syscall
Table of Contents
1. How do syscall work
From https://ayoubomari.medium.com/system-call-how-it-works-4d0d7a452d24 & https://stackoverflow.com/questions/24036214/how-does-a-system-call-work
sycalls are made through a software interrupt
In general, an interrupt can be a hardware interrupt such as a timer interrupt that makes the CPU switch to kernel mode and execute a process switch for example, or it can be a software interrupt which are caused by the program itself, such as a division by zero, a page fault or a .. system call.
The instruction
int $0x80(in x86 CPU) causes a software interrupt (int) and calls the interrupt handler for system call (0x80)Interrupts are handled by the OS by means of a table called the Interrupt Descriptor Table (IDT), which maps each type of interrupt to a function that the OS will execute when the interrupt happens (we call this function an interrupt handler
Before calling the interrupt the system call to make and its arguments are stored on specifi registers
We store in well defined registers the system call number of the function we want to execute (open, read, fork) and its arguments. For example, the system call number should be stored in EAX register.
Executing the interrupt instruction will switch from user mode to kernel mode, the kernel mode stack is retrieved and the user mode register values are are pushed to the stack, and instruction pointer points to the first instruction in the system call handler.
The process needs to switch from user mode to kernel mode as it is going to execute privileged instructions. Switching from user mode to kernel mode involves many changes in the state and privilege of the current process.
Kernel code performs the system call
The notion of current privilege is stored in the cpu. For example, in x86 CPUs, this information is available in the CS register under a 2 bits flag called CPL (Current Privilege Level). Its value is 0 under kernel mode, and 3 under user mode. So the first step of a sytem call is to change the value of CPL to 0.
iretinstruction returns from kernel mode to user modeIt pops the user registers that were pushed by int(CS, SS, ESP, EIP, and eflags) and store them back in corresponding registers. Doing this we have switched back to user mode and we are ready to continue the execution of our program.
References
- https://ayoubomari.medium.com/system-call-how-it-works-4d0d7a452d24 (syscall)
- https://stackoverflow.com/questions/24036214/how-does-a-system-call-work (syscall)
