0

following piece of code is part of program present at this link http://dune.scs.stanford.edu/. I/we am/are not able to understand its dune.S file specifically following piece. I hope this piece is calling DUNE_ENTER ioctl command defined as

#define DUNE_ENTER _IOR(DUNE_MINOR, 0x01, struct dune_config) Am I right?

.globl __dune_enter
__dune_enter://called in entry.c::do_dune_enter
    pushfq
    subq    $REG_END, %rsp
    SAVE_REGS 1, 0
    SAVE_REST
    movq    %rsp, DUNE_CFG_RSP(%rsi)
    movq    %rsi, %rdx
    movq    $0x8020e901, %rsi /* XXX DUNE_ENTER */ //me: how does he in advance knows the address of dune_enter
    movq    $16, %rax /* __NR_ioctl */
    syscall //me:is instruction just like sysenter or int 80 for x86_64

    cmpq    $0, %rax
    jnz __dune_ret
    movq    DUNE_CFG_RET(%rdx), %rdi
    movq    $60, %rax /* __NR_exit */
    syscall

.globl  __dune_ret
__dune_ret:
    RESTORE_REST
    RESTORE_REGS 1, 0
    addq    $REG_END, %rsp
    popfq
    retq

Any comment or help even you feel simple and already understood will be much appreciated

Jester
  • 56,577
  • 4
  • 81
  • 125
incompetent
  • 1,715
  • 18
  • 29

1 Answers1

2

$0x8020e901 is not the address of anything. It's encoded information about the type, the function, the direction and the argument size. It's created by the _IOR macro through other macros:

#define _IOC_NRBITS     8
#define _IOC_TYPEBITS   8

/*
 * Let any architecture override either of the following before
 * including this file.
 */

#ifndef _IOC_SIZEBITS
# define _IOC_SIZEBITS  14
#endif

#ifndef _IOC_DIRBITS
# define _IOC_DIRBITS   2
#endif

#define _IOC_NRSHIFT    0
#define _IOC_TYPESHIFT  (_IOC_NRSHIFT+_IOC_NRBITS)
#define _IOC_SIZESHIFT  (_IOC_TYPESHIFT+_IOC_TYPEBITS)
#define _IOC_DIRSHIFT   (_IOC_SIZESHIFT+_IOC_SIZEBITS)

#ifndef _IOC_READ
# define _IOC_READ      2U
#endif

#define _IOC(dir,type,nr,size) \
        (((dir)  << _IOC_DIRSHIFT) | \
         ((type) << _IOC_TYPESHIFT) | \
         ((nr)   << _IOC_NRSHIFT) | \
         ((size) << _IOC_SIZESHIFT))

#define _IOR(type,nr,size)
  _IOC(_IOC_READ,(type),(nr),(_IOC_TYPECHECK(size)))

So what this all boils down by default is this:

Bits
 0- 7  function number
 8-15  type
16-29  size
30-31  direction

Reverse engineering the number we can see that DUNE_MINOR is 0xe9 and sizeof(struct dune_config) should be 0x20.

Jester
  • 56,577
  • 4
  • 81
  • 125
  • thanks a lot for your answer. I am hitting my head with concept you provided from linux device driver but no use. But I tink now problem boils down to my level (I hope so) why %RAX has $16 while ioctl has syscall number 54? – incompetent Nov 29 '15 at 16:40
  • 2
    `ioctl` numbers are not the same on 32 and 64 bit. `54` is the 32 bit number, `16` is the 64 bit one. – Jester Nov 29 '15 at 17:00