Bug 325451 - ptrace compatibility problem with PTRACE_{PEEK,POKE}USR_AREA
ptrace compatibility problem with PTRACE_{PEEK,POKE}USR_AREA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
s390x Linux
high Severity high
: rc
: ---
Assigned To: Roland McGrath
Martin Jenner
: Regression
Depends On:
  Show dependency treegraph
Reported: 2007-10-09 15:27 EDT by Brad Hinson
Modified: 2008-05-21 10:57 EDT (History)
5 users (show)

See Also:
Fixed In Version: RHBA-2008-0314
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-21 10:57:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
debuggee.c (171 bytes, text/plain)
2007-10-09 15:28 EDT, Brad Hinson
no flags Details
debugger.c (3.01 KB, text/plain)
2007-10-09 15:28 EDT, Brad Hinson
no flags Details
demo1.s (424 bytes, text/plain)
2007-10-09 15:29 EDT, Brad Hinson
no flags Details
Modified demo1.s (424 bytes, text/plain)
2007-10-16 11:44 EDT, Brad Hinson
no flags Details
Modified debugger.c (4.79 KB, text/plain)
2007-10-16 11:45 EDT, Brad Hinson
no flags Details
Modified debuggee.c (171 bytes, text/plain)
2007-10-16 11:45 EDT, Brad Hinson
no flags Details
kernel patch, fixes test case (8.58 KB, patch)
2007-11-07 18:59 EST, Roland McGrath
no flags Details | Diff

  None (edit)
Description Brad Hinson 2007-10-09 15:27:41 EDT
Description of problem:
In RHEL 5, only the 64-bit s390 kernel is provided (not the 31-bit), but
the 31-bit compat libs are provided.  The issue is reproduced by building the
attached files with:

gcc -m31 -g -o debuggee debuggee.c demo1.s
gcc -m31 -g -o debugger debugger.c

Using ptrace() to debug a target process. On the s390 we use some 'undocumented'
calls into ptrace. These calls are, ptrace(PTRACE_PEEKUSR_AREA...) and
ptrace(PTRACE_POKEUSR_AREA...).  The calls should read/write a structure filled
with register values that represent a snapshot of the target process. This was
working fine on RHEL 4, but on RHEL5 31bit, it fails with an EIO failure.  I've
attached a small demo of the problem. './debugger' will run the demo. If you
convert the demo for 64bit instead of 31bit then it works as expected.

I expect to see :
process stopped
read PC = 0x004004bc
wrote PC = 0x004004c0
We're back!

But on RHEL5 I get :
process stopped
 : Input/output error
read PC = (nil)
 : Input/output error
wrote PC = 0x00000004
We're back!

I thought the way that the ptrace(PTRACE_PEEKUSR_AREA...) call worked
was, you pass an offset of the first register to read, and a size
indicating the amount of registers to read, (such that the size value
could be any multiple of the register size), and your buffer would be
filled with register values from the indicated offset up to the size
allowed in pt_area->len. If that was the case then you could read one
register by passing an offset and a size of one register. Is this idea


On RHEL 4, glibc-kernheaders provides 31-bit and 64-bit versions of ptrace.h:

# rpm -ql glibc-kernheaders | grep ptrace.h


# cat /usr/include/asm/ptrace.h 

#ifndef __ASM_STUB_PTRACE_H__
# define __ASM_STUB_PTRACE_H__
# if defined __s390__ && !defined __s390x__
#  include <asm-s390/ptrace.h>
# endif
# if defined __s390x__
#  include <asm-s390x/ptrace.h>
# endif

but on RHEL 5, there's only one version:

# rpm -ql kernel-headers | grep ptrace.h


Would providing the 31-bit version of ptrace.h fix this, or is the error
related to using ptrace(PTRACE_PEEKUSR_AREA...)?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. gcc -m31 -g -o debuggee debuggee.c demo1.s
2. gcc -m31 -g -o debugger debugger.c
3. ./debugger
Comment 1 Brad Hinson 2007-10-09 15:28:34 EDT
Created attachment 221671 [details]
Comment 2 Brad Hinson 2007-10-09 15:28:50 EDT
Created attachment 221681 [details]
Comment 3 Brad Hinson 2007-10-09 15:29:13 EDT
Created attachment 221691 [details]
Comment 4 Brad Hinson 2007-10-16 11:43:32 EDT
Modified demo follows.  From email:

I've modified the demo slightly. I've decided to only read the first 34
available registers from the register structure. You can see that some registers
can't be read/written. However, the interesting part is that writing the PC
value is accepted without error, but when we read it back we can see it's
incorrect. Is this a different problem to the original?
Comment 5 Brad Hinson 2007-10-16 11:44:55 EDT
Created attachment 228891 [details]
Modified demo1.s
Comment 6 Brad Hinson 2007-10-16 11:45:20 EDT
Created attachment 228901 [details]
Modified debugger.c
Comment 7 Brad Hinson 2007-10-16 11:45:45 EDT
Created attachment 228911 [details]
Modified debuggee.c
Comment 8 Roland McGrath 2007-10-16 17:34:13 EDT
Please show the results of the new test program.
Comment 9 Brad Hinson 2007-10-22 15:54:03 EDT
# /tmp/bld
# /tmp/debugger 
process stopped
read PC = 0x4c5c08e0
Failed to write register MASK
Failed to write register ACR9
wrote PC = 0x4c5c08e4
read PC = 0x4c5c08e4
read PC = 0x4c5c08e6
Comment 14 RHEL Product and Program Management 2007-11-06 22:55:41 EST
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.
Comment 16 Roland McGrath 2007-11-07 18:59:36 EST
Created attachment 251071 [details]
kernel patch, fixes test case
Comment 17 RHEL Product and Program Management 2007-11-07 19:15:15 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 19 Don Zickus 2007-12-14 13:41:42 EST
in 2.6.18-60.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 22 errata-xmlrpc 2008-05-21 10:57:52 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.