Re: ptrace denies access to EFLAGS_RF

Re: ptrace denies access to EFLAGS_RF

[Chuck Ebbert]

In-Reply-To: <20060106140217.GD7676@frankl.hpl.hp.com>

On Fri, 6 Jan 2006 at 06:02:17 -0800, Stephane Eranian wrote:


> To my surprise, applying the same fix to the x86_64 does not
> solve the problem on my Opteron box. I verified that the
> offset (144) matches with what the kernel is expecting.
> Somehow the RF is lost or not set in the proper location.
> I cannot make forward progress once I reach the breakpoint.


I sent this to Andi this morning.  Does it work for you?

Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>

 arch/x86_64/ia32/ptrace32.c |    9 ++++++---
 arch/x86_64/kernel/ptrace.c |    9 ++++++---
 2 files changed, 12 insertions(+), 6 deletions(-)

--- 2.6.15-64a.orig/arch/x86_64/ia32/ptrace32.c
+++ 2.6.15-64a/arch/x86_64/ia32/ptrace32.c
@@ -28,9 +28,12 @@
 #include <asm/i387.h>
 #include <asm/fpu32.h>
 
-/* determines which flags the user has access to. */
-/* 1 = access 0 = no access */
-#define FLAG_MASK 0x44dd5UL
+/*
+ * Determines which flags the user has access to [1 = access, 0 = no access].
+ * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
+ * Also masks reserved bits (31-22, 15, 5, 3, 1).
+ */
+#define FLAG_MASK 0x54dd5UL
 
 #define R32(l,q) \
 	case offsetof(struct user32, regs.l): stack[offsetof(struct pt_regs, q)/8] = val; break
--- 2.6.15-64a.orig/arch/x86_64/kernel/ptrace.c
+++ 2.6.15-64a/arch/x86_64/kernel/ptrace.c
@@ -36,9 +36,12 @@
  * in exit.c or in signal.c.
  */
 
-/* determines which flags the user has access to. */
-/* 1 = access 0 = no access */
-#define FLAG_MASK 0x44dd5UL
+/*
+ * Determines which flags the user has access to [1 = access, 0 = no access].
+ * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
+ * Also masks reserved bits (63-22, 15, 5, 3, 1).
+ */
+#define FLAG_MASK 0x54dd5UL
 
 /* set's the trap flag. */
 #define TRAP_FLAG 0x100UL
-- 
Chuck
Currently reading: _Thud!_ by Terry Pratchett

Re: ptrace denies access to EFLAGS_RF

[Stephane Eranian]

Chuck,

I tired today with 2.6.15-git8 and now it works just fine
on my Opteron box.

Thanks for your help.

On Fri, Jan 06, 2006 at 11:10:16AM -0500, Chuck Ebbert wrote:
> In-Reply-To: <20060106140217.GD7676@frankl.hpl.hp.com>
> 
> On Fri, 6 Jan 2006 at 06:02:17 -0800, Stephane Eranian wrote:
> 
> 
> > To my surprise, applying the same fix to the x86_64 does not
> > solve the problem on my Opteron box. I verified that the
> > offset (144) matches with what the kernel is expecting.
> > Somehow the RF is lost or not set in the proper location.
> > I cannot make forward progress once I reach the breakpoint.
> 
> 
> I sent this to Andi this morning.  Does it work for you?
> 
> Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
> 
>  arch/x86_64/ia32/ptrace32.c |    9 ++++++---
>  arch/x86_64/kernel/ptrace.c |    9 ++++++---
>  2 files changed, 12 insertions(+), 6 deletions(-)
> 
> --- 2.6.15-64a.orig/arch/x86_64/ia32/ptrace32.c
> +++ 2.6.15-64a/arch/x86_64/ia32/ptrace32.c
> @@ -28,9 +28,12 @@
>  #include <asm/i387.h>
>  #include <asm/fpu32.h>
>  
> -/* determines which flags the user has access to. */
> -/* 1 = access 0 = no access */
> -#define FLAG_MASK 0x44dd5UL
> +/*
> + * Determines which flags the user has access to [1 = access, 0 = no access].
> + * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
> + * Also masks reserved bits (31-22, 15, 5, 3, 1).
> + */
> +#define FLAG_MASK 0x54dd5UL
>  
>  #define R32(l,q) \
>  	case offsetof(struct user32, regs.l): stack[offsetof(struct pt_regs, q)/8] = val; break
> --- 2.6.15-64a.orig/arch/x86_64/kernel/ptrace.c
> +++ 2.6.15-64a/arch/x86_64/kernel/ptrace.c
> @@ -36,9 +36,12 @@
>   * in exit.c or in signal.c.
>   */
>  
> -/* determines which flags the user has access to. */
> -/* 1 = access 0 = no access */
> -#define FLAG_MASK 0x44dd5UL
> +/*
> + * Determines which flags the user has access to [1 = access, 0 = no access].
> + * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
> + * Also masks reserved bits (63-22, 15, 5, 3, 1).
> + */
> +#define FLAG_MASK 0x54dd5UL
>  
>  /* set's the trap flag. */
>  #define TRAP_FLAG 0x100UL
> -- 
> Chuck
> Currently reading: _Thud!_ by Terry Pratchett

