System calls Implementation

Question

If a user application makes a system call , a software interrupt/exception is triggered. How can I see the source code for generating a software interrupt ?

You should probably be looking at library source (e.g. libc, either GNU libc or uClibc) rather the kernel source. — sawdust, Oct 08 '12 at 06:46

score 9 · Answer 1 · edited May 23 '17 at 12:01

9

It is explained in Linux Assembly Howto. And you should read wikipedia syscall page (and also about VDSO), and also intro(2) & syscalls(2) man pages. See also this answer and this one. Look also inside Gnu Libc & musl-libc source code. Learn also to use strace to find out which syscalls are made by a given command or process.

See also the calling conventions and Application Binary Interface specification relevant to your system. For x86-64 it is here.

edited May 23 '17 at 12:01

Community

1
1

answered Oct 08 '12 at 19:18

Basile Starynkevitch

223,805
18
296
547

Right now the [Linux Assembly Howto](http://tldp.org/HOWTO/Assembly-HOWTO/hello.html) still explains the deprecated `int 0x80` instead of syscall. – ceving Nov 23 '13 at 21:46
@ceving: Yes. Feel free to **contribute** to that *Assembly HowTo* to improve it. But I believe few people care about assembly these days, because compilers give better code than human can write, and because of VDSO... – Basile Starynkevitch Nov 23 '13 at 22:14
1

It is quite the same. Only the numbers and registers differ. An `exit(n)` is `eax=60 edi=n syscall` instead of `eax=1 ebx=n int0x80`. – ceving Nov 23 '13 at 22:35

score 3 · Answer 2 · answered Oct 08 '12 at 08:33

long long ago, there is an int 0x80 trap to enter into the kernel, but nowadays sysenter is preferred.

you can get the code by dumping vsyscall section which mapped into every process automatically by kernel.

$ cat /proc/self/maps 
blah blah blah
...
blah blah blah
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

for more information check this article

score 1 · Answer 3 · answered Oct 08 '12 at 07:21

1

A software interrupt can be triggered with the Intel x86 assembly instruction int n, where n is the interrupt number. A syscall is a special case of software interrupt; in you can manually do a syscall by

mov eax, m
int 0x80

where m should be replaced with the interrupt number. Here are lists of 32-bit syscall numbers and 64-bit syscall numbers that linked to online manpages for the each function. You also need to pass parameters to the syscall via other registers (ebx, ecx, etc.), and you can read more about that here.

This is the most general way to do syscalls because it is independent of external libraries, like libc, and you can implement this in C/C++ if you need to by using inline assembly.

answered Oct 08 '12 at 07:21

emprice

912
11
21

This is an implementation-specific answer to a general question. – Chris Stratton Oct 08 '12 at 19:28
3

The links are broken. It might be better to reference the kernel source directly: [32 bit](https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/include/asm/unistd_32.h?id=refs/tags/v3.2.52) and [64 bit](https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/include/asm/unistd_64.h?id=refs/tags/v3.2.52) – ceving Nov 23 '13 at 22:44

System calls Implementation

3 Answers3

Linked