* Linux i386 clone(): %ebx 'frobbing' ?
@ 2008-02-15 18:42 Ahmed S. Darwish
2008-02-15 20:07 ` Andreas Schwab
0 siblings, 1 reply; 5+ messages in thread
From: Ahmed S. Darwish @ 2008-02-15 18:42 UTC (permalink / raw)
To: libc-alpha, libc-alpha; +Cc: linux-kernel
Hi all,
In the clone(int (*fn)(void *arg), void *child_stack, ..., void *arg, ...)
Glibc library function defind in sysdeps/unix/sysv/linux/i386/:
`fn' is saved in 8(child_stack), and `arg' is stored in 12(child_stack):
movl STACK(%esp),%ecx
movl ARG(%esp),%eax /* no negative argument counts */
movl %eax,12(%ecx) <---
/* Save the function pointer as the zeroth argument.
It will be popped off in the child in the ebx frobbing below. */
movl FUNC(%esp),%eax
movl %eax,8(%ecx) <---
But after the exectuion of `sys_clone' system call, `fn' is
called in the child thread by the statement 'call *%ebx' as follows:
int $0x80
[...]
test %eax,%eax
jz L(thread_start)
/* Parent */
L(pseudo_end):
ret
/* Child */
L(thread_start):
/* Note: %esi is zero. */
movl %esi,%ebp /* terminate the stack frame */
call *%ebx
I don't understand how the `fn' argument reached the child thread
in the %ebx register. It's said in the comment that `fn' will be
popped to child 'in the ebx frobbing below'. But what does that mean ?
Thanks in advance
--
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Linux i386 clone(): %ebx 'frobbing' ?
2008-02-15 18:42 Linux i386 clone(): %ebx 'frobbing' ? Ahmed S. Darwish
@ 2008-02-15 20:07 ` Andreas Schwab
2008-02-15 23:07 ` Ahmed S. Darwish
0 siblings, 1 reply; 5+ messages in thread
From: Andreas Schwab @ 2008-02-15 20:07 UTC (permalink / raw)
To: Ahmed S. Darwish; +Cc: libc-alpha, libc-alpha, linux-kernel
"Ahmed S. Darwish" <darwish.07@gmail.com> writes:
> I don't understand how the `fn' argument reached the child thread
> in the %ebx register. It's said in the comment that `fn' will be
> popped to child 'in the ebx frobbing below'. But what does that mean ?
See "popl %ebx" after "int $0x80".
Andreas.
--
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Linux i386 clone(): %ebx 'frobbing' ?
2008-02-15 20:07 ` Andreas Schwab
@ 2008-02-15 23:07 ` Ahmed S. Darwish
2008-02-15 23:28 ` Andreas Schwab
0 siblings, 1 reply; 5+ messages in thread
From: Ahmed S. Darwish @ 2008-02-15 23:07 UTC (permalink / raw)
To: Andreas Schwab; +Cc: libc-alpha, libc-alpha, linux-kernel
Hi Andreas,
On Fri, Feb 15, 2008, Andreas Schwab wrote:
> "Ahmed S. Darwish" <darwish.07@gmail.com> writes:
>
> > I don't understand how the `fn' argument reached the child thread
> > in the %ebx register. It's said in the comment that `fn' will be
> > popped to child 'in the ebx frobbing below'. But what does that mean ?
>
> See "popl %ebx" after "int $0x80".
>
I hope I'm not misreading something obvious, but I can't find
the code where FUNC(%esp) is stored in %ebx before %ebx value
got pushed in the stack (and restored in above 'popl' statement).
Thanks a lot for help.
--
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Linux i386 clone(): %ebx 'frobbing' ?
2008-02-15 23:07 ` Ahmed S. Darwish
@ 2008-02-15 23:28 ` Andreas Schwab
2008-02-15 23:54 ` Ahmed S. Darwish
0 siblings, 1 reply; 5+ messages in thread
From: Andreas Schwab @ 2008-02-15 23:28 UTC (permalink / raw)
To: Ahmed S. Darwish; +Cc: libc-alpha, libc-alpha, linux-kernel
"Ahmed S. Darwish" <darwish.07@gmail.com> writes:
> Hi Andreas,
>
> On Fri, Feb 15, 2008, Andreas Schwab wrote:
>> "Ahmed S. Darwish" <darwish.07@gmail.com> writes:
>>
>> > I don't understand how the `fn' argument reached the child thread
>> > in the %ebx register. It's said in the comment that `fn' will be
>> > popped to child 'in the ebx frobbing below'. But what does that mean ?
>>
>> See "popl %ebx" after "int $0x80".
>>
>
> I hope I'm not misreading something obvious, but I can't find
> the code where FUNC(%esp) is stored in %ebx before %ebx value
> got pushed in the stack (and restored in above 'popl' statement).
It is stored in the new stack for the child, as explained in the
comment. The parent has a different stack.
Andreas.
--
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Linux i386 clone(): %ebx 'frobbing' ?
2008-02-15 23:28 ` Andreas Schwab
@ 2008-02-15 23:54 ` Ahmed S. Darwish
0 siblings, 0 replies; 5+ messages in thread
From: Ahmed S. Darwish @ 2008-02-15 23:54 UTC (permalink / raw)
To: Andreas Schwab; +Cc: libc-alpha, libc-alpha, linux-kernel
On Sat, Feb 16, 2008 at 12:28:11AM +0100, Andreas Schwab wrote:
> "Ahmed S. Darwish" <darwish.07@gmail.com> writes:
>
> > Hi Andreas,
> >
> > On Fri, Feb 15, 2008, Andreas Schwab wrote:
> >> "Ahmed S. Darwish" <darwish.07@gmail.com> writes:
> >>
> >> > I don't understand how the `fn' argument reached the child thread
> >> > in the %ebx register. It's said in the comment that `fn' will be
> >> > popped to child 'in the ebx frobbing below'. But what does that mean ?
> >>
> >> See "popl %ebx" after "int $0x80".
> >>
> >
> > I hope I'm not misreading something obvious, but I can't find
> > the code where FUNC(%esp) is stored in %ebx before %ebx value
> > got pushed in the stack (and restored in above 'popl' statement).
>
> It is stored in the new stack for the child, as explained in the
> comment. The parent has a different stack.
>
Ooh great, I got it. Sorry, my mind didn't connect the dots though
I read the comment several times. Thanks a lot for bearing with me :).
Regards,
--
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2008-02-15 23:56 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-15 18:42 Linux i386 clone(): %ebx 'frobbing' ? Ahmed S. Darwish
2008-02-15 20:07 ` Andreas Schwab
2008-02-15 23:07 ` Ahmed S. Darwish
2008-02-15 23:28 ` Andreas Schwab
2008-02-15 23:54 ` Ahmed S. Darwish
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox