UP | HOME
CEG 4350 2016-01-12

System Calls

1 Library Routines

Library functions are implementations of high level, frequently used operations. Several methods are collected together into an archive.

Well known archives are at

  1. /usr/lib
  2. /lib

1.1 Example Program

#include <stdio.h>
int main(void)
{
  printf("hello\n");
  return 0;
}

with g++ -Wall -o hello hello.cpp.

1.2 Man Pages

The man pages section 1 is devoted to programs ("apps"). Section 2 is devoted to system calls; section 3 is devoted to library calls.

1.3 ltrace

  1. man ltrace
  2. Try ltrace hello Even better, try ltrace /bin/ls

1.4 ldd /bin/ls

  1. man ldd
linux-vdso.so.1 =>  (0x00007fff6ecf2000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f501fdfe000)
libacl.so.1 => /lib/x86_64-linux-gnu/libacl.so.1 (0x00007f501fbf5000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f501f82f000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f501f5c2000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f501f3be000)
/lib64/ld-linux-x86-64.so.2 (0x00007f5020059000)
libattr.so.1 => /lib/x86_64-linux-gnu/libattr.so.1 (0x00007f501f1b8000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f501ef9a000)
  1. Exercise: Explain the above (by the end of this course). What are the numbers in parentheses? What is the arrow (=>) suggesting?

2 System Calls

System calls are "methods" (functions) implemented within the OS kernel. An application process calls these methods in much the same way, but not exactly the same way, as it does its own methods or those from the library.

Calling a system call changes the CPU mode: from user mode to privileged mode. Invoking a system call is translated by the compiler using a special machine instruction designed for that specific purpose: save the current "context", change CPU modes, etc. After performing the syscall, it uses a special machine instruction to return to the calling process.

A system call returns a coded integer, indicating success or specific failure. Caller of a system call should always check this value and take relevant action. A system call almost always changes global variables and/or environment that are visible to other processes. The effects are not undoable.

System calls are designed to be independent of programming languages. On Linux, the C standard library (glibc) provides wrappers for each system call. The wrappers adapt the system call for use in C programs.

2.1 OS as a Collection of SysCalls

  1. System Calls are calls to methods already built into the OS. The OS has a table of pointers to system calls.
  2. Listing of SysCalls https://filippo.io/linux-syscall-table/ Searchable; From the git repository syscall-64.tbl.
  3. https://github.com/torvalds/linux/blob/master/include/linux/syscalls.h Also at linux-kernel-source-tree/ include/linux/syscalls.h

2.2 CPU Instructions and Registers

  1. System calls are services that userspace can call to request the kernel to perform something for them (and therefore execute in kernel space).
  2. CPUs have special instructions to make and return-from system calls.
  3. While still in userspace, calling a syscall requires writing the arguments to CPU registers. The system call number will always be written in EAX, while the the rest of the arguments will go into EBX, ECX, etc.

2.3 File Sys Related SysCalls

  1. open, close, read, write
  2. per-process open file table
  3. dup

2.4 Program to Process

  1. Given a program and arguments, to create a process from it is the most crucial thing that an OS does.
  2. execve - execute program
    1. int execve(const char *filename, char *const argv[], char *const envp[]);
  3. What files are "programs"?
    1. Try file path-name-to-a-file
    2. binary executables native to the OS; ELF … for Linux
    3. or a script starting with shebang #! pathname-to-interpreter
  4. Parent and child processes
    1. fork - create a new process pid_t fork(void);
    2. vfork - create a child process and block parent pid_t fork(void);
    3. execve does not create a process; it takes over the "body" of the calling process.
    4. E.g., when you ran ls within a shell, the shell created a child, the child invoked execve.
    5. Humans think "No parents should outlive their child."
    6. Parent process awaits the childs termination.

2.5 Sys Call Tracing

  1. man strace
  2. Run the executable with strace ./hello.

Towards the end, find a line write(1, "hello\n", 6). {"There it is. The face behind the printf() mask." – from the web.} Each line that got printed corresponds to a syscall made by ./hello.

Exercise: Learn execve("./hello", ["./hello"], [/* 59 vars */]).

Even more interesting is strace /bin/ls

2.6 Special Files

  1. Show and tell on thor.
  2. uname -a
  3. /proc directory on Linux
  4. ls -l /dev/null /dev/zero /dev/random /dev/urandom

2.7 Library Calls v Sys Calls

Lib methods run completely in CPU user mode. Some lib methods are a more convenient interface for the programmer to the system functions that do the real work. System calls run in CPU kernel mode on the user's behalf and are entry points to the kernel. E.g., the library function printf() formats the data into strings and writes the string using the system call write().

2.8 Sys Call Files in the Linux src tree

  1. /usr/src/linux/ is usually a sym link to the src tree
  2. /usr/src/linux/arch/x86/syscalls/syscall_64.tbl ./syscall_64.tbl
  3. /usr/src/linux/include/linux/syscalls.h ./syscalls.h

3 Reference

  1. Richard Stevens, APUE
  2. Slides on Sys Calls Tarek Abdelzaher + Vikram Adve, U of Illinois. Highly Recommended Reading.
  3. https://0xax.gitbooks.io/linux-insides/content/SysCall/linux-syscall-2.html
Copyright © 2016 pmateti@wright.eduwww.wright.edu/~pmateti • 2016-01-12