Linux Kernel Learning System Call

This article describes how to practice Linux kernel.

1. Concept of system call

We all know that the operating system is used to manage computer hardware and software resources. However, the operating system must provide users with a variety of services, and user applications can access these services through system calls. However, in general, we use the encapsulated API (Application Programming Interface) of the operating system to indirectly call the system. For example, in Windows programming, you can call winapi, which is provided in the form of a C library. For example, in Linux, we call the READ function: int read (INT handle, void * Buf, int nbyte). We generally use the system to call read, because there is a fread in the corresponding standard C function library. However, in fact, we did not directly implement system calls. We called the read system call through the READ function encapsulated by the system. Because their names are the same and they are the corresponding relationships, we can easily misunderstand them. However, system calls and encapsulated system API functions do not have a one-to-one relationship, for example, execl, execlp, execle, execv, execvp, and execve in the system are all called by the execve system to execute an executable file. The system call must have a clear operation. After your application enters the kernel through the system call, it will execute the corresponding kernel function called by each system, that is, the service routine called by the system. For example, the service routine that the system calls getpid is the kernel function sys_getpid.

2. System Call table

Which kernel functions are available externally? In other words, which system call service routines are provided by the kernel? Sys_call_table in the system call table stores the function addresses of all the service routines corresponding to the system call. In the ARCH/i386/kernel/syscall_table.s file, see the following:

ENTRY(sys_call_table).long sys_restart_syscall/* 0 - old "setup()" system call, used for restarting */.long sys_exit.long sys_fork.long sys_read.long sys_write.long sys_open/* 5 */.long sys_close.long sys_waitpid.long sys_creat.long sys_link.long sys_unlink/* 10 */

        ...  ...

We can clearly see that all system calls follow certain naming rules, that is, prefix "sys _" before the system name, for example, the system service function of the exit system call is sys_exit. In addition, the total number of system calling services provided by the system is very limited. We can see that there are only 200 or 300.

3. System Call number

What is the system call number? Each of the preceding system service routines has a system call number. The user calls these service routines through the system call number instead of the system call name. The preceding system call table stores the addresses of all system call service routines. The system call process is to obtain the addresses from the system call table for execution. Then the system call must be associated with the system call number, which involves another file in the include/asm-i386/unistd. h file.

#define __NR_restart_syscall      0#define __NR_exit  1#define __NR_fork  2#define __NR_read  3#define __NR_write  4#define __NR_open  5#define __NR_close  6#define __NR_waitpid  7#define __NR_creat  8#define __NR_link  9#define __NR_unlink 10

Compared with the system call table above, we found that, except for the prefix sys _ and the prefix sys _ nR _, their names are identical and their order is the same. The kernel uses the system call number as the subscript to obtain the function address of the system call service routine in the system call table.

4. system call service routine

All system call service routines are declared in the include/Linux/syscils. h file, but their definitions are distributed in different files. For example, if the getpid system is called, its system service routine sys_getpid is defined in the kernel/Timer. c file:

asmlinkage long sys_getpid(void){    return current->tgid;}

The asmlinkage mark indicates that the data is obtained only from the stack and not from registers or other places.

5. Use of system calls

(1). encapsulate the function by calling the C language library, such as the READ function described above.

(2). Using the syscall function, the prototype is int syscall (INT number ,...).
Specifically, you can use the following getpid system call to demonstrate the use of the system call.

# Include <unistd. h> # include <sys/syscall. h> # include <sys/types. h> // you can view # DEFINE _ nr_gettid 224int main () {pid_t = tid; tid = syscall (_ nr_gettid) from the system call number file ); printf ("Call gettid through syscall function, gettid is % d \ n", tid); tid = getpid (); printf ("Call gettid through getpid function, gettid is % d \ n ", tid); Return 0 ;}

In addition, most system calls contain a macro definition of the Sys _ symbol constant to define the call number. Therefore, the above syscall function can also adopt the following method:

tid = syscall(SYS_gettid);                 

6. Why use system call?

(1) system calls provide a unified interface for the user space to access hardware resources, so that applications do not have to worry about specific hardware access operations. For example, when reading and writing files, the application does not need to care about the disk type or what file system it is.

(2) system calls protect the system and ensure the security and stability of the system. A system call specifies a specific way for a user process to enter the kernel. Users can only securely enter the kernel in this way, but are not allowed to jump into the kernel at will, thus protecting the security of the kernel.