[Crash-utility] Query: EIP value in User mode exception frame

Dave Anderson anderson at redhat.com
Mon Oct 3 14:26:40 UTC 2005 

Vivek Goyal wrote:

> Hi Dave,
>
> Thanks a lot for creating this list. This is definitely going to help.
>
> I got a query right away. This is regarding the EIP displayed in "bt".
> Have a look at following stack trace.
>
> crash> bt
> PID: 12632  TASK: ee01ea40  CPU: 3   COMMAND: "bash"
>  #0 [d829df20] crash_kexec at c013a4da
>  #1 [d829df28] __handle_sysrq at c0247e71
>  #2 [d829df54] write_sysrq_trigger at c01916d4
>  #3 [d829df6c] vfs_write at c015c7ca
>  #4 [d829df90] sys_write at c015c88c
>  #5 [d829dfb8] sysenter_entry at c0102da8
>     EAX: 00000004  EBX: 00000001  ECX: b7f18000  EDX: 00000002
>     DS:  007b      ESI: 00000002  ES:  007b      EDI: b7f18000
>     SS:  007b      ESP: bfc1f334  EBP: bfc1f360
>     CS:  0073      EIP: ffffe410  ERR: 00000004  EFLAGS: 00000246
>
> Here EIP value is "ffffe410" which is definitely not a user space address.
> I am getting this value in all the kdump images I have taken.
>
> Is it due to the fact because we are entring using sysenter. If yes then
> how to get right EIP value.
>

It's most definitely due to the user of sysenter entry point instead of via the
system_call entry point.

Since we (Red Hat) don't use that interface, I've never looked at how it works
exactly.  For sysenter, I see that the user-mode pt_regs EIP is the same for all
user-mode entries (ffffe410).  This differes from when the system_call entry point
is used, where the pt_regs EIP value contains the user-space address that
generated the system call, which is typically in a library.

So, as far as the kernel is concerned, the EIP value of ffffe410 is "right", since
the exception frame dump is supposed to show the actual pt_regs contents.
I'm open to suggestions, but it would have to be an addendum to the user-process
bt output shown above.  But given that even in the system_call interface the
user-mode address is almost always in a library, I've always found it fairly useless.

Dave



>
> Thanks
> Vivek
>
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility

More information about the Crash-utility mailing list