crash-utility-bounces@redhat.com wrote on 27/09/2007 15:45:21:

> Richard J Moore wrote:
>
> > On looking at the code in entry.S at page_fault and the other exception
> > entry points I see no attempt to save regs to create a pt_regs struct.
> > The fact that do_page_fault takes pt_regs as the first arg is a hack to
> > get at CS:EIP and SS:ESP at the time of exception.
>
> KPROBE_ENTRY(page_fault)
>    RING0_EC_FRAME
>    pushl $do_page_fault
>    CFI_ADJUST_CFA_OFFSET 4
>    ALIGN
> error_code:
>    /* the function address is in %fs's slot on the stack */
>    pushl %es
>    CFI_ADJUST_CFA_OFFSET 4
>    /*CFI_REL_OFFSET es, 0*/
>    pushl %ds
>    CFI_ADJUST_CFA_OFFSET 4
>    /*CFI_REL_OFFSET ds, 0*/
>    pushl %eax
>    CFI_ADJUST_CFA_OFFSET 4
>    CFI_REL_OFFSET eax, 0
>    pushl %ebp
>    CFI_ADJUST_CFA_OFFSET 4
>    CFI_REL_OFFSET ebp, 0
>    pushl %edi
>    CFI_ADJUST_CFA_OFFSET 4
>    CFI_REL_OFFSET edi, 0
>    pushl %esi
>    CFI_ADJUST_CFA_OFFSET 4
>    CFI_REL_OFFSET esi, 0
>    pushl %edx
>    CFI_ADJUST_CFA_OFFSET 4
>    CFI_REL_OFFSET edx, 0
>    pushl %ecx
>    CFI_ADJUST_CFA_OFFSET 4
>    CFI_REL_OFFSET ecx, 0
>    pushl %ebx
>    CFI_ADJUST_CFA_OFFSET 4
>    CFI_REL_OFFSET ebx, 0
>    cld
>    pushl %fs
>    CFI_ADJUST_CFA_OFFSET 4
>    /*CFI_REL_OFFSET fs, 0*/
>    movl $(__KERNEL_PERCPU), %ecx
>    movl %ecx, %fs
>    UNWIND_ESPFIX_STACK
>    popl %ecx
>    CFI_ADJUST_CFA_OFFSET -4
>    /*CFI_REGISTER es, ecx*/
>    movl PT_FS(%esp), %edi      # get the function address
>    movl PT_ORIG_EAX(%esp), %edx   # get the error code
>    movl $-1, PT_ORIG_EAX(%esp)   # no syscall to restart
>    mov  %ecx, PT_FS(%esp)
>    /*CFI_REL_OFFSET fs, ES*/
>    movl $(__USER_DS), %ecx
>    movl %ecx, %ds
>    movl %ecx, %es
>    movl %esp,%eax         # pt_regs pointer
>    call *%edi
>    jmp ret_from_exception
>    CFI_ENDPROC
> KPROBE_END(page_fault)
>


Dave, it looks like error_code: has been change relatively recently. My source starts:
error_code:
        pushl %ds
        pushl %eax
        xorl  %eax,%eax
        pushl %ebp
       
and so on. Clearly not a valid pt_regs struct.
The source I'm working with is from FC5. On your version of the kernel only the ERR, SS and ESP would be invalid.
What tree is yours taken from?

Richard







Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU