LKML Archive on lore.kernel.org
 help / color / Atom feed
* Linux i386 clone(): %ebx 'frobbing' ?
@ 2008-02-15 18:42 Ahmed S. Darwish
  2008-02-15 20:07 ` Andreas Schwab
  0 siblings, 1 reply; 5+ messages in thread
From: Ahmed S. Darwish @ 2008-02-15 18:42 UTC (permalink / raw)
  To: libc-alpha, libc-alpha; +Cc: linux-kernel

Hi all,

In the clone(int (*fn)(void *arg), void *child_stack, ..., void *arg, ...)
Glibc library function defind in sysdeps/unix/sysv/linux/i386/:

`fn' is saved in 8(child_stack), and `arg' is stored in 12(child_stack):

	movl	STACK(%esp),%ecx
	movl	ARG(%esp),%eax		/* no negative argument counts */
	movl	%eax,12(%ecx)		<---

	/* Save the function pointer as the zeroth argument.
	   It will be popped off in the child in the ebx frobbing below.  */
	movl	FUNC(%esp),%eax
	movl	%eax,8(%ecx)		<---

But after the exectuion of `sys_clone' system call, `fn' is 
called in the child thread by the statement 'call *%ebx' as follows:

	int	$0x80
	[...]

	test	%eax,%eax
	jz	L(thread_start)

/* Parent */
L(pseudo_end):
	ret

/* Child */
L(thread_start):
	/* Note: %esi is zero.  */
	movl	%esi,%ebp	/* terminate the stack frame */
	call	*%ebx

I don't understand how the `fn' argument reached the child thread
in the %ebx register. It's said in the comment that `fn' will be
popped to child 'in the ebx frobbing below'. But what does that mean ?

Thanks in advance

-- 
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Linux i386 clone(): %ebx 'frobbing' ?
  2008-02-15 18:42 Linux i386 clone(): %ebx 'frobbing' ? Ahmed S. Darwish
@ 2008-02-15 20:07 ` Andreas Schwab
  2008-02-15 23:07   ` Ahmed S. Darwish
  0 siblings, 1 reply; 5+ messages in thread
From: Andreas Schwab @ 2008-02-15 20:07 UTC (permalink / raw)
  To: Ahmed S. Darwish; +Cc: libc-alpha, libc-alpha, linux-kernel

"Ahmed S. Darwish" <darwish.07@gmail.com> writes:

> I don't understand how the `fn' argument reached the child thread
> in the %ebx register. It's said in the comment that `fn' will be
> popped to child 'in the ebx frobbing below'. But what does that mean ?

See "popl %ebx" after "int $0x80".

Andreas.

-- 
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Linux i386 clone(): %ebx 'frobbing' ?
  2008-02-15 20:07 ` Andreas Schwab
@ 2008-02-15 23:07   ` Ahmed S. Darwish
  2008-02-15 23:28     ` Andreas Schwab
  0 siblings, 1 reply; 5+ messages in thread
From: Ahmed S. Darwish @ 2008-02-15 23:07 UTC (permalink / raw)
  To: Andreas Schwab; +Cc: libc-alpha, libc-alpha, linux-kernel

Hi Andreas,

On Fri, Feb 15, 2008, Andreas Schwab wrote:
> "Ahmed S. Darwish" <darwish.07@gmail.com> writes:
> 
> > I don't understand how the `fn' argument reached the child thread
> > in the %ebx register. It's said in the comment that `fn' will be
> > popped to child 'in the ebx frobbing below'. But what does that mean ?
> 
> See "popl %ebx" after "int $0x80".
> 

I hope I'm not misreading something obvious, but I can't find
the code where FUNC(%esp) is stored in %ebx before %ebx value
got pushed in the stack (and restored in above 'popl' statement).

Thanks a lot for help.

