System call
A system call, even system call (of English. System call ) or short syscall is in computer technology, a method used by application programs to run provided by the operating system functions, such as reading a file. The control is passed from the program to the operating system.
Details
(Also known as kernel mode ) in modern computer systems (for example the IA-32 architecture from Intel ) of the kernel, which is the operating system kernel runs in so-called privileged Ring 0 and thus has access to the complete instruction set of the CPU, and entire memory area. For security reasons, normal user processes, however, run in the unprivileged rings 1 to 3 ( user mode ) in which they are less commands are available and they can not do directly, therefore, certain tasks. Must be a complete a task in user mode running process, which is possible only in a higher privileged ring, such as the access to the hard drive or other hardware, it can notify the kernel through a system call, thus causing a change of context. Here, the process is from the control of the CPU by the kernel and is suspended until the request is fully processed. After the system call, the kernel, the CPU again to the process in user mode and executes the program code continues at the point where the context switch was previously required. At no time the process exits its non-privileged ring and so can not run the risk of endangering other processes or even the stability of the system kernel itself, as only trusted code is running on the kernel in privileged mode.
A system call can be both responsible for sending information to the hardware, the kernel itself or other processes, as well as to read such. Therefore, it is sometimes necessary to copy data from the private kernel memory to which a normal process does not have access to the address space of a process so that the process even after calling still has access to the data and the results of its inquiry anything can begin. Again, this is a consequence of the strict separation between kernel mode and user mode.
All POSIX compatible operating systems need to implement specific calls so that a certain portability is ensured between the systems. Many manufacturers add to the standard but also their own extensions added in order to open the programmer additional possibilities. In the Linux 2.6 kernel for the x86 architecture 326 calls are currently defined. The number of system calls in Microsoft Windows Vista is, according to unofficial sources, 360
Library functions
Most systems provide a programming interface ( API) system call in the form of library functions that make it easier for a programmer to do jobs that require extended access to the instruction set of the CPU.
Frequently used functions ( for example, under POSIX) based on system calls, including file processing functions are open, close, read and write, and exec, fork or exit. These can be used as normal user mode functions by the programmer, but run silently in the background a context switch. The encapsulation of system calls via an API frees the programmer completely from considerations about the internal workings of the operating system or the hardware and allows a more abstract software development.
Most of these POSIX functions have equivalent counterparts under Win32. time under POSIX example, corresponds GetLocalTime under Win32.
Implementation
The implementation of system calls is highly dependent on the hardware architecture and, ultimately, the operating system used used. In general, a system call with software interrupts or other special instructions the CPU is realized today. On older systems usually simply takes place just a jump to a predefined address at which the system call or a jump instruction is implemented to this. For a programmer who uses the provided programming interface of the operating system, the implementation of system calls is irrelevant.
In the examples, an open file with the file descriptor / handle 15 is closed.
Linux
The Linux kernel contains a list of all known system calls him, called the system call table. Each system call is there assigned a unique number and an internal kernel function, which is responsible for the actual execution of the required tasks. To perform a system call, the number of the call is stored in the CPU of the EAX register and then triggered the software interrupt 128 ( in hexadecimal 0x80). Arguments to the system call are stored according to the fastcall calling convention in the CPU registers.
The software interrupt (also called Exception) interrupts the program execution in user mode and enforces the execution of an exception handler in kernel mode. Thus, the change of context from a non-privileged ring is guaranteed to ring 0. The called exception handler is a function in the kernel, which reads the EAX register, and then, as long as it is a valid system call number, the corresponding kernel function from the system call table calls with the past in the other registers arguments. After reviewing the arguments ultimately requested from the user - mode tasks are handled by the kernel. Returns this function, and the exception handler is completed successfully and continue the normal program flow in unprivileged mode.
Mov $ 6, % eax; close () system call is 6 mov $ 15, % ebx; File descriptor as the first argument int $ 0x80; software interrupt trigger But software interrupts have only a very low execution speed. Therefore, both Intel and AMD have in their x86 processors commands implemented ( SYSENTER / SYSEXIT, or syscall / sysret, the latter two only from the 64 -bit architecture AMD64) can perform, which accelerates the calls. However, since not every x86 processor supports a compatible command is used the so-called vsyscall Page in current versions of Linux, in which the right one for the used architecture code is stored. If a program is therefore decides to take a system call, it jumps to that memory page where it leads continue the program flow.
Unix and Unix variants
In many Unix variants (eg older versions of Solaris ) a so-called "call gate" will be used. The application is used ( in the ring 3) has a jump command to a particular address that describes the call gate.
Although Call gates are faster than software interrupts ( Cyrix 6x86: 23%), but require 7 instead of 2 bytes of code.
Newer versions of Solaris dominate alternative software interrupts and syscall and SYSENTER commands.
Windows
System calls in Microsoft Windows are handled similarly as in Linux. The requested in the program code library function from the Windows API is first converted internally into a call to the so-called Native API. There, a unique for each call number is placed in the EAX register, and pointers to the arguments for the function in the EDX register. About the assembler instruction SYSENTER the control from the user mode to the privileged kernel is released, which checks the parameters and then executes one of lying in the EAX register number associated kernel function.
Mov eax, 0x2F; NtClose () has the number 0x2F in Windows Vista push 15; 15 put on the stack mov edx, esp; Save pointer to 15 in EDX SYSENTER; Perform system call Commodore
An example of the operation of system calls in older systems is called here the method of early Commodore computers. The processors used there, the MOS Technology 6502 family knew no distinction between user mode and kernel mode, and so it was possible to call the kernel - internal system call functions directly from the normal program flow. The only purpose of system calls at this time was therefore not performing operations not requiring certain privileges, but provide an interface implemented by the kernel amount of standardized functions that are independent of other libraries and can still be used on later versions of the system should (also see jump table ).
The programmer could, after he had put the arguments of the function in the corresponding CPU register, simply using the JSR assembler instruction ( Jump to SubRoutine ), followed by an address or a symbolic function names start an in- kernel address space routine. At the time of Commodore BASIC 4.0, there were 28 system calls.
LDA # 15; Put 15 into the A register JSR SYS4; Skip to the kernel routine SYS4 (CLOSE) References
- Programming language element