Re: kprobes problem

[Maneesh Soni <maneesh at in dot ibm dot com>]

On Mon, Mar 14, 2005 at 10:01:42PM +0530, Prasanna S Panchamukhi wrote:
> Hi Baruch,
> 
> Thanks for pointing it out.
> Yes, kprobes could not handle probes on ret/lret instruction.
> The instruction pointer modification in case of ret/lret
> instrcution is not required.
> The below patch should fix the problem. This patch is for i386 
> achitecture and soon will be ported to other architectures.
> 
> Please let me know if you have any issues.
> 
> Thanks
> Prasanna
> 
> 
> Kprobes could not handle the insertion of a probe on a ret/lret instruction.
> This patch fixes the above bug by avoiding adjustment of instruction pointer,
> 
> Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
> 
> 
> ---
> 
>  linux-2.6.11-rc5-prasanna/arch/i386/kernel/kprobes.c |    8 ++++++++
>  1 files changed, 8 insertions(+)
> 
> diff -puN arch/i386/kernel/kprobes.c~kprobes-ret-address-fix arch/i386/kernel/kprobes.c
> --- linux-2.6.11-rc5/arch/i386/kernel/kprobes.c~kprobes-ret-address-fix	2005-03-14 21:27:34.000000000 +0530
> +++ linux-2.6.11-rc5-prasanna/arch/i386/kernel/kprobes.c	2005-03-14 21:48:39.000000000 +0530
> @@ -208,6 +208,14 @@ static void resume_execution(struct kpro
>  		*tos &= ~(TF_MASK | IF_MASK);
>  		*tos |= kprobe_old_eflags;
>  		break;
> +	case 0xc3:		/* ret/lret */
> +	case 0xcb:
> +	case 0xc2:
> +	case 0xca:
> +		regs->eflags &= ~TF_MASK;
> +		/* eip is already adjusted, no more changes required*/
> +		return;
> +		break;

^^^^^^^^^^^^^^^^^^^
why "break" after "return"


>  	case 0xe8:		/* call relative - Fix return addr */
>  		*tos = orig_eip + (*tos - copy_eip);
>  		break;
> 
> _
> -- 
> 
> Prasanna S Panchamukhi
> Linux Technology Center
> India Software Labs, IBM Bangalore
> Ph: 91-80-25044636
> <prasanna@in.ibm.com>

-- 
Maneesh Soni
Linux Technology Center, 
IBM India Software Labs,
Bangalore, India
email: maneesh@in.ibm.com
Phone: 91-80-25044990