Simple analysis of Linux system call

Last Update:2015-07-12 Source: Internet

Author: User

Tags function definition

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Analysis of Linux system call User state, kernel state and interrupt

Programs with a high level of execution can execute privileged directives
Intel X86 CPU has 4 levels: 0 ~ 3
Linux uses only 0 and 3 (0 for kernel state, 3 for user state)
Representation of Privilege level: low 2-bit with CS register
Kernel-State logical address space: 0xc0000000 or more

User-state logical address space: 0x00000000 ~ 0XBFFFFFFF
Interrupts are a way from the user state to the kernel state, that is, through system calls ( system calls are a special kind of interrupt )
Saving the interrupt process register context
- Where to save? Stack
- Saved content: User state stack top address, state word at that time, value of CS:EIP at that time

System Invocation Overview

A system call is a set of interfaces that the operating system provides for user-state processes and hardware device interactions
- Freeing the user from the underlying programming
- Improve system security
- Increased portability of user programs
API (Application Programming Interface)
- Some APIs defined by the LIBC Library reference the encapsulation routines (in order to publish system calls)
  - Typically a system call corresponds to a package routine
  - The library defines the API provided to the user through the encapsulation routines
- Not every API corresponds to a specific system call
  - API may directly provide user-configured services
  - One API may correspond to several system calls
  - Different APIs may correspond to one system call
System calls and API comparisons:
- System call sends an explicit request to the kernel via a soft interrupt
- API is just a function definition
Passing parameters using registers
- Pass an important parameter to the system call number : using the EAX register
- Each parameter length cannot exceed the register length
- The length of each parameter cannot exceed 6
- What if there are more than 6? Point a register as a pointer to the memory address space

Experiment using library API to complete system call chmod

Source Code (CHMOD.C)

#include<sys/types.h>#include<stdio.h>#include<sys/stat.h>#include<errno.h>int main(){    int i;    i = chmod("file", 0777);    if(i == -1)        fprintf(stderr,"chmod failed, errer number = %d\n",errno);    else        printf("chmod success !\n");    return 0;}

Compile & Execute
```
gcc chmod.c -o chmod -m32./chmod
```
Execution results

If the file is not present

After the file is created, chmod succeeds

Use assembly to complete system call chmod

Find the chmod corresponding system call number
In arch/x86/syscalls/syscall_32.tbl we can find the i386 chmod sys_chmod, the chmod system interrupt number is 0XF

Source Code (CHMOD_ASM.C)

#include<sys/types.h>#include<stdio.h>#include<sys/stat.h>#include<errno.h>int main(){    int i;    char* name = "file";    asm volatile(        "mov $0777, %%ecx\n\t"        "mov $0xf, %%eax\n\t"        "int $0x80\n\t"        "mov %%eax, %0\n\t"        :"=m" (i)        :"b" (name)    );    if(i == -1)        fprintf(stderr,"chmod failed, errer number = %d\n",errno);    else        printf("chmod success !\n");    return 0;}

Compile & Execute

gcc chmod_asm.c -o chmod_asm -m32./chmod_asm

Execution results

Assembly Code Analysis

mov $0777, %%ecx\n\t: Put the chmod parameter into the ECX register

mov $0xf, %%eax\n\t: Put the system call number (0xf corresponding chmod) into the EAX register

int $0x80\n\t: Start system call (interrupt number 0x80)

mov %%eax, %0\n\t: Returns the return value of chmod after execution to I

:"=m" (i): I as output parameter

:"b" (name): Name is placed in EBX as input parameter

A brief introduction to the process of system call chmod

First, the program triggers an interrupt int 0x80 (System interrupt), and then the value stored in the EAX as the system call number, so that the system knows which system call corresponds, and then the system will check the parameter is correct, the return value is placed in EAX.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Article Source: http://blog.luoyuanhang.cn

Simple analysis of Linux system call

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More