Introducing the system call process under Linux

process:

Let’s look at a picture first to get a general understanding.

First of all, the application can directly call the API provided by the system, which can be done in user mode (Ring3).

Then the corresponding API will save the corresponding system call number to the eax register (this step is implemented through inline assembly), and then use int 0x80 to trigger the interrupt (inline assembly) and enter the interrupt processing function ( This function is completely written in assembly code), and it enters the kernel state (Ring0) at this time.

The system call corresponding to the system call number will be called in the interrupt handling function. In this function, the two registers ds and es will be set to point to the kernel space. In this way, we cannot transfer data from user mode to kernel mode (such as in open(const char * filename, int flag, ...), the address of the string pointed to by the filename pointer is in user space, If you retrieve it from the corresponding place in the kernel space, the string will not exist at all.) What should we do? The fs register in the interrupt handler is set to point to user space, so the problem is solved.

In system calls, corresponding operations are performed, such as opening files, writing files, etc.

After processing, it will return to the interrupt processing function, and the return value will be stored in the eax register.

Returning to the API from the interrupt handling function still saves the return value to the eax register. At this time, it is restored from kernel mode to user mode.

Get the value from eax in the API, make corresponding judgments and return different values ​​to indicate the completion of the operation.

Why can so many system calls be called using int 0x80 interrupt?

In protected mode, there are various interrupts, and the system call is bound to interrupt number 0x80. When a system call is to be called, int 0x80 is triggered, and the interrupt handling function uses eax to know which system call it wants to call. The reason for this is that there are too many system calls and there will not be enough interrupt numbers, so one is used for centralized management.

There is a table in the operating system that is used to save the addresses of various system call functions. This table is an array, so the addresses of different functions can be accessed through subscripts. Therefore, one interrupt number and various system call numbers can manage multiple system calls.

The above is the detailed content of Introducing the system call process under Linux. For more information, please follow other related articles on the PHP Chinese website!