From: Helge Hafting <helgehaf@aitel.hist.no>
To: Szakacsits Szabolcs <szaka@sienet.hu>
Cc: linux-kernel@vger.kernel.org
Subject: Re: 2.5.63 accesses below %esp (was: Re: ntfs OOPS (2.5.63))
Date: Fri, 14 Mar 2003 11:00:24 +0100 [thread overview]
Message-ID: <3E71A838.9020306@aitel.hist.no> (raw)
In-Reply-To: Pine.LNX.4.30.0303140703010.24704-100000@divine.city.tvnet.hu
Szakacsits Szabolcs wrote:
[...]
> Bcode, meaning before code [well, wrong choise, could be misunderstend
> as byte code], would mean it's the bytes before Code. They are not
> necessarily start on the _correct_ instruction boundary (14% they
> are). One should disassemble them separately from offset 0,1,...6
> (pedantic coders or in case of a later failure to 14) and choose the
> one that makes sense based on
>
> 1) next instruction boundary is on EIP (can be automated)
> and
The problem is that several offsets will fit into this. Going
backwards from those positions gives even more options when
going two instructions back and so on. And if you run into
an illegal opcode - was it a "wrong" attempt or did you
merely go beyond the start of the function?
> 2) has something to do with the C source code
And how do you plan on achieving that? This one is
impossible for the kernel, as the kernel don't know its
own sources. (Now that _can_ be arranged, but it
won't be easy without regular file access in the kernel.)
But even with the source, how would you determine that the
disassembled stuff "has something to do with the source?"
Even programmers are sometimes surprised by what compilers,
and particularly opimizing compilers do. I don't think
you or anybody else can provide a tool that reliably maps
assembly to source. And if it isn't reliable, it is no use.
> and
> 3) the assembly makes sense (considering compiler
> optimizations, generated dead/bad code, etc)
> and
> 4) the assembly fits the context after EIP.
>
> If you think this would result more confusion than benefit, I
> understand (promised to my fiancee to say so ;)
>
A tool doing this would be nice, but achieving 2 and 3 is impossible.
And even if you could do backwards disassembly with 95% success per
instruction you'd run into more and more trouble the farther backwards
you get. And then there's the problem of loops and jumps. Perhaps
the code did a nice long jump to the instruction that faulted. The
"previous instructions" are then useless because they weren't executed.
But there won't be any hint of that in the oops.
If you want an interesting excercise, try implementing (1) above.
Make a tool and try to disassemble perhaps 2-3 instructions
backwards from some random point in an object file. Make sure
your tool outputs _all_ valid combinations of instructions, not
just the first one. See how many you get. Then see how
far you get with 2,3 and 4.
> On the other hand, if the kernel did this, a simple script could be
> written analysing the last two years kernel oopses [and future ones]
Most really old oopses are either fixed ot otherwise irrelevant. The
code they refer to is changed, and there are newer versions of
the compiler.
Helge Hafting
next prev parent reply other threads:[~2003-03-14 9:48 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-02 1:38 ntfs OOPS (2.5.63) Randy.Dunlap
2003-03-04 14:51 ` [Linux-NTFS-Dev] " Szakacsits Szabolcs
