What is `int 3` really supposed to do?

Question

According this int 3 is used from userspace to generate SIGTRAP.

But what is that supposed to do from privileged under userspace?

Are there more stuff that can generate such from userspace SIGTRAP?

Answer 1

The opcode int 3 knows nothing of unix conventions, such as SIGTRAP. Int 3 generates an exception, which is vectored through index 3. It is conventionally considered a debug exception, and in fact the debug registers will also generate exceptions through the same index.

Int 3 is a bit special because it is a single byte opcode; unlike the other int $n instructions which require 2. Because it is a single byte, it can be used to place breakpoints in programs by rewriting an existing opcode's first byte with it. While technically you could use a multi-byte opcode for doing this, it is possible that the next byte in the program text is an important piece of data or a jump label which you might corrupt.

By convention, unix derived OSes will raise a signal (SIGTRAP) when this opcode is encountered; that provides the opportunity for a debugger (or a debug module in the kernel) to look up the offending address to see if it had previously set a breakpoint (or watchpoint) at this address. If so, it would do the usual debugger stuff. If not, it would likely propagate the SIGTRAP to the offending process.

In the case where the breakpoint was encountered in privileged (kernel) code, the processing is not much different, but there would be an expectation that a kernel debugger was active, and it would follow similar processing as above, except that the result of no pending breakpoint would probably to halt the system with a bunch of funny numbers on the console.