[bug] strace detach as soon as attach

OneGun Lee inamind at gmail.com
Tue Jul 13 08:14:51 UTC 2010 

Hello All,
Please anybody reply my message.

I checked call stack when call sys_restart_syscall.
It was different with normal system call stack.


< normal syscall >

-000 |[0000:0xc00a97e0] sys_open(
     |    filename = 0x851C,
     |    flags = 1,
     |    mode = 0)
     |
-001 |[0000:0xC002EF40] ret_fast_syscall(asm)
     |
 --> |exception
-002 |ZUR:0x6C6:*0x400477BC*(asm) : /lib/libc-2.5.so
     |
-003 |main()
     |
     |                open("/dev/meminfo", 1, NULL);
 --- |end of frame
     |
     |
--------------------------------------------------------
< restart_syscall system call >

-000 |[0000:C005CF74] sys_restart_syscall()
     |  restart = 0x0
     |  __func__ = (115, 121, 115, 95, 114, 101, 115, 116, 97, 114, 116, 95,
115
     |
-001 |[0000:C002F0B8] __sys_trace_return(asm)
     |
     |        b       2b
 --> |exception
-002 |ZUR:0x6C6:*0xFFFF0520*(asm)
     |
-003 |ZUR:0x6C6:0x400E5CCC(asm) : /lib/libc-2.5.so
     |
 --- |end of frame
     |
In SYS_restart_syscall case, exception was occured on kernel space address(*
0xFFFF0520).*
So, this address transfer to ptrace(PEEK_DATA)'s parameter and make error
in get_user_pages().

I think that need to make patch for arm.
How do you think about this?

2010/7/8 OneGun Lee <inamind at gmail.com>

> Hi, all
>
> I tried to use strace-4.5.15(and .20) on linux-2.6.29.4, arm-cortex-a8.
>
> but strace was detached as soon as was attached one process.
>
> # strace -p 1711 -d
> Process 1711 attached - interrupt to quit
>  [wait(0x137f) = 1711]
> pid 1711 stopped, [SIGSTOP]
>  [wait(0x57f) = 1711]
> pid 1711 stopped, [SIGTRAP]
> Process 1711 detached
>
> So, I debuged strace.
> After attach, strace try to ptrace(PTRACE_PEEKTEXT) and input param
> is kernel space's address(0xFFFFxxxx).
> This kernel space address's data is scno(restart_syscall).
>
> address = 0xffff051c, data = 0xef900000(restart_syscall)
>
> This command is sent kernel mode.
> and than, arch_ptrace,kernel function, try to get data this address.
> so this function call access_process_vm() -> get_user_pages().
>
> get_user_pages() function make error because start address param is kernel
> space's address.
> so strace is detached.
> I think that it is bug to need fix.
> If address to want to get data is in kernel space, access_process_vm() just
> read data. don't call get_user_pages().
> Or
> strace have not try to peek data, if address is in kernel space.
>
> How do you think about this problem?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20100713/e64aec34/attachment.html>

More information about the Strace-devel mailing list