2003-03-05 19:09 ` Anton Altaparmakov
2003-03-06 6:19 ` Randy.Dunlap
2003-03-06 6:28 ` Szakacsits Szabolcs
2003-03-06 6:42 ` Randy.Dunlap
2003-03-06 12:32 ` Anton Altaparmakov
2003-03-06 14:34 ` Szakacsits Szabolcs
2003-03-06 14:55 ` Anton Altaparmakov
2003-03-06 19:39 ` Randy.Dunlap
2003-03-06 19:41 ` Szakacsits Szabolcs
2003-03-06 20:15 ` Szakacsits Szabolcs
2003-03-06 20:36 ` Randy.Dunlap
2003-03-06 21:46 ` Oops counter (was Re: ntfs OOPS (2.5.63)) Szakacsits Szabolcs
2003-03-07 7:50 ` [Linux-NTFS-Dev] ntfs OOPS (2.5.63) Randy.Dunlap
2003-03-07 7:52 ` Szakacsits Szabolcs
2003-03-07 17:17 ` Randy.Dunlap
2003-03-07 17:56 ` Szakacsits Szabolcs
2003-03-07 18:08 ` Randy.Dunlap
2003-03-08 13:24 ` Szakacsits Szabolcs
2003-03-08 15:47 ` Szakacsits Szabolcs
2003-03-10 4:16 ` Randy.Dunlap
2003-03-10 7:22 ` 2.5.63 accesses below %esp (was: Re: ntfs OOPS (2.5.63)) Szakacsits Szabolcs
2003-03-11 17:01 ` Alan Cox
2003-03-11 16:29 ` Szakacsits Szabolcs
2003-03-12 1:09 ` Alan Cox
2003-03-13 18:02 ` Zach Brown
2003-03-12 0:39 ` Linus Torvalds
2003-03-12 6:07 ` Szakacsits Szabolcs
2003-03-12 7:52 ` Richard Henderson
2003-03-12 8:02 ` Szakacsits Szabolcs
2003-03-12 8:17 ` Richard Henderson
2003-03-12 8:45 ` Szakacsits Szabolcs
2003-03-12 9:17 ` Szakacsits Szabolcs
2003-03-12 15:28 ` Szakacsits Szabolcs
2003-03-12 15:38 ` Linus Torvalds
2003-03-12 23:14 ` Bill Davidsen
2003-03-12 10:19 ` Arjan van de Ven
2003-03-12 15:20 ` Linus Torvalds
2003-03-12 15:24 ` Arjan van de Ven
2003-03-12 15:35 ` Szakacsits Szabolcs
2003-03-12 15:43 ` Arjan van de Ven
2003-03-12 15:47 ` Linus Torvalds
2003-03-12 16:38 ` Randy.Dunlap
2003-03-12 16:50 ` Randy.Dunlap
2003-03-12 18:25 ` Szakacsits Szabolcs
2003-03-12 18:33 ` Linus Torvalds
2003-03-12 21:54 ` Szakacsits Szabolcs
2003-03-12 22:18 ` Linus Torvalds
2003-03-12 22:28 ` Szakacsits Szabolcs
2003-03-13 1:07 ` Linus Torvalds
2003-03-14 8:04 ` Szakacsits Szabolcs
2003-03-14 10:00 ` Helge Hafting [this message]
2003-03-14 11:02 ` Szakacsits Szabolcs
2003-03-13 21:07 ` Horst von Brand
2003-03-13 23:24 ` Linus Torvalds
2003-03-14 1:08 ` Jonathan Lundell
2003-03-14 4:29 ` Randy.Dunlap
2003-03-14 6:26 ` Jonathan Lundell
2003-03-15 18:24 ` Horst von Brand
2003-03-15 19:47 ` Randy.Dunlap
2003-03-12 21:13 ` Horst von Brand
2003-03-12 22:03 ` Szakacsits Szabolcs
2003-03-13 21:04 ` Horst von Brand
2003-03-14 7:14 ` Denis Vlasenko
2003-03-14 12:16 ` Backward disassembling (was: Re: 2.5.63 accesses below %esp) Szakacsits Szabolcs
2003-03-14 16:53 ` Jonathan Lundell
2003-03-15 18:34 ` 2.5.63 accesses below %esp (was: Re: ntfs OOPS (2.5.63)) Horst von Brand
2003-03-17 6:56 ` Denis Vlasenko
2003-03-17 21:43 ` Horst von Brand
2003-03-18 3:28 ` Keith Owens
2003-03-18 7:13 ` Hugh Dickins
2003-03-20 10:48 ` Keith Owens
2003-03-20 11:04 ` Hugh Dickins
2003-03-18 19:44 ` Szakacsits Szabolcs
2003-03-18 6:05 ` Denis Vlasenko
2003-03-18 6:35 ` John Alvord
2003-03-14 18:01 ` Olaf Titz
2003-03-14 18:56 ` Richard B. Johnson
2003-03-12 23:32 ` [PATCH] OOPS counters Randy.Dunlap
2003-03-06 12:27 ` [Linux-NTFS-Dev] ntfs OOPS (2.5.63) Anton Altaparmakov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E71A838.9020306@aitel.hist.no \
--to=helgehaf@aitel.hist.no \
--cc=linux-kernel@vger.kernel.org \
--cc=szaka@sienet.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox