RE: KSTK_EIP and KSTK_ESP
From: Hanson, Jonathan M
Date: Mon Nov 08 2004 - 12:47:04 EST
>> Can someone explain the structure of the memory that these two
>> macros are accessing? Specifically, where do the 1019 and 1022
>> come from? Also, what other things are stored at other offsets? Where
>> this stack structure defined?
> if you treat the second (upper) page of the kernel stack as an array
> of dwords and you realize that the initial kernel (ring-0) stack
> is set at element 1024 then the top elements look like this after a
>  ring-3 SS
>  ring-3 ESP
>  ring-3 EFLAGS
>  ring-3 CS
>  ring-3 EIP
> the ring-0 ESP is stored in the TSS and the thread structure, and it's
> initialized in arch/i386/kernel/process.c:copy_thread().
Thank you for your reply.
If I dereference the address in 1022 (the ring 3 ESP address) it
does indeed return the value in EBX. I then thought that I could use
this address to feed to dump_thread() since EBX is the first thing in
the pt_regs structure, but that's not correct in this case because the
other registers are definitely incorrect. Shouldn't the ESP value
pointed to by KSTK_ESP() point to the beginning of the pt_regs structure
for the user space application?
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/