This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
RE: double fault
- From: Roland McGrath <roland at redhat dot com>
- To: "Stone, Joshua I" <joshua dot i dot stone at intel dot com>
- Cc: <systemtap at sources dot redhat dot com>
- Date: Tue, 22 Nov 2005 03:00:50 -0800 (PST)
- Subject: RE: double fault
> Shouldn't it be > CONTEXT->regs->esp?
Nope. For kernel traps the sp and ss is not saved by the i386 hardware, so
that part of the struct pt_regs is not actually there. However, that
struct itself is the trap frame of the registers that are pushed on the
stack and so it is a stack address near the sp at the time of the fault.
> I tried the code you gave (using CONTEXT->regs), but I don't understand
> how that computes how much stack space is left.
The stacks are 4k and aligned, so & 0xfff is that sp relative to the base
of the stack. If sp & 0xfff is very tiny, then the stack is about to
overflow.
> And even then, you can see the two esp's from the register dumps I gave -
> the first would have triggered your panic, and the second wouldn't.
The second crash had an esp of 0xf5bd4f98. If that's a proper stack
pointer, it's only 104 bytes from the beginning of the stack. Considering
that the trap frame itself is 60 bytes, that's fairly small for a realistic
stack. It might well be that in fact it's an overflowed stack that grew
down from below 0xf5bd6000 and overflowed by getting below 0xf5bd5034
(which is the end of the struct thread_info at the base of the stack).
Of course, it's all just speculation that stack overflow is the issue.
> Is there a way I can get the double-fault to print a full oops, with a
> stack trace?
No, it's a special trap handler that uses its own stack and just has the
simple printks you've seen. You'd have to do something like put a probe on
the line in doublefault_fn where it printk's the esp et al, and have that
call show_trace on t->esp or something.
Thanks,
Roland