2 * x86 single-step support code, common to 32-bit and 64-bit.
4 #include <linux/sched.h>
6 #include <linux/ptrace.h>
9 #include <linux/uaccess.h>
14 * Return EIP plus the CS segment base. The segment limit is also
15 * adjusted, clamped to the kernel/user address space (whichever is
16 * appropriate), and returned in *eip_limit.
18 * The segment is checked, because it might have been changed by another
19 * task between the original faulting instruction and here.
21 * If CS is no longer a valid code segment, or if EIP is beyond the
22 * limit, or if it is a kernel address when CS is not a kernel segment,
23 * then the returned value will be greater than *eip_limit.
25 * This is slow, but is very rarely executed.
27 unsigned long get_segment_eip(struct pt_regs *regs,
28 unsigned long *eip_limit)
30 unsigned long ip = regs->ip;
31 unsigned seg = regs->cs & 0xffff;
32 u32 seg_ar, seg_limit, base, *desc;
34 /* Unlikely, but must come before segment checks. */
35 if (unlikely(regs->flags & VM_MASK)) {
37 *eip_limit = base + 0xffff;
38 return base + (ip & 0xffff);
41 /* The standard kernel/user address space limit. */
42 *eip_limit = user_mode(regs) ? USER_DS.seg : KERNEL_DS.seg;
44 /* By far the most common cases. */
45 if (likely(SEGMENT_IS_FLAT_CODE(seg)))
48 /* Check the segment exists, is within the current LDT/GDT size,
49 that kernel/user (ring 0..3) has the appropriate privilege,
50 that it's a code segment, and get the limit. */
51 __asm__("larl %3,%0; lsll %3,%1"
52 : "=&r" (seg_ar), "=r" (seg_limit) : "0" (0), "rm" (seg));
53 if ((~seg_ar & 0x9800) || ip > seg_limit) {
55 return 1; /* So that returned ip > *eip_limit. */
58 /* Get the GDT/LDT descriptor base.
59 When you look for races in this code remember that
60 LDT and other horrors are only used in user space. */
62 /* Must lock the LDT while reading it. */
63 mutex_lock(¤t->mm->context.lock);
64 desc = current->mm->context.ldt;
65 desc = (void *)desc + (seg & ~7);
67 /* Must disable preemption while reading the GDT. */
68 desc = (u32 *)get_cpu_gdt_table(get_cpu());
69 desc = (void *)desc + (seg & ~7);
72 /* Decode the code segment base from the descriptor */
73 base = get_desc_base((struct desc_struct *)desc);
76 mutex_unlock(¤t->mm->context.lock);
80 /* Adjust EIP and segment limit, and clamp at the kernel limit.
81 It's legitimate for segments to wrap at 0xffffffff. */
83 if (seg_limit < *eip_limit && seg_limit >= base)
84 *eip_limit = seg_limit;
92 unsigned long convert_rip_to_linear(struct task_struct *child, struct pt_regs *regs)
94 unsigned long addr, seg;
97 seg = regs->cs & 0xffff;
98 if (v8086_mode(regs)) {
99 addr = (addr & 0xffff) + (seg << 4);
104 * We'll assume that the code segments in the GDT
105 * are all zero-based. That is largely true: the
106 * TLS segments are used for data, and the PNPBIOS
107 * and APM bios ones we just ignore here.
