Re: where to look at userspace implementation of fork() and clone()?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Apr 25, 2008 at 5:09 PM, Michael Kerrisk
<mtk.manpages@xxxxxxxxxxxxxx> wrote:
>
> On Fri, Apr 25, 2008 at 10:05 AM, Peter Teoh <htmldeveloper@xxxxxxxxx> wrote:
>  > On Fri, Apr 25, 2008 at 2:18 PM, Michael Kerrisk
>  > <mtk.manpages@xxxxxxxxxxxxxx> wrote:
>  >
>  > > On Fri, Apr 25, 2008 at 7:39 AM, Peter Teoh <htmldeveloper@xxxxxxxxx> wrote:
>  > >  > I did not tried the glibc approach.
>  > >  >
>  > >  > But to answer how the specific transition from fork() to sys_fork()
>  > >  > (in  kernel) is made:
>  > >  >
>  > >  > In /lib/libc.so.6:
>  > >  >
>  > >  > objdump -t libc.so.6 | grep fork
>  > >  >
>  > >  > show that fork() API is implemented inside this file.
>  > >  >
>  > >  > Then objdump -d to disassemble the file, and search  for fork:
>  > >  >
>  > >  > 44153710 <__fork>:
>  > >  > 44153710:       55                      push   %ebp
>  > >  > 44153711:       89 e5                   mov    %esp,%ebp
>  > >  > 44153713:       57                      push   %edi
>  > >  > 44153714:       56                      push   %esi
>  > >  > 44153715:       53                      push   %ebx
>  > >  >
>  > >  > 44153937:       b8 f0 00 00 00          mov    $0xf0,%eax ========> for sys_fork().
>  > >
>  > >  $0xf0 is not the syscall number for fork()?
>  > >
>  >
>  > Ok...sorry, so may the following example is  better:
>  >
>  > 44153970 <__vfork>:
>  > 44153970:       59                      pop    %ecx
>  > 44153971:       65 8b 15 4c 00 00 00    mov    %gs:0x4c,%edx
>  > 44153978:       89 d0                   mov    %edx,%eax
>  > 4415397a:       f7 d8                   neg    %eax
>  > 4415397c:       75 05                   jne    44153983 <__vfork+0x13>
>  > 4415397e:       b8 00 00 00 80          mov    $0x80000000,%eax
>  > 44153983:       65 a3 4c 00 00 00       mov    %eax,%gs:0x4c
>  > 44153989:       b8 be 00 00 00          mov    $0xbe,%eax
>  > 4415398e:       cd 80                   int    $0x80
>  >
>  > 0xbe is the syscall number for sys_vfork().   Just emphasize the approach.
>  >
>  > I saw a  call *%eax, and so some reassembly of the binary number may
>  > be needed. (the previous disassembly for fork may include data
>  > included inside the assembly).
>
>  Yes, but I think the point is that the fork() wrapper in glibc does
>  *not* call sys_fork() -- it calls sys_clone().  strace shows us that.

Good idea, strace is another good tool and its answer is never wrong.
 And YES, btw, 0xf0==120==sys_clone, so mystery solved!!

-- 
Regards,
Peter Teoh

--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux