1. Introduction to system calls the so-called system calls are a series of functions provided by the kernel with very powerful functions. These system calls are implemented in the kernel, and then the system is called to the user in a certain way, generally through the gatetrap implementation. System call means the user is empty
1. Introduction to system calls
The so-called system call is a series of functions provided by the kernel with very powerful functions. These system calls are implemented in the kernel, and then the system is called to the user in a certain way, generally through gate trap. A system call is an interface between a user space application and the services provided by the kernel. Because services are provided in the kernel, they cannot be directly called. On the contrary, you must use a process to span the boundaries between user space and the kernel. The methods for implementing this function in a specific architecture are different.
There are multiple methods to implement system calls. The most common method is a special interrupt, that is, the break vector number is $0x80. Therefore, the process of system calling is the process of int $0x80. When the command int $0x80 is executed, the processor switches the stack to the system stack of the current process, automatically presses SS, ESP, EFLAGS, CS, and EIP at the top of the stack, and then jumps to system_call.
The process of system_call is as follows:
(1) push the system call number in EAX to the top of the stack.
(2) press the remaining registers to the top of the stack to form a pt_regs structure. It is worth noting that all service functions receive parameters through the stack, while registers (EBX, ECX, EDX, ESI, EDI, and EBP) at the top of the stack) it is exactly the parameter passed to the service function.
(3) Check whether the system call number in EAX is out of bounds.
(4) query the system call table sys_call_table based on the system call number in EAX, obtain the service function corresponding to the call number, and call the function to complete the service processing of the system call. The system calls a service function to receive parameters through the stack. the number of parameters is predefined.
(5) when the service function returns, use the return value in EAX to replace the ax at the top of the stack.
(6) disable the interrupt (CLI ).
(7) aftercare: 1) perform necessary audits based on the settings of the current process; 2) schedule the audit if the current process needs to be scheduled; 3) if the current process is waiting to process the signal, process it; 4) the top of the stack pops up to restore the values of each register, each common register, and registers such as EIP, CS, EFLAGS, ESP, and SS, return to the user state and continue executing the command after int $0x80. In this case, the value of EAX is the top ax of the stack and the return value of the system call.
II. Experiment environment
VMware 9.0.0 virtual machine is installed in Windows 7 (2 GB memory;
Ubuntu 12.04 (LTS) (MB memory) is installed on the virtual machine ).
III. Experiment content
(1) Linux kernel version upgrade
(2) add a linux system call
IV. Experiment steps
1. obtain the current kernel version:
Run the uname-a command to obtain the current kernel version, which is used to check whether the kernel version upgrade is successful. I can see that my current version is linux-3.2.0-29
2. download the kernel source code:
1) to the website https://www.kernel.org/download the new kernel source code, (if only to add the system call experiment, you can also use the system with the source code, in/usr/src ). In this experiment, I downloaded a newer kernel version linux-3.10.
2. download is a compressed file named linux-3.10.tar. xz. here we move it to the/usr/src/Directory. (in fact, the movement here is not necessary, but there are a lot of online tutorials that have been moved ). After entering the download directory in the terminal (shell), execute the command sudo mv linux-3.10.tar.xz/usr/src/
Enter the password. after the password is moved, decompress the file and enter/usr/src/. then run the following command:
Sudo tar-xvf linux-3.10.tar.xz to decompress the folder linux-3.10. (
Z: gzip supports compression or decompression. There are other compression or decompression methods, such as j indicating bzip2. X: extract. C is compressed. V: The file name being processed must be followed by the file name to be processed during compression or decompression.
)
3, download and install the tool for source code configuration, this part, you can refer to the ubuntu Forum articles, http://forum.ubuntu.org.cn/viewtopic.php? T = 134404, but the kernel he compiled is 2.6.25. here we just stick the command out. In fact, we downloaded several packages and may use them when compiling the configuration.
sudo apt-get install build-essential kernel-package libncurses5-dev
4,Modify source codeTo add a new system call. (Remind me that modifying the source code requires high permissions. you can use the command sudo gedit file name or su gedit file name)
1)/usr/src/linux-3.10/kernel/sys.c
Add header file # include
Add a custom system call function at the end of this article:
2)/usr/src/linux-3.10/arch/x86/syscalls/syscall_32.tbl
(If your VM is 64-bit, you need to modify syscall_64.tbl)
Add a custom system call number to the system call vector table (select a unused number as appropriate ):
356 is the function number that I defined for the hello system call.
