Short Notes on System Call

This post covers pretty much all main points which you need to know about System Call in Linux. These points are my notes which I covered through many blogs/sites for my study. So lets start it :

What is System Call ?

- As Linux doesn't allow user process to directly modify anything in kernel space. It has provided a way to achieve it, which is known as System Call. So basically system call provide a layer between the kernel and user space process. Using this, kernel performs user space process's task inside the kernel space. This way kernel have control on, what a user process can do.

Why you need a System Call ?

- As system call is the only legal entry point to kernel, sometimes you may need some information, which can only be provided with kernel space credentials, so Kernel developers give you some system call. Although user space doesn't use it directly(in general), they uses some API for the same. 

So the flow will go like 

read() ----> read() wrapper ------> system_call() ------> sys_read()

Here first two thing is in user space and last two is in kernel space.

How do they work ?

- Application program calls the API.

- A system library routine is called first.

- It transforms the call to the system standard and traps to the kernel.

- Control is taken by the kernel running in the system mode.

- According to the code, the call dispatcher invokes the responsible handler.

- Interrupt is disable during this handler.

- After call is finished, mode is changed from system mode to user mode and calling process execution resumes.

How it works at low level ?

-  So whenever you call any system call, it is translated to SWI .

- Whenever processor sees SWI, it interrupts whatever is running currently( except IRQ/FIQ), changes the mode to supervisor mode(SVC).

- Whatever parameters were there in the system call, are passed using registers. 

- Also PC is stored in LR of svc mode and CPSR is saved in SPSR_svc, so that we can recover the previous state while returning from SWI.

- On execution of SWI, processor looks for SWI_handler address, which was already defined in the vector table. 

- From this SWI handler, processor jumps to the specific system call handler. Here we use the system call number to get the corresponding handler.

- Once the system call handler finishes its execution. Processor change the mode to user, and recover PC from LR.

Type of System Call :

- Process control and IPC : fork(), exec(), pipe()

- Memory Management : malloc(), free()

- File and File System management : open(), read(), write()

- Device Management : ioctl()

- Others : kill(), signal()

Implementation of System Call :

For this you can refer my previous blog on creating system call.

Add a Custom System Call in Linux Kernel

Here I will be covering a small tutorial on creating new system call in Linux Kernel. I am using Latest Kernel version 3.16 ( It is latest at the time of blog written).

I added my call for 32 bit system only. 

So the whole process is divided in 5 step.

Step 1:  Open arch/x86/syscalls/syscall_32.tbl . Here go to the last line in the file. It will be containing a number in first column, this number tells that it is the last number used by system for system call. So lets say the number is 356, so your new system call will have number 357. Now just duplicate the last line, and change the number and name of the sys call. Let say it is "hello". So the whole line will look like :

357    i386    hello   sys_hello

Step 2: Add the syntax of syscall in  include/linux/syscalls.h. Suppose this sys call takes 2 int parameters. So for syscall "hello", your new line should be like this :

asmlinkage long sys_hello(int a, int b);

Step 3:  Now add the entry in /kernel/sys_ni.c. So entry will be like :

cond_syscall(sys_hello);

Step 4: Add the function definition for sys call. Open kernel/sys.c. you can add it at different place too.  Now as our sys call is having two parameters, so the function will look like this :

SYSCALL_DEFINE2(hello /*name of syscall */, int /*type of first parameter */,  a /*name of first parameter*/, int /*type of second parameter */,  a /*name of second parameter*/)

{

int error = -EINVAL;

// code for whatever you want to do in syscall 

return 0;

}

That's it, your system call is created, but to reflect it in your kernel, you have to build it. you can refer my blog 

Step 5:  Test the system call. create a userspace program. Don't forget to add sys/syscall.h header. 

Now to call our hello syscall. 

int call = syscall(357, 1,2); // here 357 is our system call number, 1 is val for a and 2 for b.

That will be all from my side. I hope it help you to understand syscall.