Kernel Panic….

Call Trace:  {panic+483}
{_spin_unlock_
irq+12}
       {__down_read+60}
{_spin_lock_irqsave+ 9}
       {__up_read+25}
{blocking_notifier_cal
l_chain+70}
       {do_exit+141} {kernel_math_error+0}
       <ffffffff80270dfc}{do_invalid_op+173}
{:aacraid:aac_intr
_normal+463}
       <fffffff80269ece}{spin_lock_irqsave+9} {printk+82}
       {error_exit+0} {vgacon_cursor+0}
       {:aacraid:aac_intr_normal+473}
{:aacr
aid:aac_intr_normal+473}
       {:aacraid:aac_rx_intr+55}
{handle_IRQ
_event+41}
       {__do_IRQ+154} {do_IRQ+60}
       {ret_from_intr+0} 
(3) astrax:/home/pgperez>
(3) astrax:/home/pgperez> cat error
       {:aacraid:aac_rx_intr+55}
{handle_IRQ_event+41}
       {__do_IRQ+154} {do_IRQ+60}
       {ret_from_intr+0} 

link : https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=205778

What is a PUSH instruction ?

ABOUT PUSH INSTRUCTION RELATED

In 8086, the main stack register is called stack pointer - SP. The stack segment register (SS) is usually used to store information about the memory segment that stores the call stack of currently executed program. SP points to current stack top. By default, the stack grows downward in memory, so newer values are placed at lower memory addresses. To push a value to the stack, the PUSH instruction is used. To pop a value from the stack, the POP instruction is used.

TYPICAL GDB SESSION
[bash]
(gdb) disass
Dump of assembler code for function _IO_default_uflow:
0x00007f7c1e9964d0 : mov 0xd8(%rdi),%rax
=&gt; 0x00007f7c1e9964d7 : push %rbx
0x00007f7c1e9964d8 : mov %rdi,%rbx
0x00007f7c1e9964db : callq *0x20(%rax)
0x00007f7c1e9964de : cmp $0xffffffffffffffff,%eax
0x00007f7c1e9964e1 : je 0x7f7c1e9964f2
0x00007f7c1e9964e3 : mov 0x8(%rbx),%rdx
0x00007f7c1e9964e7 : movzbl (%rdx),%eax
0x00007f7c1e9964ea : add $0x1,%rdx
0x00007f7c1e9964ee : mov %rdx,0x8(%rbx)
0x00007f7c1e9964f2 : pop %rbx
0x00007f7c1e9964f3 : retq
End of assembler dump.
(gdb)
[/bash]

rbx is the 64 bit equivelant for ebx register

PUSH instruction pushes  a value onto  the stack. Here i think push instruction pushes the value of rbx register on to the stack.

LINKS
https://en.wikipedia.org/wiki/Stack_register
https://en.wikipedia.org/wiki/X86_instruction_listings

eip in 32-bit mode and rip in 64-bit mode

ABOUT Processor Register

In computer architecture, a processor register is a quickly accessible location available to a computer's central processing unit (CPU). Registers usually consist of a small amount of fast storage, although some registers have specific hardware functions, and may be read-only or write-only. Registers are typically addressed by mechanisms other than main memory, but may in some cases be assigned a memory address e.g. DEC PDP-10, ICT 1900.

[bash light=”true”]
(gdb) info registers
rax 0xfffffffffffffdfc -516
rbx 0x5dc 1500
rcx 0xffffffffffffffff -1
rdx 0x5dc 1500
rsi 0x1 1
rdi 0x7fff09cf5780 140733357971328
rbp 0x2051160 0x2051160
rsp 0x7fff09cf5730 0x7fff09cf5730
r8 0x0 0
r9 0xffffffff 4294967295
r10 0x8 8
r11 0x246 582
r12 0x7fff09cf5780 140733357971328
r13 0x7fff09cf5790 140733357971344
r14 0x0 0
r15 0x1 1
rip 0x7f2e947000c8 0x7f2e947000c8
eflags 0x246 [ PF ZF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb)
[/bash]