3)/usr/src/linux-3.10/arch/x86/include/asm/syscalls.h
Add the system call function declaration at an appropriate location:
5,Kernel Compilation
(This is a long process. since I run it in a virtual machine, it takes at least four hours to compile it at a time)
1) if the kernel is not compiled for the first time, you need to clean up the previous settings and clear the temporary files left by the previous compilation. if the source code package is just unlocked, you do not need to execute this step: sudo make mrproper
2) kernel configuration http://blog.csdn.net/xuyuefei1988/article/details/8635539
Sudo make menuconfig (text menu-based configuration interface, recommended for character terminals)
Sudo make xconfig (the configuration interface based on the graphic window mode is recommended in Xwindow)
Sudo make oldconfig (if you only want to modify some small points based on the original kernel configuration, it will save a lot of trouble)
To make it easier for us to directly set the kernel configuration to the original kernel configuration by default, run the following command:
sudo make olddefconfig
3) compile the kernel and module
(Execute "make", "make modules", "make modules_install", and "make install" in sequence. if the preceding configuration is correct, wait patiently for a while to get the compiled kernel and module .) After installing the kernel-package in Ubuntu, you can use make-kpkg to simplify the compilation process.
Sudo make-kpkg clean (clean up)
Sudo make-kpkg -- initrd -- append-to-version = wrm128 kernel-image kernel-headers (append the wrm128 string after the version to generate the kernel-image and kernel-headers files ).
After compilation:
4) install the kernel
After compilation, two deb files are generated in/usr/src. Run the following command to install the SDK:
sudo dpkg -i linux-image-3.10.0wrm128_3.10.0wrm128-10.00.Custom_i386.deb
linux-headers-3.10.0wrm128_3.10.0wrm128-10.00.Custom_i386.deb
(These two file names are a bit long. you can use the tab key to complete the command ). After the two files are decompressed and installed successfully, the file linux-headers-3.10.0wrm128 is generated in the usr/src/directory, that is, the new kernel that has been replaced successfully.
5) restart the system
Run sudo reboot to restart the system. If everything goes well, the restart should be successful.
Run the uname-a command to view the current kernel version:
We can see that the current kernel version has changed to 3.10.0wrm128, indicating that the kernel upgrade and compilation have been successful!
6,Test system call
1) create a folder named mkdir test in the main file directory (/home ).
Go to the/home/test/directory and create the file testHello. c: gedit testHello. c.
Compile the test code:
In my system call function, there is a char * string parameter. Therefore, you must not only pass the system call number 356, but also the char * string.
Syscall is a function provided by the kernel for the user program. if you do not use the syscall function, you can also use macro definition. However, in versions later than 2.6.20, there is no macro definition, you need to copy and add from other versions.
2) compile and run
Go to the/home/test/directory and run the command gcc-testHello. c-o testHello.
After the compilation is successful, run the command:./testHello
3) view kernel logs
View the running status of system calls in the kernel space and run the following command: dmesg
We can see that the "wrm" parameter has been passed in, and the system call function is successfully executed!
OK, I'm done!
Summary: For the first time, because the power is exhausted and there is no power supply, it will be abolished in four hours. for the second (more than four hours), The Kernel upgrade is successful and the system call fails, after checking for half a day, I found myself stupid. the follow online tutorial defined the system call number in syscall_64.tbl, while ignoring that my system is 32-bit; the third compilation of more than one hour error: arch/x86/built-in.o :(. rodata + 0x610): undefined reference to 'sys _ hello' make: *** [vmlinux] Error 1: a similar Error is found on the Internet, but there is no answer. you can view only one file at a time, if something went wrong, sys_hello could not be found, and syscils was finally found. h does not seem to be able to find the declaration of the system call function I added. You have to manually add and re-compile... For the fourth time, after compiling for at least five hours, from to, I finally got OK! I admire myself for not giving up halfway...
The final compilation is a result of three failed Times. the experiment proves that compiling the kernel in a virtual machine is really a very long process. The operating procedures for different operating systems and kernel versions may be different. you cannot refer to the online tutorials completely. This requires experiment and exploration. After several failures, you must have a deeper understanding of kernel compilation and system calling!