109 if ((seg & SEGMENT_TI_MASK) == SEGMENT_LDT) {
115 mutex_lock(&child->mm->context.lock);
116 if (unlikely((seg >> 3) >= child->mm->context.size))
117 addr = -1L; /* bogus selector, access would fault */
119 desc = child->mm->context.ldt + seg;
120 base = ((desc[0] >> 16) |
121 ((desc[1] & 0xff) << 16) |
122 (desc[1] & 0xff000000));
124 /* 16-bit code segment? */
125 if (!((desc[1] >> 22) & 1))
129 mutex_unlock(&child->mm->context.lock);
135 static int is_setting_trap_flag(struct task_struct *child, struct pt_regs *regs)
138 unsigned char opcode[15];
139 unsigned long addr = convert_rip_to_linear(child, regs);
141 copied = access_process_vm(child, addr, opcode, sizeof(opcode), 0);
142 for (i = 0; i < copied; i++) {
145 case 0x9d: case 0xcf:
150 /* opcode and address size prefixes */
151 case 0x66: case 0x67:
153 /* irrelevant prefixes (segment overrides and repeats) */
154 case 0x26: case 0x2e:
155 case 0x36: case 0x3e:
156 case 0x64: case 0x65:
157 case 0xf0: case 0xf2: case 0xf3:
162 if (regs->cs != __USER_CS)
163 /* 32-bit mode: register increment */
165 /* 64-bit mode: REX prefix */
169 /* CHECKME: f2, f3 */
172 * pushf: NOTE! We should probably not let
173 * the user see the TF bit being set. But
174 * it's more pain than it's worth to avoid
175 * it, and a debugger could emulate this
176 * all in user space if it _really_ cares.
187 * Enable single-stepping. Return nonzero if user mode is not using TF itself.
189 static int enable_single_step(struct task_struct *child)
191 struct pt_regs *regs = task_pt_regs(child);
194 * Always set TIF_SINGLESTEP - this guarantees that
195 * we single-step system calls etc.. This will also
196 * cause us to set TF when returning to user mode.
198 set_tsk_thread_flag(child, TIF_SINGLESTEP);
201 * If TF was already set, don't do anything else
203 if (regs->flags & X86_EFLAGS_TF)
206 /* Set TF on the kernel stack.. */
207 regs->flags |= X86_EFLAGS_TF;
210 * ..but if TF is changed by the instruction we will trace,
211 * don't mark it as being "us" that set it, so that we
212 * won't clear it by hand later.
214 if (is_setting_trap_flag(child, regs))
217 set_tsk_thread_flag(child, TIF_FORCED_TF);
223 * Install this value in MSR_IA32_DEBUGCTLMSR whenever child is running.
225 static void write_debugctlmsr(struct task_struct *child, unsigned long val)
227 child->thread.debugctlmsr = val;
229 if (child != current)
233 wrmsrl(MSR_IA32_DEBUGCTLMSR, val);
235 wrmsr(MSR_IA32_DEBUGCTLMSR, val, 0);
240 * Enable single or block step.
242 static void enable_step(struct task_struct *child, bool block)
245 * Make sure block stepping (BTF) is not enabled unless it should be.
246 * Note that we don't try to worry about any is_setting_trap_flag()
247 * instructions after the first when using block stepping.
248 * So noone should try to use debugger block stepping in a program
249 * that uses user-mode single stepping itself.
251 if (enable_single_step(child) && block) {
252 set_tsk_thread_flag(child, TIF_DEBUGCTLMSR);
253 write_debugctlmsr(child,
254 child->thread.debugctlmsr | DEBUGCTLMSR_BTF);
256 write_debugctlmsr(child,
257 child->thread.debugctlmsr & ~TIF_DEBUGCTLMSR);
259 if (!child->thread.debugctlmsr)
260 clear_tsk_thread_flag(child, TIF_DEBUGCTLMSR);
264 void user_enable_single_step(struct task_struct *child)
266 enable_step(child, 0);
269 void user_enable_block_step(struct task_struct *child)
271 enable_step(child, 1);
274 void user_disable_single_step(struct task_struct *child)
277 * Make sure block stepping (BTF) is disabled.
279 write_debugctlmsr(child,
280 child->thread.debugctlmsr & ~TIF_DEBUGCTLMSR);
282 if (!child->thread.debugctlmsr)
283 clear_tsk_thread_flag(child, TIF_DEBUGCTLMSR);
285 /* Always clear TIF_SINGLESTEP... */
286 clear_tsk_thread_flag(child, TIF_SINGLESTEP);
288 /* But touch TF only if it was set by us.. */
289 if (test_and_clear_tsk_thread_flag(child, TIF_FORCED_TF))
290 task_pt_regs(child)->flags &= ~X86_EFLAGS_TF;