RE: KSTK_EIP and KSTK_ESP

From: Hanson, Jonathan M
Date: Mon Nov 08 2004 - 12:47:04 EST



>> Can someone explain the structure of the memory that these two
>> macros are accessing? Specifically, where do the 1019 and 1022
offsets
>> come from? Also, what other things are stored at other offsets? Where
is
>> this stack structure defined?

> if you treat the second (upper) page of the kernel stack as an array
> of dwords and you realize that the initial kernel (ring-0) stack
pointer
> is set at element 1024 then the top elements look like this after a
ring
> transition:
>
> [1023] ring-3 SS
> [1022] ring-3 ESP
> [1021] ring-3 EFLAGS
> [1020] ring-3 CS
> [1019] ring-3 EIP
>
> the ring-0 ESP is stored in the TSS and the thread structure, and it's
> initialized in arch/i386/kernel/process.c:copy_thread().

Thank you for your reply.
If I dereference the address in 1022 (the ring 3 ESP address) it
does indeed return the value in EBX. I then thought that I could use
this address to feed to dump_thread() since EBX is the first thing in
the pt_regs structure, but that's not correct in this case because the
other registers are definitely incorrect. Shouldn't the ESP value
pointed to by KSTK_ESP() point to the beginning of the pt_regs structure
for the user space application?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/