tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Tests requiring MD hooks

On Jul 11, 2011, at 11:59 PM, David Laight wrote:

> On Sun, Jul 10, 2011 at 09:38:13PM -0700, Matt Thomas wrote:
>> On Jul 10, 2011, at 7:58 PM, Valeriy E. Ushakov wrote:
>>>> That seems to be a bit tricky to write in a portable way: testing --x
>>>> right in memory pages requires to put/copy some payload in a page and
>>>> call it.
>>> dlopen something, find a function with dlsym, disable exec on that
>>> page and call the function.  Catch SIGSEGV, check siginfo.  mprotect
>>> it back and call the function again.
>> doesn't work when the target uses function descriptors.
> I'm confused (not difficult these days!).
> dlsym() returns 'void *', there is no separate dlsym_function_ptr() that
> can return a 'fat' function pointer, or is the symbol attached to
> something more akin to an x86 'call gate descriptor' - which is used
> as the target of the call instruction?

On hppa and powerpc64, dlsym returns a pointer to function descriptor.  On 
powerpc64, that contains a pointer to the function, a pointer to its TOC (GOT),
and a pointer to an environment address (not used in C).

xc(void (*func)(void))

        mflr %r0                get return address
        ld %r11,16(%r3)         loads environment addressj
        std %r0,16(%r1)         save return address
        stdu %r1,-112(%r1)      allocate stack frame
        ld %r0,0(%r3)           loads function address
        mtctr %r0               save to indirect register
        std %r2,40(%r1)         save our toc address
        ld %r2,8(%r3)           loads function's TOC
        bctrl                   indirect call
        ld 2,40(1)              restore our toc address
        addi %r1,%r1,112        free stack frame
        ld %r0,16(%r1)          load return address
        mtlr %r0                save to indirect register
        blr                     return

Home | Main Index | Thread Index | Old Index