ptrace shows esi mutation across pread64 and pwrite64 syscalls
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Expired
|
Low
|
Unassigned | ||
Bug Description
NB: filing this kernel bug against Canonical because the 3.5.0 kernel isn't officially suported upstream [1].
== Steps to reproduce ==
0. Follow these steps on an *x86* installation; *not* x86-64.
1. Download the first attachment "Small test case ..." as pwrite64_testcase.c
2. Download the second attachment "ptrace tracer ..." as regtrace.c
3. Compile both files
$ gcc -g -o pwrite64_testcase pwrite64_testcase.c
$ gcc -g -o regtrace regtrace.c
4. Verify the files were compiled correctly
$ file regtrace
You should see output like
regtrace: ELF 32-bit LSB executable, Intel 80386...
5. Run the command
$ ./regtrace ./pwrite64_testcase | grep -A1 181:
== Expected behavior ==
Step (5) above should print output that looks something like
181: eax:0xffffffda ebx:0x3 ecx:0xff9cde0f edx:0x19
[-->]esi:0xa edi:0x0 ebp:0xff9cde48 eip:0x80486f5
181: eax:0x19 ebx:0x3 ecx:0xff9cde0f edx:0x19
[-->]esi:0xa edi:0x0 ebp:0xff9cde48 eip:0x80486f5
Notice the "esi:..." values, marked with "[-->]", are both "0xa" in both the entry and exit trace line.
== Actual behavior ==
Step (5) produces output that looks like
181: eax:0xffffffda ebx:0x4 ecx:0xbffff60a edx:0x19
[-->]esi:0xa edi:0x0 ebp:0xbffff658 eip:0x80488c5
181: eax:0x19 ebx:0x4 ecx:0xbffff60a edx:0x19
[-->]esi:0x23 edi:0x0 ebp:0xbffff658 eip:0x80488c5
Notice that the "esi:..." values are *NOT* the same: in the entry trace line, esi is "0xa" (the correct value). But in the exit trace line, esi is "0x23" (INCORRECT).
== Brief description ==
The regtrace.c program dumps its tracee's registers at all syscall entry and exits. Per the kernel ABI, all register values *except* eax (return value) are preserved across syscall entry/exit. The pwrite64_testcase.c program uses the pwrite64 and pread64 syscalls in a very basic manner.
The symptom is that the regtrace program seems to show a violation of the kernel ABI, as described above: the esi value (as reported by ptrace) changes across syscall entry/exit. This could either be a ptrace bug, or a bug somewhere else in the kernel, but to userspace the symptom looks the same.
Three kernel builds were tested. Interestingly, the kernel only appears in an x86 kernel.
* x86, 3.5.0-36: *SHOWS* the bug
* x86-64, 3.5.0-36: does *NOT* show the bug
* x86-64, 3.9.11: does *NOT* show the bug
If it helps clarify the nature of the bug, here's a patch that was landed to work around it
https:/
== System and package information ==
$ lsb_release -rd
Description: Ubuntu 12.04.2 LTS
Release: 12.04
$ apt-cache policy linux-image-
linux-image-
Installed: 3.5.0-36.
Candidate: 3.5.0-36.
Version table:
*** 3.5.0-36.
500 http://
100 /var/lib/
$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 42
model name : Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
| Chris Jones (jones-chris-g) wrote | #1 |
| Chris Jones (jones-chris-g) wrote | #2 |
| Chris Jones (jones-chris-g) wrote | #3 |
| penalvch (penalvch) wrote | #4 |
| affects: | linux-lts-quantal (Ubuntu) → linux (Ubuntu) |
| Changed in linux (Ubuntu): | |
| importance: | Undecided → Low |
| status: | New → Incomplete |
| Launchpad Janitor (janitor) wrote | #5 |
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Expired |
(The second program referred to above, because I can't provide multiple attachments with one comment.)