[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: the principle of ptrace implementation?

To: "Mulyadi Santosa" <mulyadi.santosa@xxxxxxxxx>, "Steven Zhou" <lullaby2005@xxxxxxxxx>
Subject: Re: the principle of ptrace implementation?
From: "Peter Teoh" <htmldeveloper@xxxxxxxxx>
Date: Tue, 4 Nov 2008 13:15:19 +0800
Cc: "kernelnewbies@xxxxxxxxxxxx" <kernelnewbies@xxxxxxxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=cc1A99ASP6vT0EgN1Dw9GsK6DTr0vcBqGoK95JaLOCE=; b=JRJMzDauy83HSiHDNjyyrpy6gVYd5ll+IkMYtGj1uZQIg7QCFGIxJNHhGRV98KbcHH 2Xp8RwCeFeDPeOaIvNR+T/J9GBPrT79Afb7PrvnvM2V1KIPReq1+woMjUU9U68BhTTP8 9x89DMhwudX1oBq+NDeJmfnRxhrOJPteJjWo0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=aAupmtNzgYeWgD6LK/CWHPeOJ56xDD1EiH7iUunThz4LC5xPOD6WAxQnctV4fc6eTP HDaT03cRjDQazLWR82SYe3je4bArFnvyexiIucRLR2p+ROird/ndSX2ijj6LiEZz+5gs Dvpj71k8O5qsENVO4nfoIBje/WSmjH+kffElg=
In-reply-to: <f284c33d0811030951y743b323er58411b4712e40cbf@mail.gmail.com>
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <kernelnewbies.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
References: <1595bfc30811030824g6a69f59cn55ff38e470a61615@mail.gmail.com> <f284c33d0811030951y743b323er58411b4712e40cbf@mail.gmail.com>
Sender: kernelnewbies-bounce@xxxxxxxxxxxx

Personally, to learn any specific topic, sometimes I lookup patches,
for example this one:

http://groups.google.com/group/linux.kernel/browse_thread/thread/1a34eb77be08def2?hl=en

The above patches is attempting to add system call notification -
through self-ptracing.   Several key files are involved in the ptrace
mechanism:

include/linux/ptrace.h
kernel/ptrace.c
arch/x86/kernel/ptrace.c
include/asm-x86/ptrace-abi.h
include/asm-x86/ptrace.h

and patches normally allow you to focus exactly on the pertaining
functions inside the file affected.

and check this out:   for some side-reading....on ptrace.....

http://www.kernel.org/doc/ols/2007/ols2007v1-pages-215-224.pdf
http://www.scs.cs.nyu.edu/aos/notes/l24.pdf
http://people.redhat.com/roland/utrace/lpc-slides.pdf

and read this:

http://lwn.net/Articles/291091/

where it mentioned that utrace is going to replace ptrace...the start
of patch is here:

http://lkml.org/lkml/2008/8/26/340

(later Roland attempt to coexists the two).

Hm....Linux Kernel is fun.....full of innovation.

On Tue, Nov 4, 2008 at 1:51 AM, Mulyadi Santosa
<mulyadi.santosa@xxxxxxxxx> wrote:
> Hi...
>
> On Mon, Nov 3, 2008 at 11:24 PM, Steven Zhou <lullaby2005@xxxxxxxxx> wrote:
>> Dear all,
>>
>> Recently, I studied the process structure "task_struct", and there's a
>> member "ptrace" confused me.
>> I have studied how to use  ptrace system call first, and I have done.
>>
>> But I'm also confused with the principle of system call sys_ptrace()
>> implementation. I tried google it,
>> but I'm not satisfied with the result. A good article "playing with ptrace"
>> is fit for using ptrace, but it does
>> not explain how the ptrace() was implemented by kernel.
>>
>> Is there any one have the article about the implementation of ptrace()?
>> Can you share it ?
>
> I think better to grab book  like Understanding the Linux kernel 3rd
> edition...because ptrace implementation covers signals handling,
> return from syscall, sometimes single stepping and so on.
>
> But in essence, there aren several modes of ptracing:
> 1. single stepping. this is done by enabling debug flag (if I remember
> correctly) or replacing next instruction with INT 0x3h
>
> 2. trapping syscall. this is done by setting a flag so that everytime
> there is a transition into kernel space(by calling syscall) or
> returning from syscall (ret_from_syscall...see entry.S), a
> notification is sent to ptracer. This also mean rescheduling is
> done...mean while the traced process is temporarily "halted" so its
> state can be analyzed by the tracer.
>
> regards,
>
> Mulyadi.
>
> --
> To unsubscribe from this list: send an email with
> "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
> Please read the FAQ at http://kernelnewbies.org/FAQ
>
>



-- 
Regards,
Peter Teoh

--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ

References:
- the principle of ptrace implementation?
  - From: Steven Zhou
- Re: the principle of ptrace implementation?
  - From: Mulyadi Santosa

Prev by Date: Re: Reg : module init and exit function
Next by Date: Re: Reg : module init and exit function
Previous by thread: Re: the principle of ptrace implementation?
Next by thread: Device drivers to analyze
Index(es):
- Date
- Thread