为什么除了被orig_eax提供EAX? [英] Why is orig_eax provided in addition to eax?
问题描述
为什么是包含在 SYS / user.h 的结构的? orig_eax 成员user_regs_struct
Why is the orig_eax member included in sys/user.h's struct user_regs_struct?
推荐答案
由于它是在结构pt_regs ,这是.... <一个href=\"http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/arch/x86/include/asm/user_32.h#L77\">http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/arch/x86/include/asm/user_32.h#L77
Because it was in struct pt_regs, which is .... http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/arch/x86/include/asm/user_32.h#L77
73 * is still the layout used by user mode (the new
74 * pt_regs doesn't have all registers as the kernel
75 * doesn't use the extra segment registers)
所以,很多的用户空间的实用程序期待一个 orig_eax 字段在这里,所以它被包含在 user_regs_struct 太(要与旧调试器和 ptrace的 RS兼容)
So, a lot of user-space utilities expect an orig_eax field here, so it is included in user_regs_struct too (to be compatible with older debuggers and ptracers)
接下来的问题是:为什么是包含在结构pt_regs 的 orig_eax 会员?。
Next question is "Why is the orig_eax member included in struct pt_regs?".
这是在Linux中0.95 <一加href=\"http://lxr.linux.no/#linux-old+v0.95/include/sys/ptrace.h#L44\">http://lxr.linux.no/#linux-old+v0.95/include/sys/ptrace.h#L44.
我认为这是一些其他UNIX之后完成与 pt_regs 结构。在0.95评论说:
It was added in linux 0.95 http://lxr.linux.no/#linux-old+v0.95/include/sys/ptrace.h#L44.
I suggest this was done after some other unix with pt_regs struct. Comment in 0.95 says
29 * this struct defines the way the registers are stored on the
30 * stack during a system call.
因此, orig_eax 的地方是由系统调用接口中定义。这是<一个href=\"http://lxr.linux.no/#linux-old+v0.95/kernel/sys_call.s\">http://lxr.linux.no/#linux-old+v0.95/kernel/sys_call.s
So, the place of orig_eax is defined by syscall interface. Here it is http://lxr.linux.no/#linux-old+v0.95/kernel/sys_call.s
17 * Stack layout in 'ret_from_system_call':
18 * ptrace needs to have all regs on the stack.
19 * if the order here is changed, it needs to be
20 * updated in fork.c:copy_process, signal.c:do_signal,
21 * ptrace.c ptrace.h
22 *
23 * 0(%esp) - %ebx
...
29 * 18(%esp) - %eax
...
34 * 2C(%esp) - orig_eax
为什么我们需要保存旧的 EAX 两次?因为 EAX 将用于系统调用的返回值(同一个文件,略低于):
Why do we need to save old eax twice? Because eax will be used for the return value of syscall (same file, a bit below):
96_system_call:
97 cld
98 pushl %eax # save orig_eax
99 push %gs
...
102 push %ds
103 pushl %eax # save eax. The return value will be put here.
104 pushl %ebp
...
117 call _sys_call_table(,%eax,4)
ptrace的需要能够同时读取系统调用之前,所有的寄存器状态和系统调用的返回值;但返回值写入%EAX 。然后,原始的 EAX ,使用系统调用将丢失之前。要保存它,有一个 orig_eax 字段。
Ptrace needs to be able to read both all registers state before syscall and the return value of syscall; but the return value is written to %eax. Then original eax, used before syscall will be lost. To save it, there is a orig_eax field.
更新:感谢于R ..和伟大的LXR,我没有在linux 0.95全搜索 orig_eax 的
UPDATE: Thanks to R.. and great LXR, I did a full search of orig_eax in linux 0.95.
它不仅用于ptrace的,而且在 do_signal 重新启动系统调用时(如果有一个系统调用,以结束 ERESTARTSYS )
It is used not only in ptrace, but also in do_signal when restarting a syscall (if there is a syscall, ended with ERESTARTSYS)
158 *(&eax) = orig_eax;
UPDATE2:莱纳斯说一些有趣的事情吧:
这一点很重要ORIG_EAX被设置为某个值是的不的一
有效的系统呼叫号码,因此,系统调用启动逻辑(见
信号处理code)不会触发。
It's important that ORIG_EAX be set to some value that is not a valid system call number, so that the system call restart logic (see the signal handling code) doesn't trigger.
UPDATE3: ptrace的研究应用(调试器)可以改变 orig_eax 来改变系统调用号被称为:< A HREF =http://lkml.org/lkml/1999/10/30/82> http://lkml.org/lkml/1999/10/30/82 (内核的某些版本,则是在EIO ptrace的改变一个ORIG_EAX)
UPDATE3: ptracer app (debugger) can change orig_eax to change system call number to be called: http://lkml.org/lkml/1999/10/30/82 (in some versions of kernel, is was EIO to change in ptrace an ORIG_EAX)
这篇关于为什么除了被orig_eax提供EAX?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
