Linux kernel Analysis--three layers of peel (bottom) of the system call

Source: Internet
Author: User

20135125 Chen Zhiwei

Original works reproduced please indicate the source

"Linux kernel Analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000 "

Experimental Purpose :

through a simple menu applet, the process of tracking system calls, analyzing and summarizing the system call mechanism and the three-layer entry process.

Experimental principle:

The system call is implemented through the soft interrupt instruction int 0x80, and this INT 0x80 directive is encapsulated in the function of the C library. (soft interrupts differ from what we often call hard interrupts in that soft interrupts are triggered by instructions, not by hardware peripherals.) INT 0x80 The execution of this instruction will cause the system to jump to a preset kernel space address, which points to the system call handler, the System_call function.

How does the System_call function find a specific system invocation service routine? Find system Call Table sys_call_table! by system call number When the soft interrupt instruction int 0x80 executes, the system call number is placed in the EAX register, the System_call function can read the EAX register fetch, multiply it by 4, generate an offset address, and then use sys_call_table as base address, base address with offset, You can get the address of the specific system call service routine! Then the system invokes the service routine. It is necessary to note that the system invoke service routine takes only the parameters from the stack, so the parameters are stored in the registers before the System_call executes, and the registers are first pressed into the stack when System_call executes. After the system_call exits, the user can obtain (modified) parameters from the register.

Experimental steps:

Analyze the entire process from System_call start to end of Iret:
1, Entry (System-call)
2, Save-all protection site
3, call *sys-call-table (,%eax,4), called the scale table, to find the corresponding system call
4, Syscall-exit Check whether need to jump, if not required, execute 5, need to perform 6
5, Restore-all Recovery site, and then Iret end
6. Work-pending then WORK-NOTIFYSIG processing signal (or work-resched processing schedule, then call schedule) finally return to Restore-all, then Iret end.

Linux kernel Analysis--three layers of peel (bottom) of the system call

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.