[Kmdbg-main] Fwd: Re: Kernel Modular Debugger

[srivatsa iyengar]

This is a mail from Miguel Rodríguez address@hidden on Kernal Modular Debugger. FYI...

Srivatsa.

 

Hi,

I'm glad more people is interested.
Sorry there are no documents available yet as I'm not
goot at writing documentation, specially in English so
please be pacient but I will try to explain briefly
what is implemented and what I would like to do. Maybe
first alpha release is not worth to begin with and
still there is no 2nd alpha release ready for
downloading. It will be by 2 weeks from now but I
would send it to you as soon as possible if you are
interested.Everything is just for testing the validity
of the idea and maybe code is not clear enough or can
be done much better as I'm not a programmer. What I
have implemented (2nd alpha).

-simple exception intercepting. Multiplex exception
.
idtentry.S -> hd.c -> lhd/dhd/.. .c
                            ^
                            |
  current exec domain = dhd--

Basic unit for multiplexing-> what I call execution
domain => exception/interrupt/syscall entries (IDT).
Pointer to store current execution domain.
problem->virtual memory of processes not updated
solution->update virtual memory for_each_task
(necessary as I we have new page fault entry->gate14
  linux 2.4 updates process virtual memory for modules
  on demand, using page fault exception)

-gdb remote stub.

Still Linux may get bogus cr2 if we place a breakpoint
at page fault and reference infalid memory from
debugging stub.

-One possible solution-> Linux CPL/IOPL < 0.
mov cr2,%reg, mov %reg,cr2 ->general protection ->
virtualization and get correct cr2 value.(saved at
lhd_exception14).

More problems. Linux checks RPL of code segment
selector = or != 0 when returning from interrupts or
excepcions. Now RPL is always > 2-> would return from
system call (arch/i386/kernel/entry.S).

     ret_from_excepcion:
         ...
         testl $(VM_MASK | 1),%eax
         ...

-My solution.
  + Get memory for CPL 0 monitor stack and new task
    state segment (TSS). TSS->ESP0 points to this mem.
  + Simulate pushed hardware stack frame with code
    segment = null selector + RPL (3 or 2 depending on
    interrupt nesting level).
  + Upcall to linux CPL 2 gate entry.
  + return from exception/interrupt ->#GP excepcion (
    null code segment) -> IRET emulation.

Note we do not need to capture first nesting level. It
is only useful for Adeos first proposal (I whink it
wont be hard to do with this, IOPL = 0, but still no
success, no time).

Also note we have 1 CPL 0 stack (TSS-ESP0) and
multiple (one per process) CPL 2 linux kernel stacks.

More problems:
-have to emulate/execute other privileged instructions
(HLT, MOV CR3,%reg...).
-x86 ioperm system call. TSS I/O bitmap.
remember have new TSS (not using Linux IO bitmap)
solution: check I/O bitmap for CPL 3->emulate I/O
instruction.

So we can place a breakpoint at page fault handler
safely as far as I've tested it(I hope). I don't know
what are LTRIX (the new lice comercial debugger) ideas
for placing breakpoint at page fault. Just I hope this
can be one GPL alternative.

I've placed ADEOS API on top of this mess. Possible
hard real time if maximum latency admited < maximum
Linux interrupt disable time (don't know this time).
If we get interrupt virtualization -> latency = don't
know, maybe more latency.???

Other project personal interest:
-Adeos first proposal.
-Local machine debugger.

Let me know if you need this code now and I will send
it to you.
would you like to join the project?, want to do you
own implementation of the idea?.
Thank you very much.

Miguel.

---

Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!