System Call Process Analysis

"System Call" is a service provided by the operating system for user programs to call. These services are functions provided in advance by the system. At this point, system calls are no different from common user programs. The difference is that "system calls" are provided to users by the operating system. These services are closer to the underlying layer or require higher security. Therefore, the operating system can achieve and manage them in a unified manner.

During program writing, programmers often need to call "system call" to complete specific tasks. Taking the tutorial Linux operating system xv6 as an example, we use the print operation as the main line to describe the Code Implementation of the System Call and the whole process of the system call, the processing process of other system calls is actually the same.

The final form of the print operation is the printf () function, which is defined in the file printf. C. View the definition of printf (). The putc () function is called in the function for output. Continue to trace the definition of the putc () function. We found that the write function was called, here, we will continue to track the write function and find its declaration in user. in H: int write (INT, void *, INT), but the specific implementation of the C code corresponding to this declaration cannot be found. This is a system call. Next we will analyze the implementation principle and process of the system call.

To clearly understand the system call process, we need to compile the write function into assembly code. When the compiler assembles the write (int A, void * B, int c) function, it assembles it into the following form: first, the parameters of the write function are pushed to the stack in sequence, then, use the call statement to go to the corresponding entry of the write function, that is, the following form:
Push
Push B
Push C
Call write

However, since the write function is not defined in the form of C code, where is the entry of the write function? Let's take a look at the usys. s file. This file first defines a macro stub, and then has a sentence stub (write). Expand the macro statement as follows:
. Global write;
Write:
Movl $ sys_write, % eax;
Int $ t_syscall;
RET

So far, we can see that the entry to the write function is originally here. So what is going on after entering this write entry? In syscall. H, we found that $ sys_write originally corresponds to this number 5, which is the system call number corresponding to the system call. So we know that two things are actually done in the write function. One is to store the system call number corresponding to write in the eax register, then, the int 30h is used to indicate the processor to perform the system call operation. The next step is the specific processing of the system call. As the system call is used as a type of interrupt, the construction interrupt detection of int 30 h here and the conversion to kernel state can be referred to the analysis of the general interrupt processing process. To maintain the consistency of our thinking, we will skip this section and continue to analyze how the system call code corresponding to a system call number is found and executed.

We know that after the processor obtains the system call number in the eax register, it will find the entry function address corresponding to the system call in the system call table and then execute the function. So where is the address?

In syscall. C, we can see an array containing the function pointer static int (* syscall[]) (void) = {[sys_write] sys_write ,......}, For each system call name in this array, the address of the sys_name function is stored in the array's sys_name subscript. In xv6, all system calls are encapsulated into int sys_name (void) such as the Write System Call, the corresponding encapsulation is the sys_write () function. In this array, the system call number sys_write is associated with the function pointer sys_write, so where can this function be called?

View the code of the void syscall (void) function:
Void
Syscall (void)
{
Int num;
Num = CP-> TF-> eax;
If (Num> = 0 & num TF-> eax = syscils [num] ();
} Else {
Cprintf ("% d % s: Unknown sys call % d \ n ",
CP-> PID, CP-> name, num );
CP-> TF-> eax =-1;
}
}
As you can see, the processor obtains the system call number num from the eax register of the interrupt detection, and then uses CP-> TF-> eax = syscils [num] () this statement calls the function pointed to by the entry address syscils [num], and stores the returned results of the function in the interrupt detection eax register. So what exactly has this function been executed? We still use write as an example to simply list the sys_write function code below:
Int
Sys_write (void)
{
Struct file * F;
Int N;
Char * P;

If (argfd (0, 0, & F) <0 | argint (2, & N) <0 | argptr (1, & P, n) <0)
Return-1;
Return filewrite (F, P, N );
}
We can see that after entering the function, we first perform the three parameter fetch process. This is exactly the parameter that is pressed by the push operation compiled by the write function. After obtaining these parameters, you can call different functions based on the specific application to complete the required logic. Now we see the complete system call process.

PS: The application calls the write function, first into uclibc, uclibc will write the system call number and parameters stored in R7, and r0-r6, and then trigger Soft Interrupt, before the Soft Interrupt Processing Process, the advanced address space conversion and stack switching are saved. Then, the interrupt processing is performed, the interrupt number and parameters are read in the interrupt processing, and the interrupt service routine is found and executed, switch the stack after exiting the interruption, return to the user State, and continue executing the user program