-- 

-Stephane

Re: ptrace denies access to EFLAGS_RF

[Stephane Eranian]

Chuck,

To my surprise, applying the same fix to the x86_64 does not
solve the problem on my Opteron box. I verified that the
offset (144) matches with what the kernel is expecting.
Somehow the RF is lost or not set in the proper location.
I cannot make forward progress once I reach the breakpoint.

Is there something else to on x86_64?

Thanks.

On Thu, Jan 05, 2006 at 11:11:29PM -0500, Chuck Ebbert wrote:
> In-Reply-To: <20060105105130.GC3712@frankl.hpl.hp.com>
> 
> On Thu, 5 Jan 2006 at 02:51:30 -0800, Stephane Eranian wrote:
> 
> > I am trying to the user HW debug registers on i386
> > and I am running into a problem with ptrace() not allowing access
> > to EFLAGS_RF for POKEUSER (see FLAG_MASK).
> > 
> > I am not sure I understand the motivation for denying access
> > to this flag which can be used to resume after a code
> > breakpoint has been reached. It avoids the need to remove the
> > breakpoint, single step, and reinstall. The equivalent
> > functionality exists on IA-64 and is allowed by ptrace().
> 
> I see no reason for denying this.  This patch should fix it:
> 
> 
> i386: PTRACE_POKEUSR: allow changing RF bit in EFLAGS register.
> 
> Setting RF (resume flag) allows a debugger to resume execution
> after a code breakpoint without tripping the breakpoint again.
> It is reset by the CPU after execution of one instruction.
> 
> Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
> 
> --- 2.6.15a.orig/arch/i386/kernel/ptrace.c
> +++ 2.6.15a/arch/i386/kernel/ptrace.c
> @@ -32,9 +32,12 @@
>   * in exit.c or in signal.c.
>   */
>  
> -/* determines which flags the user has access to. */
> -/* 1 = access 0 = no access */
> -#define FLAG_MASK 0x00044dd5
> +/*
> + * Determines which flags the user has access to [1 = access, 0 = no access].
> + * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
> + * Also masks reserved bits (31-22, 15, 5, 3, 1).
> + */
> +#define FLAG_MASK 0x00054dd5
>  
>  /* set's the trap flag. */
>  #define TRAP_FLAG 0x100
> -- 
> Chuck
> Currently reading: _Thud!_ by Terry Pratchett

-- 

-Stephane

Re: ptrace denies access to EFLAGS_RF

[Stephane Eranian]

Chuck,

Thanks for the quick patch. It does fix my problem.

Note that the same problem exists on x86_64 and
the same patch should fix the problem there as well.


