The ret from fork Function

The ret_from_fork( ) function is executed by the child process right after its creation through a fork( ), vfork( ), or clone( ) system call (see Section 3.4.1). It is essentially equivalent to the following assembly language code:

ret from fork: pushl %ebx call schedule tail addl $4,%esp movl $0xffffe000,%ebx andl %esp,%ebx testb $0x02,24(%ebx) jne tracesys_exit jmp ret from sys call tracesys_exit:

call syscall_trace

Initially, the ebx register stores the address of the parent's process descriptor; this value is passed to the schedule_tail( ) function as a parameter (see Chapter 11). When that function returns, ebx is reloaded with the current's process descriptor address. Then the ret_from_fork( ) function checks the value of the ptrace field of the current (at offset 24 of the process descriptor). If the field is not null, the fork( ), vfork( ), or clone( ) system call is traced, so the syscall_trace( ) function is invoked to notify the debugging process. We give more details on system call tracing in Chapter 9.

I [email protected] RuBoard

Continue reading here: Kernel Synchronization

Was this article helpful?

0 0