system calls

Posted: April 27, 2013 in Technology
Tags: , , ,

If you are familiar with programming in C with linux /unix systems, you must be aware of that most of the function calls internally calls the system calls to serve the purpose. System call is nothing but invoking the code written in kernel to serve the specific purpose being it the memory allocation, printing on your screen or asking for the input from your keyboard. Ever wondered what all happens when you call printf. Here is the anatomy.
When you call the printf, your compiler looks for its definition in glibc library which is automatically included in your library path. glibc implementation reformat the arguments passed to the function and then pass these arguments to the write() system call. Now there are a lot of things happening before the code of write() from kernel gets called.
Each system call in kernel is implemented by function named sys_SystemCall where SystemCall is the name of your system call say for write(), it is implemented as sys_write(). System calls are architecture dependent and hence each of the architecture has its own set of system calls and their implementation. Once booted into the kernel, kernel maintains a global table of system calls sys_call_table where each of the system call is assigned a no.
When a system call like write() is made, some assembly code gets executed which does the following:
set the system call no. in register EAX
store the parameters in EBX,ECX,EDX,ESI and EDI registers, for more than 5 parameters pass the address of user space stack using either of the register
issue interrupt $80 (software interrupt)
When the system sees the interrupt, it stops doing what it is doing currently and query the interrupt descriptor table (IDT) using IDT register. In the entry phase, assembly code gets executed which saves the value of registers and mark the system to be as running in kernel mode. IDT contains a mapping of the interrupts with address to their service routines. $80 maps to the code of system call handler routine. This routine gets executed which examines the value in EAX register and queries the sys_call_table for the address of corresponding system call implementation. It then loads and executes the routine. Return value of the system call gets stored in register EAX.
Once the system call completes, system returns from kernel mode to user mode and depending on the scheduler, process resumes the execution or waits for its turn in the scheduler‘s wait queue.

  1. Arun says:

    Reblogged this on arun's blog and commented:
    A good explanation of system calls.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s