This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: More on %gs:0x0
On Mon, 2009-08-24 at 19:25 +0100, Mark Seaborn wrote:
> Amittai Aviram <amittai.aviram@yale.edu> wrote:
>
> > Here is a follow-up to my previous query. My question remains this:
> > how do values get into %gs:0x0?
>
> > The final step will show me zillions of instances of moving data from
> > location %gs:0x0 to a general purpose register, but not a single
> > instance of moving data _into_ location %gs:0x0. How does anything
> > except 0 ever get into %gs:0x0?
>
> I'd suggest reading Ulrich Drepper's document about the TLS ABIs -
> http://people.redhat.com/drepper/tls.pdf - and also read about how
> segment registers work on i386.
[...]
Thanks! I also find it puzzling why glibc's ___printf_fp would fetch a
value from an address that is 32 _below_ the start of the TLB:
ï805bfff: 65 8b 1d 00 00 00 00 mov %gs:0x0,%ebx
805c006: b8 e0 ff ff ff mov $0xffffffe0,%eax
805c00b: 89 9d f8 fe ff ff mov %ebx,-0x108(%ebp)
805c011: 8b 04 03 mov (%ebx,%eax,1),%eax
805c014: 8b 00 mov (%eax),%eax
The first line above fetches the TLB start address (let's call it
tlb_start). The next instruction loads -32 into eax. In the fourth
instruction, the value found at the location tlb_start - 32 is loaded
into eax. Why would the library refer to an address with a negative
offset (or index, in this case) from tlb_start? Thanks.
Amittai
ï
-
Amittai F. Aviram
Graduate Student
Computer Science
Yale University
New Haven, CT 06520
203 772 0639 (home) | 646 483 2639 (cell) | 203 432 6492