Three-tier system call mechanism
Basics
- User mode, kernel mode and interrupt
- User-mode: execution at a low level code to be limited control range, only part of the memory access.
- Kernel mode: performing at a high level, the code may execute a privileged instruction, access to any physical memory.
- Break: from user mode to enter the main mode kernel mode.
- Interrupt category
- Hardware interrupts: When a user mode process execution, a hardware interrupt signal comes into the kernel mode, it will execute the interrupt corresponding to the interrupt service routine.
- Soft interrupt: during the execution of user-mode process, called a system call (a special interrupt) into the kernel mode.
• context switch registers
when the switch to the user mode kernel mode, user mode register context it should be saved, while the value of the register into the current state of the core CPU. int instruction triggers an interrupt mechanism saves the values of some registers on the stack, the stack will save user mode address, then the status word, then CS: EIP's value. While the top of the stack will address kernel mode, the kernel mode status word into the corresponding CPU registers, and CS: EIP register value to the interrupt handler entry point for the system call is system_call. int instruction or an interrupt signal occurs after the first thing is to preserve the scene, into the interrupt handler, executed SAVE_ALL. After the interrupt handler, interrupt last thing before the end of the treatment is to restore the site, perform RESTORE_ALL.
• API • API call relations and systems: application programming interface, but function definitions.
• system call: an interrupt request is sent to the kernel through the soft interrupt, int instruction execution will trigger an interrupt request.
Some internal API libc libraries defined using routine encapsulation system call, its main purpose is to call distribution system that allows programmers to write code does not require the assembly instructions and registers for passing parameters call trigger system. An API may correspond to only a system call may also be a plurality of internal system call, the system call may also be a plurality of API calls.
• Intel x86 CPU defines four different execution levels 0,1,2,3, the smaller the number the higher the privilege. Linux system uses two privilege levels 0,3 of them.
API library functions using C code and assembly code embedded in two ways to use the same system call
Method One: Use the API
- Create and compile hello20199306.c
- Run the compiled program
Method two: inline assembly code in C
- code show as below
int main(){
char* msg = "hello";
int len = 11;
int result = 0;
__asm__ __volatile__("movl %2, %%edx;\n\r" /*传入参数:要显示的字符串长度*/
"movl %1, %%ecx;\n\r" /*传入参赛:文件描述符(stdout)*/
"movl $1, %%ebx;\n\r" /*传入参数:要显示的字符串*/
"movl $4, %%eax;\n\r" /*系统调用号:4 sys_write*/
"int $0x80" /*触发系统调用中断*/
:"=m"(result) /*输出部分:本例并未使用*/
:"m"(msg),"r"(len) /*输入部分:绑定字符串和字符串长度变量*/
:"%eax");
return 0;
}Compiler
run
to sum up
System call in Linux is accomplished by an interrupt (int 0x80). Int 80 when executing instructions stored in the eax register is the number of system call function, the parameter is passed to the system call must be placed sequentially register ebx, ecx, edx, esi, edi, when after the system call, the return value can be obtained in the eax register.
All functions of the system call numbers can be found in the file /usr/include/bits/syscall.h, for ease of use, they are made SYS_
an ssize_t write (int FD, const void * buf, size_t COUNT);
The final function of the function is achieved by SYS_write call this system. According to the above convention, parameters fb, buf, respectively, and the presence count register ebx, ecx, and edx, whereas in the system calls SYS_write eax register, when the instruction completes int 0x80, can be obtained from the return value in the eax register.