The RIP register is the instruction pointer register. In 64
-bit mode, the RIP register is extended to 64 bits to support
64-bit offsets. In 32-bit x86 architecture, the instruction
pointer register is the EIP register.source:

Related STUFF
[text]
Code:
example code 1 RIP-relative addressing

.section .data
mydata: .long 0

.section .bss

.section .text
.global _start
_start:
movq $64, mydata(%rdi)
Code:
example code 2
.section .data
mydata: .long 0

.section .bss

.section .text
.global _start
_start:
movq $64, mydata
and the results

Code:
example 1 RIP-relative addressing
code1: file format elf64-x86-64

Disassembly of section .text:

00000000004000b0 :
4000b0: 48 c7 87 bc 00 60 00 movq $0x40,0x6000bc(%rdi)
4000b7: 40 00 00 00
Code:
example 2
code2: file format elf64-x86-64

Disassembly of section .text:

00000000004000b0 :
4000b0: 48 c7 04 25 bc 00 60 movq $0x40,0x6000bc
4000b7: 00 40 00 00 00
are we talking about a one byte reduction in code size every time I use RIP relative addressing?
[/text]
Typical RIP and EIP Knowledge
[text]
How RIP/EIP relative addressing works in 32-bit mode

In 32-bit programs you can’t do this :

mov al, [eip]

But you will have to do something like this instead :
call $ + 5
pop ebx
add ebx, 1 + 1 + 1 + 1 ; POP + ADD + ModRM + imm8
mov al, [ebx] ; EBX is now pointing to this instruction!

How RIP/EIP relative addressing works in 64-bit mode

In 64-bit programs you are allowed to write this :
mov al, [rip]
[/text]
LINK
http://developers.sun.com/solaris/articles/x64_dbx.html
https://en.wikipedia.org/wiki/Processor_register
http://www.codegurus.be/codegurus/Programming/riprelativeaddressing_en.htm
http://www.linuxforums.org/forum/linux-programming-scripting/131795-amd-64-bit-rip-relative-addressing.html

The Intel IA32 processors have a base pointer..

software | Windows |


The Intel IA32 processors have a base pointer register called EBP . The
EBP register is typically set to the value of the ESP register at the
 beginning of a procedure, and used to address the procedure arguments
 and locally allocated variables throughout the procedure. Thus, the
 arguments are located at positive offsets from the EBP register, while the
 variables are located at negative offsets from the EBP register.

source :
http://d3s.mff.cuni.cz/~ceres/sch/osy/text/ch03s02s02.php

software | GNU/Linux |

(gdb) info registers
rax            0xfffffffffffffdfc	-516
rbx            0x5dc	1500
rcx            0xffffffffffffffff	-1
rdx            0x5dc	1500
rsi            0x1	1
rdi            0x7ffffb2814d0	140737407096016
rbp            0x1f70160	0x1f70160
rsp            0x7ffffb281480	0x7ffffb281480
r8             0x0	0
r9             0xffffffff	4294967295
r10            0x8	8
r11            0x246	582
r12            0x7ffffb2814d0	140737407096016
r13            0x7ffffb2814e0	140737407096032
r14            0x0	0
r15            0x1	1
rip            0x7f668b3710c8	0x7f668b3710c8 
eflags         0x246	[ PF ZF IF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
(gdb)

rbp 0x1f70160 0x1f70160

In computer architecture, a processor register (or general purpose
 register) is a small amount of storage available on the CPU whose
 contents can be accessed more quickly than storage available
 elsewhere.
source :
http://en.wikipedia.org/wiki/Processor_register

The AMD64 architecture has sixteen 64-bit general purpose registers
 (GPRs): RAX, RBX, RCX, RDX, RBP, RSI, RDI, RSP, R8, R9, R10, R11, R12,
 R13, R14, and R15. Compared to the x86 architecture, the AMD64
 architecture has eight new GPRs.

