Chapter three mechanisms (on) system calls
First, the user mode, kernel mode, interrupts
- Intel x86 CPU execution of four different levels are 0,1,2,3, the smaller the number, the higher the privilege, but using only 0.3 Linux privilege level two, corresponding to the kernel mode and user mode.
- The difference between kernel mode and user mode: when the kernel mode, the CS: EIP values may be arbitrary address 0x00000000 ~ 0xbfffffff can only access the user mode address space.
- Into the kernel mode in two ways:
(1) may be hardware interrupt
(2) may be called a system user mode execution procedure call, caught in kernel mode, called the Trap. - When the user switches to kernel mode, user mode register context is saved (including the user mode stack pointer, then the status word, when the CS: EIP values), while the value put into the kernel mode register in the current CPU .
Second, the system calls
- Meaning: the operating system for the user mode process and a set of hardware interface interaction provides.
- Function (characteristics): save the user from the underlying hardware programmed out; greatly improve the security of the system; allows the user to program portability.
- API: Application Programming Interface, internal use of routine encapsulation system call, the main purpose is to publish a system call.
- And the relationship between API system calls: an API corresponding to one or more system calls a system call may be a plurality of API calls. Does not involve calling the internal kernel API does not interact with the package system.
Third, using the API library functions C and assembly code embedded code in two ways to use the same system call
(With sys_rename () function to rename a file, for example)
Use the library function triggers a system call API
C language code as follows:
FIG execution results are as follows:
Trigger assembly language system calls
Assembly code as follows:
FIG execution results are as follows:
analysis:
The main assembly code is:
asm volatile("movl %2,%%ecx\n\t" //newname存入ecx
"movl %1,%%ebx\n\t" //oldname存入ebx
"movl $0x26,%%eax\n\t" //系统调用号存入eax
"int $0x80" //触发系统调用,陷入内核态
:"=a"(ret)
:"b"(oldname),"c"(newname) );Here, the system call number 38 (hexadecimal is 0x26) into eax, will oldname into ebx, will newname into ecx, to perform system call int $ 0x80 by executing the application into kernel mode, system_call according biography the system call number in the call list to find the corresponding system kernel functions, called the kernel function sys_rename ebx and ecx according to the stored parameters, after the implementation of the execution result is stored in eax, eax in the final return.
IV Summary:
This chapter is mainly learning the system calls the working mechanism of the three-tier system call mechanism: when the user mode process calls a system call, CPU switch to kernel mode and start executing system_call and system calls the kernel function. Specifically, by executing the int $ 0x80 to trigger the system calls into the kernel starts executing the interrupt vector 128 corresponding interrupt service routine system_call, this time to associate by calling the number system API functions and system calls the kernel function here need EAX register transfer system call number.