<div dir="ltr"><div>Hi, <br><br></div>while in the pursuit of learning to understand assembly ..<br><div><div>This is my doubt ..Please help to understand<br></div><div><br></div><div><u><b>I want to catch where in this disassembly call is made to get_sb function.</b></u><br>
</div><div><br>Somehow in this disassembly, i m not finding, a direct <u><b>call</b></u> instruction, with function name, written in english.<br></div><div>Hence, i m trying to interpret assembly and correlate with source code in C line by line.<br>
<br></div><div>I have written my understanding in comments herewith assembly ..Kindly help to correct<br></div><div>--------------------------------------------------------------------------------------------------------------------------------------------------<br>
crash> dis vfs_kern_mount<br><span style="color:rgb(255,153,0)">0xffffffff81183880 <vfs_kern_mount>: push %rbp<br>0xffffffff81183881 <vfs_kern_mount+1>: mov %rsp,%rbp<br>0xffffffff81183884 <vfs_kern_mount+4>: sub $0x40,%rsp<br>
0xffffffff81183888 <vfs_kern_mount+8>: mov %rbx,-0x28(%rbp)<br>0xffffffff8118388c <vfs_kern_mount+12>: mov %r12,-0x20(%rbp)<br>0xffffffff81183890 <vfs_kern_mount+16>: mov %r13,-0x18(%rbp)<br>0xffffffff81183894 <vfs_kern_mount+20>: mov %r14,-0x10(%rbp)<br>
0xffffffff81183898 <vfs_kern_mount+24>: mov %r15,-0x8(%rbp)<br>0xffffffff8118389c <vfs_kern_mount+28>: nopl 0x0(%rax,%rax,1)<br>0xffffffff811838a1 <vfs_kern_mount+33>: mov $0xffffffffffffffed,%rbx<br>
0xffffffff811838a8 <vfs_kern_mount+40>: test %rdi,%rdi<br>0xffffffff811838ab <vfs_kern_mount+43>: mov %rdi,%r12<br>0xffffffff811838ae <vfs_kern_mount+46>: mov %esi,%r13d<br>0xffffffff811838b1 <vfs_kern_mount+49>: mov %rdx,%r14<br>
0xffffffff811838b4 <vfs_kern_mount+52>: je 0xffffffff8118395b <vfs_kern_mount+219><br>0xffffffff811838ba <vfs_kern_mount+58>: mov %rdx,%rdi<br>0xffffffff811838bd <vfs_kern_mount+61>: mov %rcx,-0x38(%rbp)</span><br>
</div><div><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<IGNORING THE ABOVE TEXT FOR NOW>>>>>>>>>>>>>>>>>>>>>>>><br>
</div><div><br>0xffffffff811838c1 <vfs_kern_mount+65>: callq 0xffffffff811a1f60 <<u><b><font size="4">alloc_vfsmnt</font>></b></u>>>>>>>>>>>>>>>>>>>>>>>>>>>><br>
<br>0xffffffff811838c6 <vfs_kern_mount+70>: test %rax,%rax<b><span style="color:rgb(255,0,255)"><span style="background-color:rgb(243,243,243)">>>>should contain mnt </span></span></b><br>0xffffffff811838c9 <vfs_kern_mount+73>: mov %rax,%rbx<br>
0xffffffff811838cc <vfs_kern_mount+76>: mov -0x38(%rbp),%rcx<br>0xffffffff811838d0 <vfs_kern_mount+80>: je 0xffffffff811839f0 <vfs_kern_mount+368<b><span style="color:rgb(255,0,255)">>>>>>>goto out, if rax is 0 </span></b><br>
<br>0xffffffff811838d6 <vfs_kern_mount+86>: test %rcx,%rcx>>>>if data is false = 0 <br>0xffffffff811838d9 <vfs_kern_mount+89>: je 0xffffffff811838e7 <vfs_kern_mount+103<b><span style="color:rgb(255,0,255)">>>>>>>type->get_sb()</span></b><br>
