On Tue, Aug 23, 2011 at 02:15:31AM -0400, Al Viro wrote: > Almost, but not quite. What happens is: > * process hits syscall insn > * it's stopped and tracer (guest kernel) does GETREGS > + looks at the registers (mapped to the normal layout) > + decides to call sys_brk() > + notices pages to kick out > + queues munmap request for stub > * tracer does SETREGS, pointing the child's eip to stub and sp to stub stack > * tracer does CONT, letting the child run > * child finishes with syscall insn, carefully preserving ebp. It returns to > userland, in the beginning of the stub. > * child does munmap() and hits int 3 in the end of stub. > * the damn thing is stopped again. The tracer had been waiting for it. > * tracer finishes with sys_brk() and returns success. > * it does SETREGS, setting eax to return value, eip to original return > address of syscall insn... and ebp to what it had in regs.bp. I.e. the > damn arg6 value.
Ok, stupid question: can a convoluted ptracing case like this be created in "normal" userspace, i.e. irrespective of UML and only by using gdb, for example? I.e., from what I understand from above, you need to stop the tracee at syscall and "redirect" it to the stub after it finishes the syscall so that in another syscall it gets a debug exception... sounds complicated. > And we are fucked. It doesn't happen in syscall handler. It's int3(). > Having no idea that this request to set ebp should be interpreted in > a really different way - "put the value I asked to put into ecx here, > please, and ignore this one". > > Sigh... The really ugly part is that ebp can be changed by the stuff > done in stub - it's not just munmap, it can do mmap as well. We can, > in principle, save ebp on its stack and restore it before trapping. > Then uml kernel could, in theory, replace that SETREGS with a bunch of > POKEUSER, leaving ebp alone. Ho-hum... In principle, that might even > be not too horrible - we need eax/eip/esp, of course, but the rest > could be dealt with by the same trick - have it pushed/popped in the > stub and to hell with wasting syscalls on setting them... which could mean that we could get away by not replacing SYSCALL32? Hmm. -- Regards/Gruss, Boris. Advanced Micro Devices GmbH Einsteinring 24, 85609 Dornach GM: Alberto Bozzo Reg: Dornach, Landkreis Muenchen HRB Nr. 43632 WEEE Registernr: 129 19551 ------------------------------------------------------------------------------ Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
