Ptrace single step in the kernel from process context?

Question

I was wondering what happens if from the kernel (Linux in this case) you call ptrace_request with PTRACE_SINGLESTEP in process context (system call, page fault, etc...). Will it single step the user space instruction or the kernel space instruction. I realize that ptrace can only single step user instructions which is why I'm curious as to the behavior that this would produce.

Just to provide a little more information, I am attempting to do so from a page fault handler (single step the instruction that faulted but change PTE so that the instruction goes through). I am wondering if this is even possible at all or if it would require another method to do so such as rescheduling the process to run, etc....

This comes up because the task_struct for the process (if preempted) will still point to the kernel space handler IIRC so would single stepping with ptrace bypass this and do the correct user space instruction or just not do it at all?

Answer 1

I don't fully understand what you mean by all this, PTRACE_SINGLESTEP is always called from kernel in user context: when you do your syscall ptrace(PTRACE_SINGLESTEP), you will end up in kernel context executing that function, which will behave as usually and make the process you are ptracing execute one instruction, no matter if you call it from the page fault handler. You won't be able to single step it while it is in kernel land as usual.

I recommend you take a look at arch/x86/kernel/ptrace.c to understand how the single step actually works. The single stepped instruction is actually emulated by the kernel, IIRC there is no hardware support for this.