When a User Mode process invokes a system call, the CPU switches to
Kernel Mode and starts the execution of a kernel function. As we will
see in the next section, in the 80 x 86 architecture a Linux system
call can be invoked in two different ways. The net result of both
methods, however, is a jump to an assembly language function called
the system call handler.
Because the kernel implements many different system calls, the User
Mode process must pass a parameter called the system call number to
identify the required system call; the eax register is used by Linux
for this purpose. As we'll see in the section "Parameter Passing"
later in this chapter, additional parameters are usually passed when
invoking a system call.
All system calls return an integer value. The conventions for these
return values are different from those for wrapper routines. In the
kernel, positive or 0 values denote a successful termination of the
system call, while negative values denote an error condition. In the
latter case, the value is the negation of the error code that must be
returned to the application program in the errno variable. The errno
variable is not set or used by the kernel. Instead, the wrapper
routines handle the task of setting this variable after a return from
a system call.
The system call handler, which has a structure similar to that of the
other exception handlers, performs the following operations:
*
Saves the contents of most registers in the Kernel Mode stack
(this operation is common to all system calls and is coded in assembly
language).
*
Handles the system call by invoking a corresponding C function
called the system call service routine.
*
Exits from the handler: the registers are loaded with the values
saved in the Kernel Mode stack, and the CPU is switched back from
Kernel Mode to User Mode (this operation is common to all system calls
and is coded in assembly language).
The name of the service routine associated with the xyz( ) system call
is usually sys_xyz( ); there are, however, a few exceptions to this
rule.
Figure 10-1 illustrates the relationships between the application
program that invokes a system call, the corresponding wrapper routine,
the system call handler, and the system call service routine. The
arrows denote the execution flow between the functions. The terms
"SYSCALL" and "SYSEXIT" are placeholders for the actual assembly
language instructions that switch the CPU, respectively, from User
Mode to Kernel Mode and from Kernel Mode to User Mode.
read full article on : http://www.linux-security.cn/ebooks/ulk3-html/0596005652/understandlk...
zaher el siddik
http://www.unixshells.nl
http://elsiddik.blogspot.com/
|
