How to add a system call in Linux

Source: Internet
Author: User
Article Title: Add a system call method in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

  1. Basic principles of linux system calls

The linux system is compatible with POSIX and is also a set of C language function names. However, the internal implementation method of linux system calls is similar to the INT 21H of DOC. It is a service that enters through the Soft Interrupt of INT 0x80 h, and then serves in different categories according to the system call number.

From the perspective of system analysis, linux calls involve four problems.

(1) data structures and functions related to system calls

The function name starts with "sys _" and is called by the system. For example, the system calls the fork () Response Function sys_fork () (see Kernel/fork. c), the response function of exit () is sys_exit () (see kernel/fork. c ).

The include/asm/unisted. h file specifies a unique number for each system call. If the name is used to represent the name of the system call, the relationship between the system call number and the system call response function is: Use the system call number _ NR_name as the subscript to find the system call table sys_call_table (see

The contents of the corresponding table item in arch/i386/kernel/entry. S), which is the entry address of the sys_name response function called by the system. The system call table sys_call_table records the position of each sys_name function in the table, a total of 190 items. With this table, it is easy to find the corresponding entry address of the System Call response function based on the offset of the specific system call in the table. There are a total of 256 Items in the system call table, and the remaining items are the system call space that can be added by the user.

(2) the process of converting the system call command of a process to INT 0x80 interrupted

Macro definition _ syscallN () SEE include/asm/unisted. h) for format conversion and parameter transfer of system calls. N is 0 ~ An integer between 5. _ SyscallN () is responsible for format conversion and parameter transmission for system calls with N parameters. The system call number is placed in the EAX register. After INT 0x80 is started, the returned value is required to be sent to the EAX register.

(3) initialization of the system call function module

The initialization of the system call is the initialization of INT 0x80. When the system starts, compile the subroutine setup_idt (see arch/i386/kernel/head. s) Prepare an idt table with 256 items, which is composed of start_kernel () (see init/main. c), trap_init () (see

Arch/i386/kernel/traps. c) macro definition of c language called

Set_system_gate (0x80, & system_call) (see include/asm/system. h). Set the Soft Interrupt Service Program 0x80 to system_call (see

Arch/i386/kernel/entry. S), system. call is the total entry point for all system calls.

(4) How does the kernel call services for various systems?

When a process needs to be called, a system call command must be written in the form of a C language function. If the command has been expanded by the corresponding _ syscallN () in a header file, the user program must contain the file. When a process executes a system call command of a user program, it actually executes a function expanded by macro command _ syscallN. System Call parameters are transmitted by common registers, and then INT 0x80 is executed. The inner core enters the entry address system_call.

(5) ret_from_sys_call

The assembler section at the ret_from_sys_call entry plays an important role in linux Process Management. All system calls are directed to this entry address before the end of the call and before most services are interrupted are returned. This program is not only a system call service, but also handles interrupt nesting, CPU scheduling, signals, and other transactions.

  2. Add a system call by modifying the kernel source code

By analyzing the linux System Call process, it is easy to add your system call to the kernel. Next we will introduce an actual system call and add it to the kernel. The system call to be added is inttestsyscall (). Its function is to display hello world on the control terminal screen and return 0 after successful execution.

1. Compile inttestsyscall () system call

Writing a system call means adding a function to the kernel and placing the new function into the file kernel/sys. c. The new function code is as follows:

Asmlingkage sys_testsyscall ()

{Console_print ("hello world \ n ");

Return 0;


2. connect to a new system call

After writing a new system call process, the next task is to let the rest of the kernel know the existence of this program, and then re-build the kernel that contains the new system call. To connect a new function to an existing kernel, You need to edit two files:

1). Add inculde/asm/unistd. h to this file

# Define_NR_testsyscall 191

2). are/i386/kernel/entry. s is used to initialize the pointer array. Add a line in this file:

. Long SYMBOL_NAME (_ sys_tsetsycall)

Change the. rept NR_syscalls-190 to NR_SYSCALLS-191, then rereward and run the new kernel.

3). Use the new system call

There is no new program segment called by the system in the C language library, and the Code must be set up as follows:

# Inculde

_ Syscall0 (int, testsyscall)

Main ()


Tsetsyscall ();


Here the _ syscall0 () macro command is used. The macro command itself expands to a function named syscall () in the program, which is called inside the main () function. In the testsyscall () function, the Preprocessing Program generates all the necessary machine instruction code, including loading the corresponding cpu register with the system call parameter value, and then executing the int 0x80 interrupt instruction.

  3. Use the kernel module to add system calls

A module is a part of the kernel, but it is not compiled into the kernel. They are compiled and connected to a set of target files, which can be inserted into the running kernel or removed from the running kernel. The kernel module must have at least two functions:

Int_module and cleanup_module. The first function is called when the module is inserted into the kernel. The second function is called when the module is deleted. Because the kernel module is part of the kernel, it can access all kernel resources. Based on the analysis of the linux System Call mechanism, if you want to add a system call, you can write your own function for implementation, and then add an item in the sys_call_table table so that the pointer in this item points to the function you have compiled, you can call the system. Testsyscall () is called by the system that prints "hello world" on the control terminal ().

1) Compile the system call kernel module

# Inculde (linux/kernel. h)

# Inculde (linux/module. h)

# Inculde (linux/modversions. h)

# Inculde (linux/sched. h)

# Inculde (asm/uaccess. h)

# Define_NR_testsyscall 191

Extern viod * sys_call + table [];

Asmlinkage int testsyscall ()

{Printf ("hello world \ n ");

Return 0;


Int init_module ()

{Sys_call_table [_ NR_tsetsyscall] = testsyscall;

Printf ("system call testsyscall () loaded success \ n ");

Return 0;


Void cleanup_module ()



2) use a new system call # define

# Define_NR_testsyscall 191

_ Syscall0 (int, testsyscall)

Main ()


Testsyscall ();


3) Compile the kernel module and insert the kernel

The command to compile the kernel is gcc-Wall-02-DMODULE-D_KERNEL_-C syscall. c

-Wall notifies the Compilation Program to display warning information. Parameter-02 indicates the code optimization settings, which must be optimized by the kernel module. Parameter-D_LERNEL notifies the header file to provide correct definitions to the kernel module; parameter-D_KERNEL _ notification header file. The program code will run in kernel mode. After compilation is successful, the syscall.0 file is generated. Finally, use the insmod syscall. o command to insert the module into the kernel and then use the added system call.

Compared with the above two methods, I think the kernel module method is better. This method saves the trouble of compiling a new kernel and restarting the new kernel. This advantage is very valuable for code debugging and can save a lot of time.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.