Fork function in kernel state tracing __ function

1. According to the test process of setting up the environment

After QEMU executes the test_fork command in the virtual machine, the program executes to the Do_fork.

2. Enter the BT command on the DDD console, trace the upper function, and find the function that calls Do_fork ()

You can find that the previous layer function is Sys_clone, add a breakpoint at Sys_clone, and continue to analyze the function.

3. The system executes to the Sys_clone place and finds that the Do_fork function is called at the return place. Go on

Trace the upper function and find the function that called Sys_clone. Enter the BT command and find that the upper function is ptregs_clone. In the Entry_32.s file. Because the system triggers the Ptregs_clone multiple times when it triggers the sys_clone, it goes directly to the Entry_32.s file to parse the function.

4. Found by finding the function head, this is the Sys_clone entry handler function. and called the Sys_clone function.

5. Continue to trace the upper function, through the BT command found is signal handler called. Unable to continue analysis, only through the Info frame1 view its information, find this layer function Sysenter_do_call, it is in ENTRY_32.S

File.

6. As the BT has been unable to continue tracking analysis, only from the source analysis, find Sysenter_do_call call function in Sysenter_do_call, found the entrance to the Ptregs_clone is through Call*sys_call_table ( ,%eax,4) command to enter, by looking at the system call table to enter.

The specific call procedure is shown in the following illustration:

7. Continue tracking to find the function header that calls Sysenter_do_call.

Because Ia32_sysenter_target is a sysenter entry function in kernel space, its process is similar to that of System_call.

Ia32_sysenter_target and System_call are both defined in/ARCH/X86/KERNEL/ENTRY32. In S.

At this point, the entire analysis process has been completed.

8. Combined with the fork function in the user state tracking and in the kernel state tracking, we summarize the system call process.

(1) Executing applications in virtual machines

(2) The program calls the encapsulation routine in libc, encapsulates the routine syscall call, and sends the system call number to the kernel. Specific analysis found. Syscall will send the system call number by calling the __kernel_vsyscall function.

(3) The __kernel_vsyscall function performs sysenter fast system call, which is entered into the kernel state by the user state.

(4) When Sysenter enters the kernel state, it first finds the entry function Ia32_sysenter_target that executes the system call.

(5) Execute to the Sysenter_do_call function, through the call *sys_call_table (,%eax,4) command, find the Sys_clone system calls the entry function Ptregs_clone.

(6) Enter the Ptregs_clone function, the function body calls the Sys_clone function.

(7) Continue to enter the Sys_clone function and find that the function body calls the Do_fork function.

(8) Executes the Do_fork function, this function completes the child process creation and so on work, is also the fork function execution key work. The system calls are then exited step-by-step through a ret instruction. At this point, the system call process completes. The specific process is shown in the following illustration:

、

(9) After the completion of the fork function, if the creation of a new process succeeds, there are two processes, one is a child process, the other is a parent process. In the subprocess, the fork function returns 0, and in the parent process, fork returns the process ID of the newly created child process. We can determine whether the current process is a subprocess or a parent process by fork the returned value.

Document Download Address: Very full: http://download.csdn.net/detail/u014734779/7417169