Mauerer runapp01.tex V1 - 09/04/2008 6:08pm Page 1122Appendix A: Architecture Specifics
A.7 Thread Representation
The state of a running process is defined primarily by the contents of the processor registers. Processes
that are not currently running must keep this data in corresponding data structures from which the data
can be read and moved to the appropriate registers when the process is next activated by the scheduler.
The structures needed to do this are defined in the following files:❑ <asm-arch/ptrace.h>provides thept_regsstructure to hold all registers that are placed on the
kernel stack when the process switches from user mode to space mode as a result of a system
call, an interrupt, or any other mechanism. The file also defines the sequence of the registers on
the stack by means of pre-processor constants. This is necessary when tracing a process in order
to read register values from the stack.
❑ <asm-arch/processor.h>accommodates thethread_structstructure used to describe all
other registers and all other task state information. This structure is typically split into further
processor-specific components.
❑ <asm-arch/thread.h>defines thethread_infostructure (not to be confused with
thread_struct), which contains all task structure elements that the assembler code must access
to implement kernel entry and exit.The definitions ofpt_regsandthread_structas they apply on the most popular architectures are
reproduced in the following sections to provide an overview of their register sets.A.7.1 IA-32
The IA-32 architecture suffers permanent register shortage, so there is not much to save when kernel
mode is entered, as the following definition ofpt_regsshows:include/asm-x86/ptrace.h
struct pt_regs {
long ebx;
long ecx;
long edx;
long esi;
long edi;
long ebp;
long eax;
int xds;
int xes;
long orig_eax;
long eip;
int xcs;
long eflags;
long esp;
int xss;
};What’s conspicuous here is that theorig_eaxfield contains an extra value in addition to the register
values. Its purpose is to store the system call number passed in theeaxregister when kernel mode is
entered. Because this register is also used to transfer the result into userspace, it must be modified during
the course of the system call. Nevertheless, it is stillpossible to determine the number of the system call
viaorig_eax(if, for example, the process is traced usingptrace).