linux x64 sys_clone parameters with inline assembly

Question

linux x64 sys_clone parameters with inline assembly

Im trying to execute 'sys_clone' using inline assembly in C but 'sys_clone' parameters are not the same as 'clone()' function in C ... in fact, im talking about the x86_64 version of sys_clone:

rax => 56
rdi => clone_flags
rsi => newsp
rdx => parent_tid (void *)
r10 => child_tid  (void *)
r8  => tid        (unsigned)

this is my source code:

    #include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

#define CLONE_VM        0x00000100
#define CLONE_FS        0x00000200
#define CLONE_FILES     0x00000400
#define CLONE_SIGHAND   0x00000800
#define CLONE_PARENT    0x00008000
#define CLONE_THREAD    0x00010000
#define CLONE_IO        0x80000000

#define SIGCHLD         20

#define THREAD_FLAGS    (CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_PARENT | CLONE_THREAD | CLONE_IO)

int
func(void * data) {
    printf("Child function is called\n");
    return 0;
}

int
main() {

    void * memory = malloc((1024 * 1024));
    if(memory == NULL) {
        printf("Memory allocation failed\n");
        return EXIT_FAILURE;
    }

    void * memory_end = (memory + (1024 * 1024));

    // Move th address of 'func' function into the memory
    (*(unsigned long long *)(memory_end - 8)) = (unsigned long long) & func;

    // is it right to set 'child_tid' and 'tid' to 0 ?!!!!!!
    register unsigned child_tid asm("r10") = 0;
    register unsigned tid       asm("r8")  = 0;

    int pid;
    // sys_clone (56)
    asm volatile ("syscall"
    : "=a" (pid)
    : "a" (56), "D" (THREAD_FLAGS), "S" (memory_end), "d" (NULL), "r" (child_tid), "r" (tid)
    : "rcx", "r11", "memory");
    if(pid < 0) {
        printf("Unable to create the requested child process\n");
        free(memory);
        return EXIT_FAILURE;
    }

   sleep(5); // sleep 5 seconds to print child function 'func' message

    free(memory);
    return EXIT_SUCCESS;
}

i have no error on executing this program but my child process function 'func' is not execute !!!!!! and program exit without executing the 'func' function !!!

i think something is wrong with my 'sys_clone' parameters !!!

strace =>

mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e28634000
clone(child_stack=0x7f3e28734010, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_PARENT|CLONE_THREAD|CLONE_IOstrace: Process 12068 attached
) = 12068
[pid 12067] nanosleep({tv_sec=3, tv_nsec=0},  <unfinished ...>
[pid 12068] nanosleep({tv_sec=3, tv_nsec=0},  <unfinished ...>
[pid 12067] <... nanosleep resumed>0x7fff49e495f0) = 0
[pid 12068] <... nanosleep resumed>0x7f3e28733fd0) = 0
[pid 12068] munmap(0x7f3e28634000, 1052672 <unfinished ...>
[pid 12067] munmap(0x7f3e28634000, 1052672 <unfinished ...>
[pid 12068] <... munmap resumed>)       = 0
[pid 12067] <... munmap resumed>)       = 0
[pid 12068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x7f3e28734008} ---
[pid 12067] exit_group(0)               = ?
[pid 12068] +++ killed by SIGSEGV (core dumped) +++
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)

c

multithreading

assembly

x86-64

asked on Stack Overflow Mar 10, 2020 by

ELHASKSERVERS • edited Mar 10, 2020 by

ELHASKSERVERS

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0