<br>0xffffffff811838db <vfs_kern_mount+91>: testb $0x2,0x8(%r12)>>>r12 contains type<br>0xffffffff811838e1 <vfs_kern_mount+97>: je 0xffffffff811839b8 <vfs_kern_mount+312<b><span style="color:rgb(255,0,255)">>>>>>>>>alloc_secdata</span></b><br>
<br>0xffffffff811838e7 <vfs_kern_mount+103>: xor %r15d,%r15d<br>0xffffffff811838ea <vfs_kern_mount+106>: mov %rbx,%r8<br>0xffffffff811838ed <vfs_kern_mount+109>: mov %r14,%rdx<br>
0xffffffff811838f0 <vfs_kern_mount+112>: mov %r13d,%esi<br>0xffffffff811838f3 <vfs_kern_mount+115>: mov %r12,%rdi<br>0xffffffff811838f6 <vfs_kern_mount+118>: callq *0x10(%r12)<b><span style="color:rgb(255,0,255)">>>>>>>>>>>security_sb_copy_data</span><br>
</b><br>0xffffffff811838fb <vfs_kern_mount+123>: test %eax,%eax<br>0xffffffff811838fd <vfs_kern_mount+125>: js 0xffffffff81183990 <vfs_kern_mount+272<b><span style="color:rgb(255,0,255)">>>>>>>>goto out_free_secdata </span></b><br>
0xffffffff81183903 <vfs_kern_mount+131>: mov 0x28(%rbx),%rax<br>0xffffffff81183907 <vfs_kern_mount+135>: test %rax,%rax<br>0xffffffff8118390a <vfs_kern_mount+138>: je 0xffffffff811839fc <vfs_kern_mount+380<b><span style="color:rgb(255,0,255)">>>>>>>>>>> get_sb</span></b><br>
0xffffffff81183910 <vfs_kern_mount+144>: orq $0x20000000,0x58(%rax)<br>0xffffffff81183918 <vfs_kern_mount+152>: mov %r15,%rdx<br>0xffffffff8118391b <vfs_kern_mount+155>: mov %r13d,%esi<br>
0xffffffff8118391e <vfs_kern_mount+158>: mov 0x28(%rbx),%rdi<br>0xffffffff81183922 <vfs_kern_mount+162>: callq 0xffffffff8121b9b0 <<font size="4"><b>security_sb_kern_mount>>>>>>>>>>>>>>>>>>>>>>>>></b></font><br>
</div><div><br><br><<<<<<<<<<<<<<IGNORING THE BELOW TEXT TOO>>>>>>>>>>>>>>>>>>>>>>>><br></div><div><span style="color:rgb(255,153,0)">0xffffffff81183927 <vfs_kern_mount+167>: test %eax,%eax<br>
0xffffffff81183929 <vfs_kern_mount+169>: jne 0xffffffff81183978 <vfs_kern_mount+248><br>0xffffffff8118392b <vfs_kern_mount+171>: mov 0x28(%rbx),%rdi<br>0xffffffff8118392f <vfs_kern_mount+175>: mov 0x28(%rdi),%r8<br>
0xffffffff81183933 <vfs_kern_mount+179>: test %r8,%r8<br>0xffffffff81183936 <vfs_kern_mount+182>: js 0xffffffff81183a02 <vfs_kern_mount+386><br>0xffffffff8118393c <vfs_kern_mount+188>: mov 0x20(%rbx),%rax<br>
0xffffffff81183940 <vfs_kern_mount+192>: add $0x70,%rdi<br>0xffffffff81183944 <vfs_kern_mount+196>: mov %rbx,0x10(%rbx)<br>0xffffffff81183948 <vfs_kern_mount+200>: mov %rax,0x18(%rbx)<br>
0xffffffff8118394c <vfs_kern_mount+204>: callq 0xffffffff8109c1a0 <up_write><br>0xffffffff81183951 <vfs_kern_mount+209>: xor %esi,%esi<br>0xffffffff81183953 <vfs_kern_mount+211>: mov %r15,%rdi<br>
0xffffffff81183956 <vfs_kern_mount+214>: callq 0xffffffff8112c820 <free_pages></span><br><br></div><div><br><br><u><b>Thats the definition of function</b></u><br></div><div><br>vfs_kern_mount(struct file_system_type *type, int flags, const char *name, void *data)<br>
{<br> struct vfsmount *mnt;<br> char *secdata = NULL;<br> int error;<br><br> if (!type)<br> return ERR_PTR(-ENODEV);<br><br> error = -ENOMEM;<br><br> <font size="4"><b> mnt = alloc_vfsmnt(name);</b></font><br>
