0

Am I correct in understanding that syscall relates to some register or block of memory that contains a jump table which can be setup by the kernel developer? And then sysret just returns you to the application code where syscall was executed.

If so, where can I learn more about how to setup this register/memblock/table?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Walnut
  • 1
  • The `syscall` instruction on its own does not make use of any jump table. It just transfers control to some configurable address in kernel space. However, a jump table is commonly used by code at that address to then select a system call handler to use. Refer to the Intel Software Development Manuals for details and documentation. – fuz Jun 24 '22 at 15:43
  • @fuz To clarify my understanding based on your response. `syscall` jumps to a known address in space reserved for kernel developers (kernel space). From there, the arguments passed into specific registers are used as needed for accomplishing tasks. Then `sysret` just returns you from this reserved kernel space, to the application calling site. – Walnut Jun 24 '22 at 15:55
  • 3
    Correct. Note that the address `syscall` jumps to can be configured through some special registers. The `syscall` instruction also does some other things; read the Software Development Manuals instead of guessing. They are the original source of truth in this regard. – fuz Jun 24 '22 at 15:59
  • re: jump tables to handle system calls once control is transferred to your kernel's syscall entry point, see [What happens if you use the 32-bit int 0x80 Linux ABI in 64-bit code?](https://stackoverflow.com/a/46087731) for a walk-through of how Linux does it. (Or did before KPTI mitigation for Spectre / Meltdown.) The actual behaviour of `syscall` itself is configured by two MSRs. – Peter Cordes Jun 24 '22 at 17:51

0 Answers0