-- 
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Linux i386 clone(): %ebx 'frobbing' ?
  2008-02-15 23:07   ` Ahmed S. Darwish
@ 2008-02-15 23:28     ` Andreas Schwab
  2008-02-15 23:54       ` Ahmed S. Darwish
  0 siblings, 1 reply; 5+ messages in thread
From: Andreas Schwab @ 2008-02-15 23:28 UTC (permalink / raw)
  To: Ahmed S. Darwish; +Cc: libc-alpha, libc-alpha, linux-kernel

"Ahmed S. Darwish" <darwish.07@gmail.com> writes:

> Hi Andreas,
>
> On Fri, Feb 15, 2008, Andreas Schwab wrote:
>> "Ahmed S. Darwish" <darwish.07@gmail.com> writes:
>> 
>> > I don't understand how the `fn' argument reached the child thread
>> > in the %ebx register. It's said in the comment that `fn' will be
>> > popped to child 'in the ebx frobbing below'. But what does that mean ?
>> 
>> See "popl %ebx" after "int $0x80".
>> 
>
> I hope I'm not misreading something obvious, but I can't find
> the code where FUNC(%esp) is stored in %ebx before %ebx value
> got pushed in the stack (and restored in above 'popl' statement).

It is stored in the new stack for the child, as explained in the
comment.  The parent has a different stack.

Andreas.

-- 
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Linux i386 clone(): %ebx 'frobbing' ?
  2008-02-15 23:28     ` Andreas Schwab
@ 2008-02-15 23:54       ` Ahmed S. Darwish
  0 siblings, 0 replies; 5+ messages in thread
From: Ahmed S. Darwish @ 2008-02-15 23:54 UTC (permalink / raw)
  To: Andreas Schwab; +Cc: libc-alpha, libc-alpha, linux-kernel

On Sat, Feb 16, 2008 at 12:28:11AM +0100, Andreas Schwab wrote:
> "Ahmed S. Darwish" <darwish.07@gmail.com> writes:
> 
> > Hi Andreas,
> >
> > On Fri, Feb 15, 2008, Andreas Schwab wrote:
> >> "Ahmed S. Darwish" <darwish.07@gmail.com> writes:
> >> 
> >> > I don't understand how the `fn' argument reached the child thread
> >> > in the %ebx register. It's said in the comment that `fn' will be
> >> > popped to child 'in the ebx frobbing below'. But what does that mean ?
> >> 
> >> See "popl %ebx" after "int $0x80".
> >> 
> >
> > I hope I'm not misreading something obvious, but I can't find
> > the code where FUNC(%esp) is stored in %ebx before %ebx value
> > got pushed in the stack (and restored in above 'popl' statement).
> 
> It is stored in the new stack for the child, as explained in the
> comment.  The parent has a different stack.
> 

Ooh great, I got it. Sorry, my mind didn't connect the dots though 
I read the comment several times. Thanks a lot for bearing with me :).

Regards,

-- 
Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, back to index

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-02-15 18:42 Linux i386 clone(): %ebx 'frobbing' ? Ahmed S. Darwish
2008-02-15 20:07 ` Andreas Schwab
2008-02-15 23:07   ` Ahmed S. Darwish
2008-02-15 23:28     ` Andreas Schwab
2008-02-15 23:54       ` Ahmed S. Darwish

LKML Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lkml.kernel.org/lkml/0 lkml/git/0.git
	git clone --mirror https://lkml.kernel.org/lkml/1 lkml/git/1.git
	git clone --mirror https://lkml.kernel.org/lkml/2 lkml/git/2.git
	git clone --mirror https://lkml.kernel.org/lkml/3 lkml/git/3.git
	git clone --mirror https://lkml.kernel.org/lkml/4 lkml/git/4.git
	git clone --mirror https://lkml.kernel.org/lkml/5 lkml/git/5.git
	git clone --mirror https://lkml.kernel.org/lkml/6 lkml/git/6.git
	git clone --mirror https://lkml.kernel.org/lkml/7 lkml/git/7.git
	git clone --mirror https://lkml.kernel.org/lkml/8 lkml/git/8.git
	git clone --mirror https://lkml.kernel.org/lkml/9 lkml/git/9.git
	git clone --mirror https://lkml.kernel.org/lkml/10 lkml/git/10.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ https://lkml.kernel.org/lkml \
		linux-kernel@vger.kernel.org
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git