Hello,
I am trying to the user HW debug registers on i386
and I am running into a problem with ptrace() not allowing access
to EFLAGS_RF for POKEUSER (see FLAG_MASK).
I am not sure I understand the motivation for denying access
to this flag which can be used to resume after a code
breakpoint has been reached. It avoids the need to remove the
breakpoint, single step, and reinstall. The equivalent
functionality exists on IA-64 and is allowed by ptrace().
Why is EFLAGS_RF not accessible to users on i386?
Thanks.
--
-Stephane
In-Reply-To: <[email protected]>
On Thu, 5 Jan 2006 at 02:51:30 -0800, Stephane Eranian wrote:
> I am trying to the user HW debug registers on i386
> and I am running into a problem with ptrace() not allowing access
> to EFLAGS_RF for POKEUSER (see FLAG_MASK).
>
> I am not sure I understand the motivation for denying access
> to this flag which can be used to resume after a code
> breakpoint has been reached. It avoids the need to remove the
> breakpoint, single step, and reinstall. The equivalent
> functionality exists on IA-64 and is allowed by ptrace().
I see no reason for denying this. This patch should fix it:
i386: PTRACE_POKEUSR: allow changing RF bit in EFLAGS register.
Setting RF (resume flag) allows a debugger to resume execution
after a code breakpoint without tripping the breakpoint again.
It is reset by the CPU after execution of one instruction.
Signed-off-by: Chuck Ebbert <[email protected]>
--- 2.6.15a.orig/arch/i386/kernel/ptrace.c
+++ 2.6.15a/arch/i386/kernel/ptrace.c
@@ -32,9 +32,12 @@
* in exit.c or in signal.c.
*/
-/* determines which flags the user has access to. */
-/* 1 = access 0 = no access */
-#define FLAG_MASK 0x00044dd5
+/*
+ * Determines which flags the user has access to [1 = access, 0 = no access].
+ * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
+ * Also masks reserved bits (31-22, 15, 5, 3, 1).
+ */
+#define FLAG_MASK 0x00054dd5
/* set's the trap flag. */
#define TRAP_FLAG 0x100
--
Chuck
Currently reading: _Thud!_ by Terry Pratchett
Chuck,
Thanks for the quick patch. It does fix my problem.
Note that the same problem exists on x86_64 and
the same patch should fix the problem there as well.
On Thu, Jan 05, 2006 at 11:11:29PM -0500, Chuck Ebbert wrote:
> In-Reply-To: <[email protected]>
>
> On Thu, 5 Jan 2006 at 02:51:30 -0800, Stephane Eranian wrote:
>
> > I am trying to the user HW debug registers on i386
> > and I am running into a problem with ptrace() not allowing access
> > to EFLAGS_RF for POKEUSER (see FLAG_MASK).
> >
> > I am not sure I understand the motivation for denying access
> > to this flag which can be used to resume after a code
> > breakpoint has been reached. It avoids the need to remove the
> > breakpoint, single step, and reinstall. The equivalent
> > functionality exists on IA-64 and is allowed by ptrace().
>
> I see no reason for denying this. This patch should fix it:
>
>
> i386: PTRACE_POKEUSR: allow changing RF bit in EFLAGS register.
>
> Setting RF (resume flag) allows a debugger to resume execution
> after a code breakpoint without tripping the breakpoint again.
> It is reset by the CPU after execution of one instruction.
>
> Signed-off-by: Chuck Ebbert <[email protected]>
>
> --- 2.6.15a.orig/arch/i386/kernel/ptrace.c
> +++ 2.6.15a/arch/i386/kernel/ptrace.c
> @@ -32,9 +32,12 @@
> * in exit.c or in signal.c.
> */
>
> -/* determines which flags the user has access to. */
> -/* 1 = access 0 = no access */
> -#define FLAG_MASK 0x00044dd5
> +/*
> + * Determines which flags the user has access to [1 = access, 0 = no access].
> + * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
> + * Also masks reserved bits (31-22, 15, 5, 3, 1).
> + */
> +#define FLAG_MASK 0x00054dd5
>
> /* set's the trap flag. */
> #define TRAP_FLAG 0x100
> --
> Chuck
> Currently reading: _Thud!_ by Terry Pratchett
--
-Stephane
Chuck,
To my surprise, applying the same fix to the x86_64 does not
solve the problem on my Opteron box. I verified that the
offset (144) matches with what the kernel is expecting.
Somehow the RF is lost or not set in the proper location.
I cannot make forward progress once I reach the breakpoint.
Is there something else to on x86_64?
Thanks.
On Thu, Jan 05, 2006 at 11:11:29PM -0500, Chuck Ebbert wrote:
> In-Reply-To: <[email protected]>
>
> On Thu, 5 Jan 2006 at 02:51:30 -0800, Stephane Eranian wrote:
>
> > I am trying to the user HW debug registers on i386
> > and I am running into a problem with ptrace() not allowing access
> > to EFLAGS_RF for POKEUSER (see FLAG_MASK).
> >
> > I am not sure I understand the motivation for denying access
> > to this flag which can be used to resume after a code
> > breakpoint has been reached. It avoids the need to remove the
> > breakpoint, single step, and reinstall. The equivalent
> > functionality exists on IA-64 and is allowed by ptrace().
>
> I see no reason for denying this. This patch should fix it:
>
>
> i386: PTRACE_POKEUSR: allow changing RF bit in EFLAGS register.
>
> Setting RF (resume flag) allows a debugger to resume execution
> after a code breakpoint without tripping the breakpoint again.
> It is reset by the CPU after execution of one instruction.
