Definition of system call:
Because all kinds of resources in the computer are managed uniformly by the operating system, all operations related to system resources must be completed by the operating system, such as IO operations, memory allocation, file operations, etc. The user program does not have permission to perform these operations directly, so it must make a service request to the operating system in some way. Therefore, the operating system must provide a certain set of interfaces, through which users can use various functions provided by the operating system or access system resources. The interface of the operating system to the application program is the system call.
The principle of system call implementation
System calls are run by the CPU in kernel mode, while applications are run in user mode by the CPU.
In order to use system calls, the CPU must switch from user mode to kernel mode, and the operating system switches from user mode to kernel mode through interrupts. It also involves the switching of the program kernel stack and the user stack, which is essentially the switching process of the function call stack. The main thing is to change the permissions of the CPU.
Type of interrupt:
Hardware Interrupt: This kind of interrupt comes from hardware exception, such as power failure, keyboard being pressed.
Software interrupt: This kind of interrupt is a CPU instruction to trigger an interrupt and execute the corresponding interrupt handler. For example, under X86, the instruction int 0x80 will call the interrupt handler No. 0x80. Under Linux, int 0x80 is used to trigger all system calls, and the operating system uses a system call number to identify which system call it is. , these system call numbers pass parameters through fixed registers before executing the int 0x80 instruction.
Interrupts have two properties: one is called the interrupt number; one is called the interrupt handler.
There is an array in the linux kernel called the interrupt vector table , the nth item of this array points to the function pointer of the interrupt handler of the nth interrupt. Int 0x80 corresponds to the interrupt handler whose subscript is 0x80.
When an interrupt occurs , the CPU will suspend the currently executing code and call the corresponding interrupt handler according to the interrupt number of the interrupt.
Linux uses the 0x80 interrupt as the entry of the system call, and WINDOWS uses the 0x2E interrupt as the entry of the system call.
When 0x80 triggers an interrupt, each general-purpose register is used to pass parameters: the EAX register is used to indicate the system call number corresponding to the system call. For example, when EAX=1, it means exit(); when EAX=2, it means fork(); when EAX=3, it means read(); when EAX=4, it means write(). This value is also the subscript in the system call table.
Each system call corresponds to a function in the kernel source code, and they are all functions starting with sys_, such as the exit() system call corresponds to the sys_eixt() function in the kernel.
The system call function uses 6 registers to transfer according to different function parameters, they are EBX, ECX, EDX, ESI, EDI, EBP.
When the system call returns, registers such as EAX are used as the return value to save the result of the call, such as the return file descriptor or the PID returned by the fork function in the parent and child processes.
Use the Fork() function to specifically analyze the process of system calls:
1. Trigger interrupt:
The CPU executes the int 0x80 interrupt instruction to generate a soft interrupt No. 0x80, and the privilege level of the CPU execution instruction is also switched from user mode to kernel mode.
2. Switching the function stack frame
At this time, the program must also switch from the user stack to the kernel stack. When returning from the user processing function, the current stack of the program is also switched from the kernel stack back to the user stack.
The current stack of the program refers to the stack space where the value in the EBP register is located.
The actual switching behavior of the user stack switching to the kernel stack:
Find the kernel stack of the current process (each process has its own kernel stack)
3. According to the interrupt number 0x80 , the corresponding interrupt handler is queried in the interrupt vector table. 0x80 corresponds to the system_call interrupt handler, and then according to the value of EAX (that is, the system call number, the system call number of fork is 2) in the system Call the sys_fork() system call function in the call table.
System call functions in the kernel are often named after sys_ plus the name of the system call function.
4. Then there is what the sys_fork() function kernel source code does.
Disadvantages of system calls:
It is inconvenient to use, the interface provided by the operating system is too primitive, and many details related to the operating system must be understood. Inconvenient to use
The system call functions between various operating systems are incompatible, such as linux and windows, which are completely different. Even the operating systems of the same series are different, such as linux and unix.
solve these problems
方法是通过对系统调用进行包装:
于是运行库作为系统调用和程序之间的一个抽象层,对不同操作系统的系统调用进行包装为应用程序提供同意固定的接口,运行库都有一个标准,叫做标准库。这样可以掩盖系统调用的一些缺点,但是为了兼容各个系统标准库提供的函数的功能相对来说会减少但让系统调用的使用更加简单便捷。
例如C语言的fread()函数,在windows下调用Readfile这个系统调用,但是在linux下可能就调用了read()这个系统调用。但是同样的C语言代码都可以在不同的平台上直接编译,产生一致的效果。
参考《程序员的自我修养》
参考linux内核源代码情景分析