The 4th week of Linux kernel analysis

Wang Yi Original Works reproduced please specify the source "Linux kernel Analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000

I. Status of the Linux system

Linux supports 0 kernel states and 3 user configurations under the x86 platform. In the kernel State 32-bit platform can access the space above 0x00000000, and the user state can only access the address space less than 0xc0000000

(The address space here is a logical address). The primary mode is interrupt when the user state switches to the kernel state.

1. When int128 is called, the system automatically cs:eip,ss:esp,eflags the two states (flag registers) to the stack. Loads the current interrupt's processing entry into the CS:EIP and loads the current stack segment into the SS:ESP.

2, after entering the interrupt, will save most of the value of the General register. (Save_all). Conversely, these registers (Restore_all) are pop when exiting.

Second, the system calls

1. The user-state process invokes a set of interfaces for the hardware device. Increase security and enhance portability.

System calls are a special way of breaking

The API is simply a function definition, whereas a system call is a soft interrupt to the kernel.

The system call corresponds to the encapsulation routine, which invokes the API functions in the LIBC library.

The return value of the encapsulation process depends on the system call. -1 indicates that the request cannot be fulfilled.

Three-layer call relationship:

System call , (API) xyz ()->int0x80 (EAX pass-through parameter-system call number)---------into the kernel state------>system_call () sys_xyz ()->system_call ()->iret

If more than one parameter is entered, it is saved to a different register (EBX,ECX,EDX.ESI,EDI,EBP up to 6), which holds the memory address of the data to be entered.

The experiment uses the MKDIR function to create a folder:

The 4th week of Linux kernel analysis