From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/12282 Path: news.gmane.org!.POSTED!not-for-mail From: Markus Wichmann Newsgroups: gmane.linux.lib.musl.general Subject: [PATCH] Add comments to i386 assembly source Date: Sat, 23 Dec 2017 10:45:45 +0100 Message-ID: <20171223094545.rmx6xtmucyz5xzap@voyager> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="tufmc4wexpnu5qiy" X-Trace: blaine.gmane.org 1514022249 2907 195.159.176.226 (23 Dec 2017 09:44:09 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 23 Dec 2017 09:44:09 +0000 (UTC) User-Agent: NeoMutt/20170609 (1.8.3) To: musl@lists.openwall.com Original-X-From: musl-return-12298-gllmg-musl=m.gmane.org@lists.openwall.com Sat Dec 23 10:44:05 2017 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1eSgLb-0000IT-6P for gllmg-musl@m.gmane.org; Sat, 23 Dec 2017 10:44:03 +0100 Original-Received: (qmail 7225 invoked by uid 550); 23 Dec 2017 09:46:02 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 7182 invoked from network); 23 Dec 2017 09:46:01 -0000 Content-Disposition: inline X-Provags-ID: V03:K0:SjgMdLHlHWplOnEyxdMenyp3+REpue2EnUPSW0gN4ea3Ljyuvea Rr9ilRBTMXMkptsCt5DNIvqF/xR1tuPctP5r4/8Dj5A1LwqKAP/wRW4BXJ/ZyQ0f6THV0ZZ DhiaBBbFZ1dzIB7bxC7cIKTgj4E3H6a3cOL35oXHqILKOFjLx0shCCS7a+qZ+CJISbUAgaN KRcZSpnxmKOX3xF7SVsfA== X-UI-Out-Filterresults: notjunk:1;V01:K0:hHsqelj5YZs=:dpn0tMw3AQe/+ASdcjft+3 /YipWWxpVEZDx0Adw3WpHQHF3yITcgJ1/++3O8DlSUcs9n9myu0QtxhOfpjzQnXRTC6i+wmR0 LugswPSkWRzTlrkZftNVkn2X58FEoEud5ma2HhN/rYJnvCCKgL4T3iA7/PfgL9qYR9d61fN4S GOzziPOc9lGoCbITwfs16YLzDXBnPja7hEfrK9uQjWRSO//ZE98t+AzTk1mHMILGKk/3j2aVA nrWPY6ehmjR/BHNTe26GjkxXnMfNYdOE/fznCnfRGfSGJh0XU8U+KZgY/XNvXD5Uq6fLO/Kqm DJWfrdEcqS59GhgprIMzrNVw6clkh6JvOmx+m4Co/zhJqmxB5gH4ELdaCIGUi+sV6NSFJOoGa k6xlyiL2LuZDVgi4TzRMRdUi6BAB/eqS1C4Zpk7OnUqfhmNjpkvpKVyX0vnq4uKBoXehtP7x7 zub6POZK8s/tGk/RUh7iF1MR/Ts7lU4pM/s1aeOt+FcimcSRfD2k3SAhz/VWrk7MQoUeWTOGG pK92ci6d8D52LUQ88Ruo+TyINCotvzmy2cZCHE8o20tTh/ccee/rGvwp/W2NTYbyWScE3YsZ8 VRkSwKuM838rEXKnzalK8D01rwt+Q5yKj3xzQHkhvzAG0VsKqcb7ivLNS63N1Uf5h+eYjk76V 5OhmqENVBujMQXGepWFrcunafoC5bUmWKJ5PWzk1e82IQf9wqGwiVIpir9SYZl2ul3/7mkQxc 9tMEJWqsDHtyJ9SCzt+K3OPcHaSe0LnSbYe1PYwvsBZuj9jxFX/LZtCZAaJR5x7Oof+IfHZ4 Xref: news.gmane.org gmane.linux.lib.musl.general:12282 Archived-At: --tufmc4wexpnu5qiy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello everyone, all the other arch's (I cared to look at) have well-commented or rather clear assembly sources. Even where it wasn't really needed (PPC's set_thread_area() would be clear enough without comments, as it's only two instructions, neither of which complex). But then there's i386. Without comments, and pulling off some very black magic, I thought it would be worth commenting the files at least in the threads directory. While commenting the files, I noticed something: GS can refer to either the GDT or the LDT, depending on whether the set_thread_area() syscall failed or not. If GS refers to the LDT, then the offset portion of it is 0, so the __clone() function will push an index of 0 on stack. Is Linux smart enough to notice this, or will the clone() syscall then fail with EINVAL? It's not documented, but set_thread_area() will fail with EINVAL if index is out of bounds, and 0 is not a valid value (reason being that the GDT index 0 is never valid; it's actually the null selector and causes a GPF if referenced, or, in case of CS, if loaded). Anyway, enjoy the patch. Ciao, Markus --tufmc4wexpnu5qiy Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="0001-Add-comments-to-i386-threading-assembly-files.patch" >From afb818ccc3d565de95903f0b1cde39b6e437f6bf Mon Sep 17 