当我通过vmware的debugstub调试linux内核进程时,我发现了一个非常奇怪的情况。 我在sys_execve中设置了一个断点并打开了chrome,它确实中断但我发现thread_info结构总是被0填充。
Breakpoint 1, SyS_execve (filename=139842677234776, argv=139842677234848, envp=139843191453696)
at /build/linux-lts-utopic-V0z0lI/linux-lts-utopic-3.16.0/fs/exec.c:1630
1630 in /build/linux-lts-utopic-V0z0lI/linux-lts-utopic-3.16.0/fs/exec.c
(gdb) set $hehe = (struct thread_info *)(((long)$rsp & 0xffffffffffffe000))
(gdb) print *$hehe
$21 = {
task = 0x0 <irq_stack_union>,
exec_domain = 0x0 <irq_stack_union>,
flags = 0,
status = 0,
cpu = 0,
saved_preempt_count = 0,
addr_limit = {
seg = 0
},
restart_block = {
fn = 0x0 <irq_stack_union>,
{
futex = {
uaddr = 0x0 <irq_stack_union>,
val = 0,
flags = 0,
bitset = 0,
time = 0,
uaddr2 = 0x0 <irq_stack_union>
},
nanosleep = {
clockid = 0,
rmtp = 0x0 <irq_stack_union>,
compat_rmtp = 0x0 <irq_stack_union>,
expires = 0
},
poll = {
ufds = 0x0 <irq_stack_union>,
nfds = 0,
has_timeout = 0,
tv_sec = 0,
tv_nsec = 0
}
}
},
sysenter_return = 0x0 <irq_stack_union>,
sig_on_uaccess_error = 0,
uaccess_err = 0
}
然后我在32位ubuntu 14.04中尝试了相同的操作,一切运行良好。
(gdb) set $hehe = (struct thread_info *)((long)$esp & 0xffffe000)
(gdb) print *$hehe
$1 = {task = 0xc1980a40 <init_task>, exec_domain = 0xc198ef80 <default_exec_domain>, flags = 0, status = 0, cpu = 0, saved_preempt_count = -2147483648,
addr_limit = {seg = 4294967295}, restart_block = {fn = 0xc106d520 <do_no_restart_syscall>, {futex = {uaddr = 0x0, val = 0, flags = 0, bitset = 0, time = 0,
uaddr2 = 0x0}, nanosleep = {clockid = 0, rmtp = 0x0, expires = 0}, poll = {ufds = 0x0, nfds = 0, has_timeout = 0, tv_sec = 0, tv_nsec = 0}}},
sysenter_return = 0x0, sig_on_uaccess_error = 0, uaccess_err = 0}
我想知道是什么让这些事发生了。 默认的PAGE_SIZE不是4KB?或者线程堆栈不是THREAD_SIZE(2 * PAGE_SIZE)大?
答案 0 :(得分:1)
现在很长一段时间,堆栈都是16KB。我不明白为什么你会玩猜谜游戏,也不知道你为什么要寻找thread_info。如果你想获得task_struct,你可以通过%gs。