[Crash-utility] Query: EIP value in User mode exception frame
Dave Anderson
anderson at redhat.com
Mon Oct 3 14:26:40 UTC 2005
Vivek Goyal wrote:
> Hi Dave,
>
> Thanks a lot for creating this list. This is definitely going to help.
>
> I got a query right away. This is regarding the EIP displayed in "bt".
> Have a look at following stack trace.
>
> crash> bt
> PID: 12632 TASK: ee01ea40 CPU: 3 COMMAND: "bash"
> #0 [d829df20] crash_kexec at c013a4da
> #1 [d829df28] __handle_sysrq at c0247e71
> #2 [d829df54] write_sysrq_trigger at c01916d4
> #3 [d829df6c] vfs_write at c015c7ca
> #4 [d829df90] sys_write at c015c88c
> #5 [d829dfb8] sysenter_entry at c0102da8
> EAX: 00000004 EBX: 00000001 ECX: b7f18000 EDX: 00000002
> DS: 007b ESI: 00000002 ES: 007b EDI: b7f18000
> SS: 007b ESP: bfc1f334 EBP: bfc1f360
> CS: 0073 EIP: ffffe410 ERR: 00000004 EFLAGS: 00000246
>
> Here EIP value is "ffffe410" which is definitely not a user space address.
> I am getting this value in all the kdump images I have taken.
>
> Is it due to the fact because we are entring using sysenter. If yes then
> how to get right EIP value.
>
It's most definitely due to the user of sysenter entry point instead of via the
system_call entry point.
Since we (Red Hat) don't use that interface, I've never looked at how it works
exactly. For sysenter, I see that the user-mode pt_regs EIP is the same for all
user-mode entries (ffffe410). This differes from when the system_call entry point
is used, where the pt_regs EIP value contains the user-space address that
generated the system call, which is typically in a library.
So, as far as the kernel is concerned, the EIP value of ffffe410 is "right", since
the exception frame dump is supposed to show the actual pt_regs contents.
I'm open to suggestions, but it would have to be an addendum to the user-process
bt output shown above. But given that even in the system_call interface the
user-mode address is almost always in a library, I've always found it fairly useless.
Dave
>
> Thanks
> Vivek
>
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
More information about the Crash-utility
mailing list