00:00:00 2001 From: Markus Wichmann Date: Sat, 23 Dec 2017 10:34:31 +0100 Subject: [PATCH] Add comments to i386 threading assembly files. --- src/thread/i386/__set_thread_area.s | 22 ++++++++--------- src/thread/i386/clone.s | 48 +++++++++++++++++++++---------------- 2 files changed, 39 insertions(+), 31 deletions(-) diff --git a/src/thread/i386/__set_thread_area.s b/src/thread/i386/__set_thread_area.s index 3a558fb0..d3eac89e 100644 --- a/src/thread/i386/__set_thread_area.s +++ b/src/thread/i386/__set_thread_area.s @@ -6,20 +6,20 @@ __set_thread_area: push $0x51 push $0xfffff push 16(%esp) - call 1f -1: addl $4f-1b,(%esp) + call 1f /* ebx : 0x51 : 0xfffff : arg : 1f */ +1: addl $4f-1b,(%esp) /* ebx : 0x51 : 0xfffff : arg : 4f */ pop %ecx mov (%ecx),%edx - push %edx + push %edx /* ebx : 0x51 : 0xfffff : arg : [4f] */ mov %esp,%ebx xor %eax,%eax mov $243,%al - int $128 + int $128 /* set_thread_area({.index = [4f], .base = arg, .limit=0xfffff, .seg32_bits, .limit_in_pages, .usable}) */ testl %eax,%eax - jnz 2f + jnz 2f /* if that failed, go to 2 */ movl (%esp),%edx - movl %edx,(%ecx) - leal 3(,%edx,8),%edx + movl %edx,(%ecx) /* save index in [4f] */ + leal 3(,%edx,8),%edx /* multiply index by 8 to get offset for segment selector, add 3 to get CPL 3 */ 3: movw %dx,%gs 1: addl $16,%esp @@ -33,11 +33,11 @@ __set_thread_area: mov $1,%bl mov $16,%dl mov $123,%al - int $128 + int $128 /* modify_ldt(1, {.index = 0, .base = arg, .limit=0xfffff, .seg32_bits, .limit_in_pages, .usable}, 16)*/ testl %eax,%eax - jnz 1b - mov $7,%dl - inc %al + jnz 1b /* if that failed, just clean up and return */ + mov $7,%dl /* else the segment selector has offset 0, is in the LDT, and CPL 3 */ + inc %al /* and return 1 */ jmp 3b .data diff --git a/src/thread/i386/clone.s b/src/thread/i386/clone.s index 52fe7efb..4e25e52d 100644 --- a/src/thread/i386/clone.s +++ b/src/thread/i386/clone.s @@ -1,44 +1,52 @@ .text .global __clone .type __clone,@function +/* args: 8 - fn +12 - stack +16 - flags +20 - td ptr +24 - TID ptr +28 - thread pointer +32 - TID ptr (again?) +*/ __clone: - push %ebp + push %ebp /* function intro */ mov %esp,%ebp push %ebx push %esi push %edi xor %eax,%eax - push $0x51 + push $0x51 /* 0x51 */ mov %gs,%ax - push $0xfffff + push $0xfffff /* 0x51 : 0xfffff */ shr $3,%eax - push 28(%ebp) - push %eax - mov $120,%al + push 28(%ebp) /* 0x51 : 0xfffff : thread pointer */ + push %eax /* 0x51 : 0xfffff : thread pointer : current gs index */ + mov $120,%al /* __NR_clone */ - mov 12(%ebp),%ecx - mov 16(%ebp),%ebx + mov 12(%ebp),%ecx /* ecx = stack */ + mov 16(%ebp),%ebx /* ebx = flags */ and $-16,%ecx - sub $16,%ecx - mov 20(%ebp),%edi - mov %edi,(%ecx) - mov 24(%ebp),%edx - mov %esp,%esi - mov 32(%ebp),%edi - mov 8(%ebp),%ebp - int $128 + sub $16,%ecx /* align stack */ + mov 20(%ebp),%edi /* edi = td pointer */ + mov %edi,(%ecx) /* push td pointer to new stack */ + mov 24(%ebp),%edx /* edx = TID pointer */ + mov %esp,%esi /* esi = esp */ + mov 32(%ebp),%edi /* edi = TID pointer */ + mov 8(%ebp),%ebp /* ebp = start function (for safe-keeping) */ + int $128 /* clone(flags, stack, TID pointer, {.index = current gs index, .base = thread pointer, .limit=0xfffff, .seg32_bit, .limit_in_pages, .usable}, td pointer) */ test %eax,%eax - jnz 1f + jnz 1f /* if that's not 0, just return the return value */ - mov %ebp,%eax + mov %ebp,%eax /* in child: zero out ebp, then call function */ xor %ebp,%ebp call *%eax - mov %eax,%ebx + mov %eax,%ebx /* exit(rv from function) */ xor %eax,%eax inc %eax int $128 - hlt + hlt /* exit didn't exit? Crash! */ 1: add $16,%esp pop %edi -- 2.14.2 --tufmc4wexpnu5qiy--