Segmentation fault at " mov %eax,%db0"

Question

I am trying create hardware watchpoint dynamically and for that in my program I am setting debug registers. I am using only dr0 and have chosen length as 3 (4 byte aligned) and type as 1 (break on write). My cpu is intel x86_it. However, in every run, I am seeing segfault whenever I try to write to db0/dr0. The offending function and it's assembly from gdb are shown below.

int watchpoint(void* addr)
{
    unsigned long value = (unsigned long) addr;
    asm("mov %0, %%dr0"     ::"r" (0));
    asm("mov %0, %%dr7"     ::"r" (0));
    asm("mov %0, %%dr0"     ::"r" (value));
    asm("mov %0, %%dr7"     ::"r" (851969));
    return 0;
}



   0x0832aa38 <+0>:     push   %ebp
   0x0832aa39 <+1>:     mov    %esp,%ebp
   0x0832aa3b <+3>:     sub    $0x10,%esp
   0x0832aa3e <+6>:     mov    0x8(%ebp),%eax
   0x0832aa41 <+9>:     mov    %eax,-0x4(%ebp)
   0x0832aa44 <+12>:    mov    $0x0,%eax
=> 0x0832aa49 <+17>:    mov    %eax,%db0  >>>>> Crashes here.
   0x0832aa4c <+20>:    mov    $0x0,%eax
   0x0832aa51 <+25>:    mov    %eax,%db7
   0x0832aa54 <+28>:    mov    -0x4(%ebp),%eax
   0x0832aa57 <+31>:    mov    %eax,%db0
   0x0832aa5a <+34>:    mov    $0xd0001,%eax
   0x0832aa5f <+39>:    mov    %eax,%db7
   0x0832aa62 <+42>:    mov    $0x0,%eax
   0x0832aa67 <+47>:    leave
   0x0832aa68 <+48>:    ret

Am I writing wrong register? Can someone please help?

Thank you.

Answer 1

http://felixcloutier.com/x86/MOV-2.html (mov to debug register) says:

#GP(0) If the current privilege level is not 0.

User-space code runs in ring 3 (privilege level 3). root privilege is just a software thing; it's still purely ring 3.

A Linux iopl system call can raise the x86 hardware I/O privilege level, but that only affects a few instructions like in/out and cli/sti. MOV to debug registers isn't one of them.

---

Under Linux, you could either write your own kernel module, or use a ptrace system call to set breakpoints.

Under other OSes, you'll find other APIs that debuggers can use.