Hi all,
In the clone(int (*fn)(void *arg), void *child_stack, ..., void *arg, ...)
Glibc library function defind in sysdeps/unix/sysv/linux/i386/:
`fn' is saved in 8(child_stack), and `arg' is stored in 12(child_stack):
movl STACK(%esp),%ecx
movl ARG(%esp),%eax /* no negative argument counts */
movl %eax,12(%ecx) <---
/* Save the function pointer as the zeroth argument.
It will be popped off in the child in the ebx frobbing below. */
movl FUNC(%esp),%eax
movl %eax,8(%ecx) <---
But after the exectuion of `sys_clone' system call, `fn' is
called in the child thread by the statement 'call *%ebx' as follows:
int $0x80
[...]
test %eax,%eax
jz L(thread_start)
/* Parent */
L(pseudo_end):
ret
/* Child */
L(thread_start):
/* Note: %esi is zero. */
movl %esi,%ebp /* terminate the stack frame */
call *%ebx
I don't understand how the `fn' argument reached the child thread
in the %ebx register. It's said in the comment that `fn' will be
popped to child 'in the ebx frobbing below'. But what does that mean ?
Thanks in advance
--
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com
"Ahmed S. Darwish" <[email protected]> writes:
> I don't understand how the `fn' argument reached the child thread
> in the %ebx register. It's said in the comment that `fn' will be
> popped to child 'in the ebx frobbing below'. But what does that mean ?
See "popl %ebx" after "int $0x80".
Andreas.
--
Andreas Schwab, SuSE Labs, [email protected]
SuSE Linux Products GmbH, Maxfeldstra?e 5, 90409 N?rnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
Hi Andreas,
On Fri, Feb 15, 2008, Andreas Schwab wrote:
> "Ahmed S. Darwish" <[email protected]> writes:
>
> > I don't understand how the `fn' argument reached the child thread
> > in the %ebx register. It's said in the comment that `fn' will be
> > popped to child 'in the ebx frobbing below'. But what does that mean ?
>
> See "popl %ebx" after "int $0x80".
>
I hope I'm not misreading something obvious, but I can't find
the code where FUNC(%esp) is stored in %ebx before %ebx value
got pushed in the stack (and restored in above 'popl' statement).
Thanks a lot for help.
--
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com
"Ahmed S. Darwish" <[email protected]> writes:
> Hi Andreas,
>
> On Fri, Feb 15, 2008, Andreas Schwab wrote:
>> "Ahmed S. Darwish" <[email protected]> writes:
>>
>> > I don't understand how the `fn' argument reached the child thread
>> > in the %ebx register. It's said in the comment that `fn' will be
>> > popped to child 'in the ebx frobbing below'. But what does that mean ?
>>
>> See "popl %ebx" after "int $0x80".
>>
>
> I hope I'm not misreading something obvious, but I can't find
> the code where FUNC(%esp) is stored in %ebx before %ebx value
> got pushed in the stack (and restored in above 'popl' statement).
It is stored in the new stack for the child, as explained in the
comment. The parent has a different stack.
Andreas.
--
Andreas Schwab, SuSE Labs, [email protected]
SuSE Linux Products GmbH, Maxfeldstra?e 5, 90409 N?rnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
On Sat, Feb 16, 2008 at 12:28:11AM +0100, Andreas Schwab wrote:
> "Ahmed S. Darwish" <[email protected]> writes:
>
> > Hi Andreas,
> >
> > On Fri, Feb 15, 2008, Andreas Schwab wrote:
> >> "Ahmed S. Darwish" <[email protected]> writes:
> >>
> >> > I don't understand how the `fn' argument reached the child thread
> >> > in the %ebx register. It's said in the comment that `fn' will be
> >> > popped to child 'in the ebx frobbing below'. But what does that mean ?
> >>
> >> See "popl %ebx" after "int $0x80".
> >>
> >
> > I hope I'm not misreading something obvious, but I can't find
> > the code where FUNC(%esp) is stored in %ebx before %ebx value
> > got pushed in the stack (and restored in above 'popl' statement).
>
> It is stored in the new stack for the child, as explained in the
> comment. The parent has a different stack.
>
Ooh great, I got it. Sorry, my mind didn't connect the dots though
I read the comment several times. Thanks a lot for bearing with me :).
Regards,
--
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com