Hi Javad...
I'll try to help...
On Fri, Aug 13, 2010 at 15:32, javad karabi <snkcld1@xxxxxxxxx> wrote:
> I am using a Xen installation, paravirtualized 64 bit kernel.
Great! Perhaps next time you could kindly share to all of us here how
you use Xen for kernel hacking...should be useful for most people...
> From what I have seen, to make the system call in x86, you essentially put
> the syscall number in eax, then, int 0x80.
100% correct.... at least that's what I call "slow system
call"...and....the fast ones are.....
> For amd64, I am reading that "syscall" is used.
This is one of them...in AMD it is named syscall (the op code, do not
confuse with the syscall() C function ... IIRC). In Intel world, it is
Sysenter...
> Using gdb, I discovered that the function syscall(syscall_number) puts
> syscall_number in %edi, then 0 into eax.
> I also notice that the return value is in eax.
> Therefore, am I correct in believing that the following would work to
> implement the system call via asm?
> mov syscall_number, %edi
> mov 0x0, %eax
> syscall
> mov %eax, return value.
> Unfortunately, when I view the asm output of what the C function syscall()
> does, it is a call to the function:
> 0x000000000040052d <main+25>: callq 0x400440 <syscall@plt>
> And, disassembling the function:
> (gdb) disassemble syscall
> Dump of assembler code for function syscall:
> 0x000000000040cb20 <syscall+0>: mov %rdi,%rax
> 0x000000000040cb23 <syscall+3>: mov %rsi,%rdi
> 0x000000000040cb26 <syscall+6>: mov %rdx,%rsi
> 0x000000000040cb29 <syscall+9>: mov %rcx,%rdx
> 0x000000000040cb2c <syscall+12>: mov %r8,%r10
> 0x000000000040cb2f <syscall+15>: mov %r9,%r8
> 0x000000000040cb32 <syscall+18>: mov 0x8(%rsp),%r9
> 0x000000000040cb37 <syscall+23>: syscall
> 0x000000000040cb39 <syscall+25>: cmp $0xfffffffffffff001,%rax
> 0x000000000040cb3f <syscall+31>: jae 0x40e0c0 <__syscall_error>
> 0x000000000040cb45 <syscall+37>: retq
> So, the above is showing me that syscall is in fact called after the
> registers values have again been changed, and,
> rdi having containted the value of the syscall number, is moved in to rax.
> Essentially, I am wanting to know what the assembly requirements are
> calling the syscall opcode.
>
I don't know the exact detail, but what you saw is likely a
preparation to do that "fast syscall". On the contrary with the old
one (the int x80h and alike), fast syscall is "fast" because it is
bypassing certain thing such as segment check (I am not sure about
it), stack swap between kernel and user mode etc...in short, it is
done "in advance".
Perhaps the best way to understand that is to go to AMD site and grab
AMD document.
NB: BTW, are you coding for specific AMD{,64} platform? Or not? If it
means to be architecture neutral, IMHO you should instead do jump to
vsyscall page....same thing with the way casual C function do
nowadays...
--
regards,
Mulyadi Santosa
Freelance Linux trainer and consultant
blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
