Linux kernel Analysis--three layers of peel (bottom) of the system call

One, add time and time-asm command to Menuos

1, the experimental process:

RM menu-rf Forced removal

git clone http://github.com/mengning/menu.git cloning related information

Make Rootfs a script that automatically compiles the root file system automatically and starts automatically menuos

2 , how to add time and Time-asm commands to Menuos

(1) Update the menu code to the latest version

(2) Add menuconfig to the main function in test.c

(3) Add the corresponding time function and Timeasm function

(4) Make Rootfs automatic compilation script

Second, using the GDB tracking system call kernel function Sys_time

1 , experimental process:

2 , using GDB to trace the debug kernel

Qemu-kernel LINUX-3.18.6/ARCH/X86/BOOT/BZIMAGE-INITRD Rootfs.img-s-S

# Description of the-s and-s options:

#-S Freeze CPU at startup (with ' C ' to start execution)

#-S Shorthand for-gdb tcp::1234 If you do not want to use port 1234, you can use-GDB tcp:xxxx to replace the-s option

3 , the trace system calls the kernel function Sys_time:

Gdb

(gdb) file Linux-3.18.6/vmlinux//Load symbol table before Targe remote in GDB interface

(GDB) Target remote:1234//Establish a connection between GDB and Gdbserver, press C to keep the Linux on qemu running

(GDB) B sys_time

(GDB) c//boot to Menuos, use time in Menuos, stop at time function

(GDB) List//corresponding code

(GDB) S//Single Step execution

(GDB) Finish//Perform this function

The above two steps are reused, you can see the function in the Sys_time function until you see return i

Execute system_call corresponding code after executing int 0x80

(GDB) b system_call//Can be set breakpoints, but this is the assembly code, the runtime can not stop at this breakpoint step-by-step analysis.

System_call is not a function in the normal sense, just a piece of assembly code.

Third, process of system call in kernel code

1 , system invocation mechanism and initialization in kernel code

(1) Initialization of the incoming system call mechanism:

(2) There is a set_system_trap_gate function in the Trap_init, which has the interrupt vector syscall_vector and the assembly code entry System_call of the system call in the function definition.

(3) Once the int 0x80,cpu is executed, jump directly to System_call to execute.

2 , simplified and easy to understand System_call pseudo-code

(1) Pseudo-code:

Analysis:

1) system call is a special point of interruption, so there are protection site and recovery site. You can see save_all from it.

2) sys_call_table is the system call table

3) Syscall_after_all, you need to save the return value first

4) No sys_exit_work on the Restore_all, return to the user state.

5) Once into the sys_exit_work, there will be a process scheduling time.

(2) simplified pseudo-code:

Analysis:

1) Starting from entry (System_call), there are save_all, there are sys_call_table system call table, corresponding processing function is: sys_call_table (,%eax,4).

2) determine if the current task needs to process sys_exit_work, and if not, restore all to return to the user state.

3) before the system call returns, process scheduling may occur, and interprocess communication may have signals to be processed.

3 and simply browse the main code between System_call and Iret

(1) Save_all: Save site

(2) Call *sys_call_table (,%eax,4): Called the system call handler function, EAX system call number, this is the actual system call service program.

(3) Restore_all

(4) Interrupt_return: Actually is Iret, is a macro, interrupt the process of system call, end. During this process, there will be work_notifysig in the sys_exit_work,sys_exit_work, which can be used to process the signal.

(5) Call schedule determines the process dispatch code.

(6) Jump to Restore_all, restore the scene.

Iv. Summary

The process of system invocation can be divided into the following 3 steps:

(1) The processor state from the user state to the system state. Then, the general processing of system calls by hardware and kernel programs is to first protect the CPU environment of the interrupted process, press the processor state PSW, the program counter PC, the system call number, the user to find the pointer and the general register contents, etc., and then transfer the user-defined parameters to the specified place to save.

(2) Analyze the system call type and transfer to the corresponding system call processing subroutine. In order to make different system calls to the corresponding system call processing subroutine conveniently, a system call Entry table is configured in the system. Each table in the table corresponds to a system call that contains the number of parameters that the system calls, the entry address of the system call handler, and so on. The kernel can use the system call number to find the table, and can find the appropriate handler for the entry address and go to execute it.

(3) After the system call processing subroutine executes, restore the interrupted or set the new process of the CPU field, and then return to 冋 interrupted process or new process, continue to execute.

Linux kernel Analysis--three layers of peel (bottom) of the system call