From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Jqpb5-0002te-CL
	for qemu-devel@nongnu.org; Tue, 29 Apr 2008 09:10:15 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Jqpb3-0002t6-Kq
	for qemu-devel@nongnu.org; Tue, 29 Apr 2008 09:10:14 -0400
Received: from [199.232.76.173] (port=38571 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Jqpb3-0002t0-Dh
	for qemu-devel@nongnu.org; Tue, 29 Apr 2008 09:10:13 -0400
Received: from mx1.redhat.com ([66.187.233.31])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <lkundrak@redhat.com>) id 1Jqpb3-0006Nb-33
	for qemu-devel@nongnu.org; Tue, 29 Apr 2008 09:10:13 -0400
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
	[172.16.52.254])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m3TDA7B2026515
	for <qemu-devel@nongnu.org>; Tue, 29 Apr 2008 09:10:07 -0400
Received: from pobox.stuttgart.redhat.com (pobox.stuttgart.redhat.com
	[172.16.2.10])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m3TDA5OO001699
	for <qemu-devel@nongnu.org>; Tue, 29 Apr 2008 09:10:06 -0400
Received: from [10.32.4.147] (vpn-4-147.str.redhat.com [10.32.4.147])
	by pobox.stuttgart.redhat.com (8.13.1/8.13.1) with ESMTP id
	m3TDA5Cn016168
	for <qemu-devel@nongnu.org>; Tue, 29 Apr 2008 09:10:05 -0400
From: Lubomir Kundrak <lkundrak@redhat.com>
Content-Type: text/plain
Date: Tue, 29 Apr 2008 15:10:08 +0200
Message-Id: <1209474608.5892.9.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] User mode emulation's clone does not seem to work with
	glibc >= 2.4's fork
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

I tried to run SH4 binaries linked with glibc-2.8 with qemu-sh4. fork()
system call was always returning with "Invalid argument".

Post glibc 2.3 fork() on Linux seems to call clone():

glibc-2.4/nptl/sysdeps/unix/sysv/linux/sh/fork.c:
 24 /* TLS pointer argument is passed as the 5-th argument.  */
 25 #define ARCH_FORK() \
 26   INLINE_SYSCALL (clone, 5,                                                   \
 27                   CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID | SIGCHLD, 0,     \
 28                   NULL, &THREAD_SELF->tid, NULL)

qemu/linux-user/syscall.c:

2713 int do_fork(CPUState *env, unsigned int flags, abi_ulong newsp)
...
2720     if (flags & CLONE_VM) {
...
2794     } else {
2795         /* if no CLONE_VM, we consider it is a fork */
2796         if ((flags & ~CSIGNAL) != 0)
2797             return -EINVAL;
2798         ret = fork();
2799     }
2800     return ret;

Here CLONE_CHILD_SETTID and CLONE_CHILD_CLEARTID being set cause the
~CSIGNAL conditional to fail. If the test is omited, some assertion fail
in glibc's fork() implementation is triggered.

-- 
Lubomir Kundrak (Red Hat Security Response Team)