"Linux Kernel Analysis" (iv)--three-layer skin (upper) __linux of the system call

Author: Sandy Original works reproduced please indicate the source
"Linux kernel Analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000 "
Experimental environment: C+linux64 bit (32-bit system may result in different)
In accordance with the academic integrity of the terms, I guarantee that the answer for my original, all the references to the external materials have been marked by provenance. One, the meaning of system call

1, User state and kernel state
Modern CPUs generally have several different levels of instruction execution, at high execution level, code can execute privileged instructions, access arbitrary physical addresses , this level of CPU execution corresponds to the kernel state, and in the corresponding low-level execution state, the scope of code control is limited. Only within the scope allowed by the corresponding level; For example: Intel x86 CPUs have four different execution levels 0-3,linux use only 0 and 3 levels to represent both the kernel state and the user state.
The minimum two bits of the CS register indicate the privilege level of the current code; The CPU reads each instruction by CS:EIP the two registers: CS is the code segment selection Register, EIP is the offset register;

The above judgment is completed by hardware

In general, in Linux, the address space (32-bit total 4G) is a significant sign:
0xc0000000 above the address space can only be accessed in the kernel state, 0X00000000--0XBFFFFFFF address space can be accessed in both states.

The address space here refers to the logical address two, not the physical address.

Each process has a separate address space (32 bits, 4GB), in Linux, 3G above the kernel space, 3G below is the user space.

Interrupt processing is the main way to enter the kernel state from user state; system call is a special interrupt

2, System call
The operating system provides a set of interfaces for user-state processes to interact with hardware devices-system calls, system call meanings: Freeing the user from the underlying hardware programming greatly improves the security of the system so that the user program has portability two, API and system calls

Application programming interfaces (application program interface, APIs) and system calls are different. The API is just a function definition system call sends a clear request to the kernel through a soft interrupt

Some APIs defined by the LIBC Library reference the encapsulation routines (wrapper routine, the sole purpose of which is to publish system calls). In general, each system call corresponds to an encapsulated example threading and then uses these encapsulation routines to define the API to the user

Some APIs defined by the LIBC library refer to the encapsulation routines (wrapper routine, the sole purpose of which is to publish system calls). Each system call corresponds to an encapsulated example threading then uses these encapsulation routines to define the API to the user

Not every API corresponds to a particular system call. APIs may directly provide user-state services a separate API may call several system calls different APIs may call the same system call

Return value most encapsulation routines return an integer whose meaning depends on the corresponding system call-1 in most cases, the kernel does not meet the request of the process. three, relationships between applications, encapsulation routines, system call handlers, system call service routines

When a user-state process invokes a system call, the CPU switches to the kernel state and begins executing a kernel function. In Linux, a system call is performed by performing an int $0x80 , which produces a programming exception with a vector of 128

Arguments: The kernel implements a different system call, and the process must indicate which system call is required, which requires passing a parameter called the system call number

Using the EAX register to pass the system call number

System calls also require input parameters such as the actual value, the address of the user-state process address space, the address of the data structure of the pointer to the user-state function, and so on;System_call is the entry point for all system calls in Linux, with at least one parameter per system call, The system call number that the EAX passes.
Limit of register pass parameters: The length of each parameter cannot exceed the length of the register, that is, 32 bits outside the system call number (EAX), the number of parameters cannot exceed 6 (EBX,ECX,EDX,ESI,EDI,EBP)

When the parameter is more than 6, a register as a pointer to a piece of memory, at this point, enter the kernel state can access any address space

Relationships between applications, encapsulation routines, system call handlers, and system call service routines:

System Call Execution Process:
1, the package function of the program call Library
2, call soft interrupt: int $0x80 into the kernel
3, the System_call () function is first executed in the kernel, and the corresponding system call service routines are found in the system call table according to the system call number
4, perform the service routine
5, after the execution, into the Ret_from_sys_call () routine from the system call to return four, using the Library function API and C code embedded in the assembly code two ways to use the same system call

The following uses the same system call in both the Library function API and the C code to embed the assembly code. Here, the system call Sys_getppid (), which calls the system call number 64, is selected to return the parent process's process numbers for the current process. System call list See HTTP://CODELAB.SHIYANLOU.COM/XREF/LINUX-3.18.6/ARCH/X86/SYSCALLS/SYSCALL_32.TBL
The following is a system call using the Library function API directly, GETPPID.C code as follows:

#include <stdio.h>
#include <unistd.h>

int main ()
{
    pid_t pid;
    Pid=getppid ();
    printf ("The number of parent process is:%d\n", PID);
    return 0;
}

The same system call is implemented using the C language inline assembly code. The GETPID_ASM.C code is as follows:

#include <stdio.h>
#include <unistd.h>

int main ()
{
    pid_t pid;
    ASM volatile (
        "mov $0,%%ebx\n\t"    /*ebx is used to pass parameters, the getppid (void) parameter is void so set to zero * *
        "mov $0x40,%%eax\n\t"    /*eax is used to pass the system call number, Getppid system call number is 64, so is 0x40*/
        "int $0x80\n\t"/    * Soft Interrupt assembly instructions, the system into the core state * *
        "mov%%eax,%0 \n\t "    /*eax retains the return value, puts the return value in the output parameter, that is, the PID variable
    :" =m "(PID)/    * Output parameter is pid*/
    );
    printf ("The number of parent process is:%d\n", PID);
    return 0;
}

Rationale: Function Getppid () is the GLIBC encapsulation of the system call Sys_getppid, which is used to get the process number of the parent process of the current process. The SYS_GETPPID system call number is 64. In user state, if the user calls the Getppid (), the system will produce an interrupt, into the kernel state execution sys_getppid. The function of Getppid () is to return the ID of the parent process of the current process, which itself cannot be completed, and must request the operating system service, Sys_getppid, to have the operating system tell the current process ID to getppid ().

Experiment screenshot:

It can be seen from the results that two functions achieve the same function.

Please refer to these documents
http://blog.csdn.net/maochengtao/article/details/23598433
Https://git.oschina.net/exiahan/LinuxKernelStudy/blob/master/4/asmSCI.md
Http://blog.sina.com.cn/s/blog_b35e31b90101cso6.html
Http://wenku.baidu.com/link?url=ik5zKB0jpQ3OPzzj-ehB-DqUYEAp-tGTNqAg_ Hyyaj-6zp6c9vwy2tflqigah20d9vwevqoyvzzeiijuqhndipifv9oeygr_a97peygl4wu