Re: [Crash-utility] Query: EIP value in User mode exception frame
Vivek Goyal wrote:
Hi Dave,
Thanks a lot for creating this list. This is definitely going to help.
I got a query right away. This is regarding the EIP displayed in "bt".
Have a look at following stack trace.
crash> bt
PID: 12632 TASK: ee01ea40 CPU: 3 COMMAND: "bash"
#0 [d829df20] crash_kexec at c013a4da
#1 [d829df28] __handle_sysrq at c0247e71
#2 [d829df54] write_sysrq_trigger at c01916d4
#3 [d829df6c] vfs_write at c015c7ca
#4 [d829df90] sys_write at c015c88c
#5 [d829dfb8] sysenter_entry at c0102da8
EAX: 00000004 EBX: 00000001 ECX: b7f18000 EDX: 00000002
DS: 007b ESI: 00000002 ES: 007b EDI: b7f18000
SS: 007b ESP: bfc1f334 EBP: bfc1f360
CS: 0073 EIP: ffffe410 ERR: 00000004 EFLAGS: 00000246
Here EIP value is "ffffe410" which is definitely not a user space address.
I am getting this value in all the kdump images I have taken.
Is it due to the fact because we are entring using sysenter. If yes then
how to get right EIP value.
It's most definitely due to the user of sysenter entry point instead of via the
system_call entry point.
Since we (Red Hat) don't use that interface, I've never looked at how it works
exactly. For sysenter, I see that the user-mode pt_regs EIP is the same for all
user-mode entries (ffffe410). This differes from when the system_call entry point
is used, where the pt_regs EIP value contains the user-space address that
generated the system call, which is typically in a library.
So, as far as the kernel is concerned, the EIP value of ffffe410 is "right",
since
the exception frame dump is supposed to show the actual pt_regs contents.
I'm open to suggestions, but it would have to be an addendum to the user-process
bt output shown above. But given that even in the system_call interface the
user-mode address is almost always in a library, I've always found it fairly useless.
Dave
Thanks
Vivek
--
Crash-utility mailing list
Crash-utility(a)redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility