Information Technology Reference
In-Depth Information
switch. The
iret
instruction will then return to the user process at the correct
location.
In the case of a system call trap, the hardware does the increment for us |
the program counter for the instruction after the trap is saved on the kernel's
interrupt stack.
2.3.4
System calls
The operating system kernel constructs a restricted environment for process
execution to limit the consequences of erroneous and malicious programs on the
reliability of the rest of the computer system. Any time a process needs to do
anything that operates outside of its protection domain, such as create a new
process, read from the keyboard, or write a disk block, the process must ask the
operating system to do the action on its behalf, via a system call.
System calls provide the illusion that the operating system kernel is simply a
set of library routines available for use by user programs. To the user program,
there are a set of system call procedures, each with arguments and return values,
that can be called like any other routine. The user program need not concern
itself with how the operating system implements the system call.
This requires us to define a calling convention for naming system calls, pass-
ing arguments, and receiving return values across the user/kernel boundary.
Any convenient calling convention will do, such as putting arguments on the
user stack, passing them in registers, and so forth. Typically, the operating
system defines a common convention that is used by both compilers and the
operating system kernel.
Once the arguments are in the right format, the user level program can
issue a system call by executing the trap instruction to transfer control to the
operating system kernel, as described above. System calls share much of the
same mechanism for switching between user and kernel mode as interrupts and
exceptions. In fact, one frequently used Intel x86 instruction to trap into the
kernel on a system call is called
int
, for \software interrupt."
Inside the operating system kernel there is a procedure to implement each
system call. This procedure is exactly as if the call was made from within the
kernel with one notable exception. The kernel must implement its system calls
in a way that protects itself from all errors and attacks that might be launched
by the misuse of the interface. One can think of this as an extreme version
of defensive programming: the kernel should assume the parameters to each
system call are intentionally designed to corrupt the kernel.
We meld these two views | the user program calling the system call, and
the kernel implementing the system call | with a pair of stubs. A pair of stubs
Definition: pair of stubs
are two short procedures that mediate between two environments, in this case
