Simple analysis of Linux system call

Source: Internet
Author: User
Tags function definition

Analysis of Linux system call User state, kernel state and interrupt
    • Programs with a high level of execution can execute privileged directives

    • Intel X86 CPU has 4 levels: 0 ~ 3

    • Linux uses only 0 and 3 (0 for kernel state, 3 for user state)

    • Representation of Privilege level: low 2-bit with CS register

    • Kernel-State logical address space: 0xc0000000 or more

      User-state logical address space: 0x00000000 ~ 0XBFFFFFFF

    • Interrupts are a way from the user state to the kernel state, that is, through system calls ( system calls are a special kind of interrupt )

    • Saving the interrupt process register context

      • Where to save? Stack
      • Saved content: User state stack top address, state word at that time, value of CS:EIP at that time
System Invocation Overview
    • A system call is a set of interfaces that the operating system provides for user-state processes and hardware device interactions

      • Freeing the user from the underlying programming
      • Improve system security
      • Increased portability of user programs
    • API (Application Programming Interface)

      • Some APIs defined by the LIBC Library reference the encapsulation routines (in order to publish system calls)
        • Typically a system call corresponds to a package routine
        • The library defines the API provided to the user through the encapsulation routines
      • Not every API corresponds to a specific system call
        • API may directly provide user-configured services
        • One API may correspond to several system calls
        • Different APIs may correspond to one system call
    • System calls and API comparisons:

      • System call sends an explicit request to the kernel via a soft interrupt
      • API is just a function definition
    • Passing parameters using registers

      • Pass an important parameter to the system call number : using the EAX register
      • Each parameter length cannot exceed the register length
      • The length of each parameter cannot exceed 6
      • What if there are more than 6? Point a register as a pointer to the memory address space
Experiment using library API to complete system call chmod
    • Source Code (CHMOD.C)

      #include<sys/types.h>#include<stdio.h>#include<sys/stat.h>#include<errno.h>int main(){    int i;    i = chmod("file", 0777);    if(i == -1)        fprintf(stderr,"chmod failed, errer number = %d\n",errno);    else        printf("chmod success !\n");    return 0;}
    • Compile & Execute

      gcc chmod.c -o chmod -m32./chmod
    • Execution results

If the file is not present

After the file is created, chmod succeeds

Use assembly to complete system call chmod
    • Find the chmod corresponding system call number

      In arch/x86/syscalls/syscall_32.tbl we can find the i386 chmod sys_chmod, the chmod system interrupt number is 0XF

    • Source Code (CHMOD_ASM.C)

      #include<sys/types.h>#include<stdio.h>#include<sys/stat.h>#include<errno.h>int main(){    int i;    char* name = "file";    asm volatile(        "mov $0777, %%ecx\n\t"        "mov $0xf, %%eax\n\t"        "int $0x80\n\t"        "mov %%eax, %0\n\t"        :"=m" (i)        :"b" (name)    );    if(i == -1)        fprintf(stderr,"chmod failed, errer number = %d\n",errno);    else        printf("chmod success !\n");    return 0;}
    • Compile & Execute

      gcc chmod_asm.c -o chmod_asm -m32./chmod_asm
    • Execution results

    • Assembly Code Analysis

mov $0777, %%ecx\n\t: Put the chmod parameter into the ECX register

mov $0xf, %%eax\n\t: Put the system call number (0xf corresponding chmod) into the EAX register

int $0x80\n\t: Start system call (interrupt number 0x80)

mov %%eax, %0\n\t: Returns the return value of chmod after execution to I

:"=m" (i): I as output parameter

:"b" (name): Name is placed in EBX as input parameter

A brief introduction to the process of system call chmod

First, the program triggers an interrupt int 0x80 (System interrupt), and then the value stored in the EAX as the system call number, so that the system knows which system call corresponds, and then the system will check the parameter is correct, the return value is placed in EAX.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Article Source:

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Simple analysis of Linux system call

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.