On Thu, Jan 05, 2006 at 11:11:29PM -0500, Chuck Ebbert wrote:
> In-Reply-To: <20060105105130.GC3712@frankl.hpl.hp.com>
> 
> On Thu, 5 Jan 2006 at 02:51:30 -0800, Stephane Eranian wrote:
> 
> > I am trying to the user HW debug registers on i386
> > and I am running into a problem with ptrace() not allowing access
> > to EFLAGS_RF for POKEUSER (see FLAG_MASK).
> > 
> > I am not sure I understand the motivation for denying access
> > to this flag which can be used to resume after a code
> > breakpoint has been reached. It avoids the need to remove the
> > breakpoint, single step, and reinstall. The equivalent
> > functionality exists on IA-64 and is allowed by ptrace().
> 
> I see no reason for denying this.  This patch should fix it:
> 
> 
> i386: PTRACE_POKEUSR: allow changing RF bit in EFLAGS register.
> 
> Setting RF (resume flag) allows a debugger to resume execution
> after a code breakpoint without tripping the breakpoint again.
> It is reset by the CPU after execution of one instruction.
> 
> Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
> 
> --- 2.6.15a.orig/arch/i386/kernel/ptrace.c
> +++ 2.6.15a/arch/i386/kernel/ptrace.c
> @@ -32,9 +32,12 @@
>   * in exit.c or in signal.c.
>   */
>  
> -/* determines which flags the user has access to. */
> -/* 1 = access 0 = no access */
> -#define FLAG_MASK 0x00044dd5
> +/*
> + * Determines which flags the user has access to [1 = access, 0 = no access].
> + * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
> + * Also masks reserved bits (31-22, 15, 5, 3, 1).
> + */
> +#define FLAG_MASK 0x00054dd5
>  
>  /* set's the trap flag. */
>  #define TRAP_FLAG 0x100
> -- 
> Chuck
> Currently reading: _Thud!_ by Terry Pratchett

-- 

-Stephane

Re: ptrace denies access to EFLAGS_RF

[Chuck Ebbert]

In-Reply-To: <20060105105130.GC3712@frankl.hpl.hp.com>

On Thu, 5 Jan 2006 at 02:51:30 -0800, Stephane Eranian wrote:

> I am trying to the user HW debug registers on i386
> and I am running into a problem with ptrace() not allowing access
> to EFLAGS_RF for POKEUSER (see FLAG_MASK).
> 
> I am not sure I understand the motivation for denying access
> to this flag which can be used to resume after a code
> breakpoint has been reached. It avoids the need to remove the
> breakpoint, single step, and reinstall. The equivalent
> functionality exists on IA-64 and is allowed by ptrace().

I see no reason for denying this.  This patch should fix it:


i386: PTRACE_POKEUSR: allow changing RF bit in EFLAGS register.

Setting RF (resume flag) allows a debugger to resume execution
after a code breakpoint without tripping the breakpoint again.
It is reset by the CPU after execution of one instruction.

Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>

--- 2.6.15a.orig/arch/i386/kernel/ptrace.c
+++ 2.6.15a/arch/i386/kernel/ptrace.c
@@ -32,9 +32,12 @@
  * in exit.c or in signal.c.
  */
 
-/* determines which flags the user has access to. */
-/* 1 = access 0 = no access */
-#define FLAG_MASK 0x00044dd5
+/*
+ * Determines which flags the user has access to [1 = access, 0 = no access].
+ * Prohibits changing ID(21), VIP(20), VIF(19), VM(17), IOPL(12-13), IF(9).
+ * Also masks reserved bits (31-22, 15, 5, 3, 1).
+ */
+#define FLAG_MASK 0x00054dd5
 
 /* set's the trap flag. */
 #define TRAP_FLAG 0x100
-- 
Chuck
Currently reading: _Thud!_ by Terry Pratchett

ptrace denies access to EFLAGS_RF

[Stephane Eranian]

Hello,

I am trying to the user HW debug registers on i386
and I am running into a problem with ptrace() not allowing access
to EFLAGS_RF for POKEUSER (see FLAG_MASK).

I am not sure I understand the motivation for denying access
to this flag which can be used to resume after a code
breakpoint has been reached. It avoids the need to remove the
breakpoint, single step, and reinstall. The equivalent
functionality exists on IA-64 and is allowed by ptrace().

Why is EFLAGS_RF not accessible to users on i386?

Thanks.

-- 
-Stephane