>Sent: Thursday, February 23, 2006 12:11 PM
>To: Systemtap
>Cc: Keshavamurthy, Anil S
>Subject: Kprobes might be stealing int3
>
>Hi,
>	I tried running the below program on both
>x86_64 and i386 and on both architecture,
>if the kernel is compiled with CONFIG_KPROBES,
>my below application segmentation faults.
>
>On kernel where CONFIG_KPROBES set to N, the
>same test program passes.
>
>Here goes the test program...
>-------------------------
>#include <stdlib.h>
>#include <signal.h>
>
>void my_trap(int sig)
>{
> printf("Test passed, all OK\n");
> exit(0);
>}
>
>int main()
>{
> signal(SIGTRAP, my_trap);
> asm volatile (".byte 0xcd,3");
> printf("Stolen interrupt, very bad!\n");
>}
>----------------------------------
>
>
>
>
>
>

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Kprobes might be stealing int3
@ 2006-02-23 20:10 Keshavamurthy Anil S
  0 siblings, 0 replies; 6+ messages in thread
From: Keshavamurthy Anil S @ 2006-02-23 20:10 UTC (permalink / raw)
  To: Systemtap; +Cc: anil.s.keshavamurthy

Hi,
	I tried running the below program on both
x86_64 and i386 and on both architecture,
if the kernel is compiled with CONFIG_KPROBES, 
my below application segmentation faults.

On kernel where CONFIG_KPROBES set to N, the 
same test program passes.

Here goes the test program...
-------------------------
#include <stdlib.h>
#include <signal.h>
 
void my_trap(int sig)
{
 printf("Test passed, all OK\n");
 exit(0);
}
 
int main()
{
 signal(SIGTRAP, my_trap);
 asm volatile (".byte 0xcd,3");
 printf("Stolen interrupt, very bad!\n");
}
----------------------------------









^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2006-02-24  6:53 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-02-24  6:39 Kprobes might be stealing int3 Mao, Bibo
2006-02-24  6:53 ` Prasanna S Panchamukhi
  -- strict thread matches above, loose matches on Subject: below --
2006-02-24  0:56 Mao, Bibo
2006-02-24  2:39 ` Ananth N Mavinakayanahalli
2006-02-24  5:17 ` Prasanna S Panchamukhi
2006-02-23 20:10 Keshavamurthy Anil S

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).