if (!mnt)<br> goto out;<br><br></div><div><b><<<<<<<<<<<<<<THIS PORTION, IS NOT VISIBLE TO ME, </b><b><b>IN ASSEMBLY </b>>>>>>>>>>>>>>>></b><br>
</div><div> <span style="color:rgb(255,0,0)"> if (data && !(type->fs_flags & FS_BINARY_MOUNTDATA)) {<br> secdata = alloc_secdata();<br> if (!secdata)<br> goto out_mnt;<br>
<br> error = security_sb_copy_data(data, secdata);<br> if (error)<br> goto out_free_secdata;<br> }</span><br> <br><b> error = type->get_sb(type, flags, name, data, mnt);>>>>>>>>>>>>>>>>thats the line i want to catch, in assembly above. Where is this call made in assembly ???</b><br>
if (error < 0)<br> goto out_free_secdata;<br> BUG_ON(!mnt->mnt_sb);<br> mnt->mnt_sb->s_flags |= MS_BORN;<br> <br> <font size="4"><b> error = security_sb_kern_mount(mnt->mnt_sb, flags, secdata);</b></font><br>
if (error)<br> goto out_sb;<br>.<br>.<span style="color:rgb(255,153,0)"> </span><br>.<br>.<br>.<br><b>out_sb:</b><br> dput(mnt->mnt_root);<br> deactivate_locked_super(mnt->mnt_sb);<br>
<b>out_free_secdata</b>:<br> free_secdata(secdata);<br><b>out_mnt:</b><br> free_vfsmnt(mnt);<br><b>out:</b> >>>368<br> return ERR_PTR(error);<br>}<br><br><br> <br><br><br><br></div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Aug 14, 2013 at 5:05 PM, <span dir="ltr"><<a href="mailto:Valdis.Kletnieks@vt.edu" target="_blank">Valdis.Kletnieks@vt.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On Wed, 14 Aug 2013 16:14:34 +0530, nidhi mittal hada said:<br>
<br>
> 1)if i want to get value of a local variable, of a function, from stack<br>
> trace thats bt-f output, obtained using crash ..<br>
> No where AMD64 ABI mentions how local variables are stored ..<br>
> is it in some specific sequence of registers ? is it in stack ?<br>
<br>
</div>Yes, no, maybe, depends on how smart the compiler is. Local variables<br>
are local, and thus by definition not part of the ABI. The compiler<br>
may decide that a given 'int' can be kept in %r8 for most of the<br>
time, but stored at 24 bytes into the stack across 1 function call,<br>
and another variable is in %r9 most of the time, but in that same location<br>
24 bytes into the stack across a different function call (and that's<br>
OK, because it always knows which variable is using that location<br>
24 bytes into the stack when).<br>
<br>
In some cases, a variable may even be totally optimized out of existence.<br>
For example, if you have<br>
<br>
int foo ( int c ) {<br>
int a, b;<br>
<br>
b = c * 5;<br>
a = b + getpid();<br>
return a;<br>
}<br>
<br>
the compiler can (and probably *will*) optimize both a and b<br>
away and convert it to 'return (c*5 + getpid());'<br>
</blockquote></div><br><br clear="all"><br>-- <br>Thanks & Regards <br>Nidhi Mittal Hada<br><br><a href="http://nidhi-searchingmyself.blogspot.com/" target="_blank">http://nidhi-searchingmyself.blogspot.com/</a><br><br>
</div></div>