|
Message-ID: <20130315020804.GA29792@altlinux.org>
Date: Fri, 15 Mar 2013 06:08:04 +0400
From: "Dmitry V. Levin" <ldv@...linux.org>
To: owl-dev@...ts.openwall.com
Subject: Re: strace
On Fri, Mar 15, 2013 at 02:17:26AM +0100, Pavel Kankovsky wrote:
> On Fri, 15 Mar 2013, Dmitry V. Levin wrote:
>
> >The change of orig_eax offset means that there was a change in the ptrace
> >ABI between 2.6.18 and 2.6.32, and all its users (e.g. strace and gdb)
> >should be rebuilt.
>
> Things appear to be a little more complicated.
>
> As far as I can tell, PTRACE_GETREGS returns data in struct pt_regs
> layout on 2.6.18 and in struct user_regs_struct layout on 2.6.32.
> Those two structs are compatible on 2.6.32 but they are different on
> 2.6.18 (i386 arch; x86-64 is probably unaffected).
>
> Afaict they changed it in 2.6.25 when i386 code implementing ptrace
> was merged with x86-64 code.
>
> The old interface (returning struct pt_regs) should probably be
> considered broken because it exposes internal kernel data structures but
> it appears PTRACE_GETREGS as a whole is going to be deprecated:
> <http://sourceware.org/ml/archer/2010-q3/msg00193.html>
Next strace release will use PTRACE_GETREGSET on most of supported
architectures. Unfortunately, it requires a good runtime check, not the
simple kernel version check we have implemented at this moment.
> >Recently (commit v4.7-82-g2550d48) strace was changed on x86* to stop
> >including asm/ptrace.h and use "struct user_regs_struct" instead.
>
> I was not aware it was a recent change (I should have checked.)
>
> This means up-to-date strace is unable to work on old kernels: it expects
> struct user_regs_struct but it gets incompatible struct pt_regs. It does
> not matter what kernel headers are used to compile it because struct
> user_regs_struct is the same in both versions.
>
> strace should probably refuse to use PTRACE_GETREGS (and fall back to
> PTRACE_PEEKUSER?) when it runs on an old kernel.
Is there any relatively cheap runtime method to find out what kind of regs
struct is returned by PTRACE_GETREGS? Could the kernel version be used to
choose the right regs struct?
--
ldv
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.