>
> Signed-off-by: Chuck Ebbert <[email protected]>
>
> --- 2.6.15a.orig/arch/i386/kernel/ptrace.c
> +++ 2.6.15a/arch/i386/kernel/ptrace.c
> @@ -32,9 +32,12 @@
> * in exit.c or in signal.c.
> */
>
> -/* determines which flags the user has access to. */
> -/* 1 = access 0 = no access */
> -#define FLAG_MASK 0x00044dd5
> +/*
> + * Determines which flags the user has access to [1 = access, 0 = no access].
> + * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
> + * Also masks reserved bits (31-22, 15, 5, 3, 1).
> + */
> +#define FLAG_MASK 0x00054dd5
>
> /* set's the trap flag. */
> #define TRAP_FLAG 0x100
> --
> Chuck
> Currently reading: _Thud!_ by Terry Pratchett
--
-Stephane
In-Reply-To: <[email protected]>
On Fri, 6 Jan 2006 at 06:02:17 -0800, Stephane Eranian wrote:
> To my surprise, applying the same fix to the x86_64 does not
> solve the problem on my Opteron box. I verified that the
> offset (144) matches with what the kernel is expecting.
> Somehow the RF is lost or not set in the proper location.
> I cannot make forward progress once I reach the breakpoint.
I sent this to Andi this morning. Does it work for you?
Signed-off-by: Chuck Ebbert <[email protected]>
arch/x86_64/ia32/ptrace32.c | 9 ++++++---
arch/x86_64/kernel/ptrace.c | 9 ++++++---
2 files changed, 12 insertions(+), 6 deletions(-)
--- 2.6.15-64a.orig/arch/x86_64/ia32/ptrace32.c
+++ 2.6.15-64a/arch/x86_64/ia32/ptrace32.c
@@ -28,9 +28,12 @@
#include <asm/i387.h>
#include <asm/fpu32.h>
-/* determines which flags the user has access to. */
-/* 1 = access 0 = no access */
-#define FLAG_MASK 0x44dd5UL
+/*
+ * Determines which flags the user has access to [1 = access, 0 = no access].
+ * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
+ * Also masks reserved bits (31-22, 15, 5, 3, 1).
+ */
+#define FLAG_MASK 0x54dd5UL
#define R32(l,q) \
case offsetof(struct user32, regs.l): stack[offsetof(struct pt_regs, q)/8] = val; break
--- 2.6.15-64a.orig/arch/x86_64/kernel/ptrace.c
+++ 2.6.15-64a/arch/x86_64/kernel/ptrace.c
@@ -36,9 +36,12 @@
* in exit.c or in signal.c.
*/
-/* determines which flags the user has access to. */
-/* 1 = access 0 = no access */
-#define FLAG_MASK 0x44dd5UL
+/*
+ * Determines which flags the user has access to [1 = access, 0 = no access].
+ * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
+ * Also masks reserved bits (63-22, 15, 5, 3, 1).
+ */
+#define FLAG_MASK 0x54dd5UL
/* set's the trap flag. */
#define TRAP_FLAG 0x100UL
--
Chuck
Currently reading: _Thud!_ by Terry Pratchett
Chuck,
I tired today with 2.6.15-git8 and now it works just fine
on my Opteron box.
Thanks for your help.
On Fri, Jan 06, 2006 at 11:10:16AM -0500, Chuck Ebbert wrote:
> In-Reply-To: <[email protected]>
>
> On Fri, 6 Jan 2006 at 06:02:17 -0800, Stephane Eranian wrote:
>
>
> > To my surprise, applying the same fix to the x86_64 does not
> > solve the problem on my Opteron box. I verified that the
> > offset (144) matches with what the kernel is expecting.
> > Somehow the RF is lost or not set in the proper location.
> > I cannot make forward progress once I reach the breakpoint.
>
>
> I sent this to Andi this morning. Does it work for you?
>
> Signed-off-by: Chuck Ebbert <[email protected]>
>
> arch/x86_64/ia32/ptrace32.c | 9 ++++++---
> arch/x86_64/kernel/ptrace.c | 9 ++++++---
> 2 files changed, 12 insertions(+), 6 deletions(-)
>
> --- 2.6.15-64a.orig/arch/x86_64/ia32/ptrace32.c
> +++ 2.6.15-64a/arch/x86_64/ia32/ptrace32.c
> @@ -28,9 +28,12 @@
> #include <asm/i387.h>
> #include <asm/fpu32.h>
>
> -/* determines which flags the user has access to. */
> -/* 1 = access 0 = no access */
> -#define FLAG_MASK 0x44dd5UL
> +/*
> + * Determines which flags the user has access to [1 = access, 0 = no access].
> + * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
> + * Also masks reserved bits (31-22, 15, 5, 3, 1).
> + */
> +#define FLAG_MASK 0x54dd5UL
>
> #define R32(l,q) \
> case offsetof(struct user32, regs.l): stack[offsetof(struct pt_regs, q)/8] = val; break
> --- 2.6.15-64a.orig/arch/x86_64/kernel/ptrace.c
> +++ 2.6.15-64a/arch/x86_64/kernel/ptrace.c
> @@ -36,9 +36,12 @@
> * in exit.c or in signal.c.
> */
>
> -/* determines which flags the user has access to. */
> -/* 1 = access 0 = no access */
> -#define FLAG_MASK 0x44dd5UL
> +/*
> + * Determines which flags the user has access to [1 = access, 0 = no access].
> + * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
> + * Also masks reserved bits (63-22, 15, 5, 3, 1).
> + */
> +#define FLAG_MASK 0x54dd5UL
>
> /* set's the trap flag. */
> #define TRAP_FLAG 0x100UL
> --
> Chuck
> Currently reading: _Thud!_ by Terry Pratchett
--
-Stephane