source :
http://developers.sun.com/solaris/articles/x64_dbx.html

| Related Discussion |

 Hi, Could somebody please explain what GCC is doing for this piece of code? What is it initializing? The original code is:

#include 
int main()
{

}
And it was translated to:

    .file       "test1.c"
    .def        ___main;        .scl    2;      .type   32;     .endef
    .text
.globl _main
    .def        _main;  .scl    2;      .type   32;     .endef
_main:
    pushl       %ebp
    movl        %esp, %ebp
    subl        $8, %esp
    andl        $-16, %esp
    movl        $0, %eax
    addl        $15, %eax
    addl        $15, %eax
    shrl        $4, %eax
    sall        $4, %eax
    movl        %eax, -4(%ebp)
    movl        -4(%ebp), %eax
    call        __alloca
    call        ___main
    leave
    ret

| Variation |

Registers E(SP), E(IP) and E(BP) are promoted to 64-bits and are re-named RSP, RIP, and RBP respectively.

source and link(s) :
http://x86asm.net/articles/x86-64-tour-of-intel-manuals/

16 bits into the segment register…(GS)

software | Windows |

 
These instructions read a full pointer from memory and store it in the
selected segment register:register pair. The full pointer loads 16 bits
 into the segment register SS, DS, ES, FS, or GS


source :
http://pdos.csail.mit.edu/6.828/2008/readings/i386/LGS.htm

software |GNU/Linux|

(gdb) info  registers
rax            0xfffffffffffffdfc	-516
rbx            0x5dc	1500
rcx            0xffffffffffffffff	-1
rdx            0x5dc	1500
rsi            0x1	1
rdi            0x7fff599ac280	140734696702592
rbp            0x1f08af0	0x1f08af0
rsp            0x7fff599ac230	0x7fff599ac230
r8             0x0	0
r9             0xffffffff	4294967295
r10            0x8	8
r11            0x246	582
r12            0x7fff599ac280	140734696702592
r13            0x7fff599ac290	140734696702608
r14            0x0	0
r15            0x1	1
rip            0x7f0129e710c8	0x7f0129e710c8 
eflags         0x246	[ PF ZF IF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
(gdb)

Instead of FS segment descriptor on x86 versions of the Windows NT
family, GS segment descriptor is used to point to two operating system
defined structures: Thread Information Block (NT_TIB) in user mode
and Processor Control Region (KPCR) in kernel mode. Thus, for example,
in user mode GS:0 is the address of the first member of the Thread
 Information Block. Maintaining this convention made the x86-64 port
 easier, but required AMD to retain the function of the FS and GS
 segments in long mode — even though segmented addressing per se is
 not really used by any modern operating system.[38]

source :
http://en.wikipedia.org/wiki/X86-64

| Related Discussion |

leilei wrote:
I am writting a program for target board which have a 486 cpu, 512K
ram(0x0 to 0x7ffff), 512k flash (0x80000 to 0xFFFFF).My program will
be burned into flash.
My program is to initialize the GDT, IDT, TSS, move them to memory.
Now I can enter protected model and mov GDT, IDT correctly.But when I
am about to mov TSS, some exception came out, and the CPU reset
automaticly. The code casue the problem is like this:
mov cx, gdt_idx
mov gs, cx
when cpu run to the instuction 'mov gs, cx', CPU will reset.
i can assure the value in cx is correctly.

can any one give me some tips about how can this be happend?


This seems to have nothing to do with TSS, yet.
The CPU is not happy with the selector attempted
to load GS with.

Please check that the number in CX is a valid GDT
selector within the table range.

It also seems that there is no handler available
for the exception generated by the segment loading.

--

Tauno Voipio
tauno voipio (at) iki fi

source :
http://coding.derkeiler.com/Archive/General/comp.arch.embedded/2008-04/msg01432.html

| Variation |

I think eax has a typical closer connection to 32 bit software architecture of an operating system and rax is like for 64 bit OS. Link(s). http://lists.xensource.com/archives/html/xen-devel/2006-12/msg00547.html