"Linux kernel principle and Analysis" in the fifth week of work
A summary of last week's question:
- When a virtual machine files will be compiled into an assembly file c forget to add include <stdio.h>
- gdb tracking unskilled assembly process
. Two weeks learning content:
1. textbook learning
1.1 user mode, kernel mode and interrupt
- Kernel mode: execution is at a high level code can execute a privileged instruction, access to any physical address, when the kernel mode corresponding to the CPU, including privileged instructions can execute all instructions.
- User-mode: execution is at a low level, the code can only be active within a particular range allowable level. Under routine operation, the mode is performed through a system call library function call library function package system, to provide users with an interface for direct use.
- Intel x86 CPU execution of four different levels 0,1,2,3, Linux uses only one of the two levels of 0 and 3, respectively, represent the kernel mode and user mode. User mode and kernel mode is significant difference method is CS: EIP point range, kernel mode cs: eip value is arbitrary, i.e. can access all address spaces. Wherein a portion of the user mode can access only the memory address (0x00000000-0xbbbbbbbf), the above address 0xc0000000 accessible only in kernel mode.
- Interrupt handling is the main way to enter the kernel mode from user mode, the system calls a special interrupt. When the user mode to kernel mode is switched from the interrupt / int instruction register context saving state on user stack, wherein the stack comprises a user mode address, then the status word, then cs: eip values, as well as kernel-mode stack address, the status word kernel mode interrupt handler entry. The first thing is to preserve the scene of an interrupt occurs, the value of saving a series of registers; the last thing before the end of the interrupt handler is to restore the site, exits the interrupt routine, recovering the data stored in the register.
1.2 System Calls
- Significance of system calls: the user freed from the underlying hardware programming out, greatly improve the security of the system, the user has the mobility program.
- Library function system call is the API (Application Programming Interface) operating system used to provide the reader, API just defined functions. System call is issued by the kernel interrupt soft interrupt request, int instruction execution will trigger an interrupt request. Some internal API Libc library functions defined using routine encapsulation system call, its main purpose is to call distribution system that allows programmers to write code does not require the assembly instructions and registers for passing parameters call trigger system. Usually the package corresponding to each system call routines, a system library calls routines use these packages define the API call to the programmer so that the final package system calls to library functions programmers to use.
- As shown below, User mode indicates the user mode, kernel mode represents a kernel mode. Xyz () is an API function, is the corresponding API system call, which encapsulates a system call is triggered int interrupt $ 0x80, the starting point for the corresponding system_call kernel code, that interrupt vector 0X80 corresponding interrupt service routine entry, internally there sys_xyz () system call handler, executing the sys_xyz (after) will ret_from_sys_call, here is the process of scheduling the most common scheduling timing point. If the scheduling process does not occur, it will return to the execution iret then performs user mode. 3-layer system call mechanism are xyz (), system_call and sys_xyz ().
- When a user mode process calls a system call, CPU switching to kernel mode and begin executing a kernel function. In Linux programming is to produce vector 128 anomalies, Intel Pentium II introduced sysenter command (fast system calls), 2.6 has been supported through the implementation of int $ 0x80 to perform system calls, this assembly instructions. In addition to system calls, system calls may also need to pass parameters. Kernel implements many different system calls, a process which must specify the required system call, which requires passing a parameter called the system call number, use the eax register. The system call also require the input and output parameters, such as: the actual value of the variable address the user mode process address space, or even user-mode address pointer to a function of a data structure including. system_call is the entry point for all the linux system calls, each system has at least one call parameter, i.e., the system call number transmitted by the eax. Application calls a fork () routine encapsulation, then the value is set before the execution took $ 0x80 into the eax register is 2 (i.e. _NR_fork). This register is set to libc library routine package, the user generally does not care about the system call number, after entering sys_call, the value of eax immediately pressed into the kernel stack. Transfer parameters register has the following limitations: 1) length of each parameter can not exceed the length of the register, i.e., 32 2) out of the system call number (EAX), the number of parameters can not be over 6 (ebx, ecx, edx, esi, edi, ebp) 3) over 6 how to do? More than six, then put one register as a pointer to a piece of memory.
2. experimental lab building
2.1 API library functions and C code embedded assembly code triggers the same system calls
API library functions used to trigger
calls the library function getpid () to obtain the process identifier follows:
Results of the following:
C code embedded in assembly code to trigger
execution results are as follows:
2.2 system with two arguments calling rename
First, create a file zxf.c
embedded assembly code to trigger
execution results are as follows:
successfully zxf.c renamed zxf20199329.c
library function API to trigger
execution results are as follows:
successfully zxf20199329.c changed back to zxf.c
III. Summary and difficult
- Significance of system calls to interact with the operating system provides a set of interfaces for user mode processes and hardware devices.
- An API may correspond to only a system call may also be a plurality of internal system call, the system call may also be a plurality of API calls.
- Three-tier mechanism of system calls are xyz (), system_call, sys_xyz ().
- By calling the kernel to distinguish a number for each system, i.e., system calls, the API function XYZ () system call kernel function sys_xyz () linked up.
- EAX system call number for delivery.
- When Parameter passing sequentially assigned to EBX, ECX, EDX, ESI, EDI, EBP. If the parameter over 6, put a pointer to a register as a memory, so more parameters can be passed through the memory.
- Application system call (API) and system knowledge with different API calls function definition. System call is issued to the kernel through the soft interrupt request.
QUSTION:
- As long string built in the stack space (rather than heap space), compiled by system calls can not be output correctly.
IV. Next week program
- [] After-school exercise books on completion
- [] Assembler and disassembler review before learning
October 20, 2019