Help! I spent all Sunday trying to do something with PTRACE_SINGLESTEP.
And I am totally confused, to the point I don't even know how/what to ask.
OK. Please forget about utrace. The tracee sleeps in, say, ptrace_signal()->
ptrace_stop() path. The tracer does ptrace(PTRACE_SINGLESTEP, data => 0).
How this works? I thought that the following happens:
- PTRACE_SINGLESTEP does user_enable_single_step()
- when the tracee returns to user mode, the next instruction
causes exception, do_debug()->send_sigtrap() sends SIGTRAP
- the tracee notices the signal and reports this SIGTRAP
But, whatever I did this doesn't work. So, what user_enable_single_step()
actually means?
Finally I modified sys_prctl,
--- kernel/sys.c~ 2009-07-13 17:44:27.000000000 +0200
+++ kernel/sys.c 2009-09-21 04:01:06.000000000 +0200
@@ -1428,6 +1428,10 @@ SYSCALL_DEFINE5(prctl, int, option, unsi
error = 0;
switch (option) {
+ case 666:
+ user_enable_single_step(current);
+ break;
+
case PR_SET_PDEATHSIG:
if (!valid_signal(arg2)) {
error = -EINVAL;
Doesn't work. I mean, do_debug() is not called after return from prctl(666).
I tried
task_pt_regs(current)->flags |= X86_EFLAGS_TF;
instead of user_enable_single_step(), this doesn't work too.
Perhaps there is some magic with syscall/sysret? Damn! I failed to google
the low-level description of these instructions. Does sysret restore flags?
At least. Is it true that X86_EFLAGS_TF should provoke the exception/do_debug?
Otherwise, what triggers do_debug()->send_sigtrap() ?
Oh. I guess I should read some intel docs, but I don't know where to start.
Oleg.
