ARM-OABI 上 syscall() 的实现.什么是“svc #0x900071"? [英] Implementation of syscall() on ARM-OABI. What is "svc #0x900071"?

问题描述

我了解到系统调用号是作为 ARM OABI(旧应用程序二进制接口)上的svc(或 swi)"指令的直接操作数传递的.立即数操作数为0x900000+(系统调用次数)" 例如，发出EXIT系统调用如下.

I learn that system call number is passed as the immediate operand of "svc (or swi)" instruction on ARM OABI (Old Application Binary Interface). The immediate operand is "0x900000+(Number of system call)" For example, the EXIT system call is issued as follows.

svc    #0x900001    @ sys_exit

我对 syscall() 函数的实现感到好奇，因为 sycall() 将系统调用号作为其参数.我猜 syscall() 的二进制代码不能轻易创建，如果参数值是动态创建的.但是，glibc 的 syscall() 的二进制代码很简单.它将系统调用的数量设置为寄存器 r0"，并将参数设置为寄存器 r1-r6".之后，执行svc #0x900071".

I become curious about the implementation of syscall() function because sycall() gets the system call number as its argument. I guess the binary code of syscall() cannot create easily, if the argument value is created dynamically. However, the binary code of syscall() of glibc is simple. It sets the number of system call to "register r0" and the arguements to "register r1-r6". After then, execute "svc #0x900071".

测试环境为Debian lenny ARM OABI、Linux 2.6.26、gcc 4.2、glibc 2.7.18.syscall() 的二进制代码如下.

The test environment is Debian lenny ARM OABI, Linux 2.6.26, gcc 4.2, glibc 2.7.18. The binary code of syscall() is as follows.

00012560 <syscall>:
   12560:       e1a0c00d        mov     ip, sp
   12564:       e92d0070        push    {r4, r5, r6}
   12568:       e89c0070        ldm     ip, {r4, r5, r6}
   1256c:       ef900071        svc     0x00900071
   12570:       e8bd0070        pop     {r4, r5, r6}
   12574:       e3700a01        cmn     r0, #4096       ; 0x1000
   12578:       31a0f00e        movcc   pc, lr
   1257c:       ea000547        b       13aa0 <__syscall_error>

系统调用如下调用.这是系统调用(SYS_getuid)"的示例.

The syscall is called as follows. This is sample of "syscall(SYS_getuid)".

8270:       e3a00609        mov     r0, #9437184    ; 0x900000
8274:       e2800018        add     r0, r0, #24     ; 0x18
8278:       eb0028b8        bl      12560 <syscall>

什么是svc #0x900071"?它用作超级系统调用.

What is "svc #0x900071"? It works as super system call.

推荐答案

谢谢你，肖恩！

我检查了/usr/include/asm/unistd.h"文件，发现下面这句话.

I checked the "/usr/include/asm/unistd.h" file and find the following sentence.

#define __NR_syscall                    (__NR_SYSCALL_BASE+113) /* syscall to call a syscall! */

我还在 ARM Debian EABI(即 ARMEL)上检查了相同的文件并找到了相同的句子.但是，syscalls"的手册页没有syscall"的系统调用.我知道男人的解释不可信.

I also check the same file on ARM Debian EABI (i.e., ARMEL) and find the same sentence. However, the man page of "syscalls" has no system call of "syscall". I know the explanation of man is not trustful.

所以，我在 EABI Linux 上检查了 syscall() 的二进制代码.它正在跟踪.

So, I check the binary code of syscall() on EABI Linux. It is following.

00014670 <syscall>:
14670:       e1a0c00d        mov     ip, sp
14674:       e92d00f0        push    {r4, r5, r6, r7}
14678:       e1a07000        mov     r7, r0
1467c:       e1a00001        mov     r0, r1
14680:       e1a01002        mov     r1, r2
14684:       e1a02003        mov     r2, r3
14688:       e89c0078        ldm     ip, {r3, r4, r5, r6}
1468c:       ef000000        svc     0x00000000
14690:       e8bd00f0        pop     {r4, r5, r6, r7}
14694:       e3700a01        cmn     r0, #4096       ; 0x1000
14698:       312fff1e        bxcc    lr
1469c:       ea00061b        b       15f10 <__syscall_error>

这很有趣，因为EABI glibc 不使用系统调用(113).系统调用如下调用.这是系统调用(SYS_getuid)"的示例.

It is interesting because the EABI glibc does not use the syscall(113). The syscall is called as follows. This is sample of "syscall(SYS_getuid)".

826c:       e3a00014        mov     r0, #20
8270:       eb0030fe        bl      14670 <syscall>

系统调用号由寄存器r0"传递给<syscall >，然后将其移动到 <中的注册r7"syscall >，遵循 EABI 定义的man syscall"规则.

The syscall number is passed by the register "r0" to < syscall >, and it is moved it to register "r7" in the < syscall >, which follows the rule of EABI defined "man syscall".

   arch/ABI   instruction          syscall #   retval Notes
   -------------------------------------------------------------------
   arm/OABI   swi NR               -           a1     NR is syscall #
   arm/EABI   swi 0x0              r7          r0

是的，OABI 上的 syscall() 也遵循使用特殊系统调用__NR_syscall"的规则.

Yes, syscall() on OABI also follows the rule using the special system call "__NR_syscall".

那么，__NR_syscall"是 OABI 的特殊系统调用吗?

So, is "__NR_syscall" is special system call for OABI?

然而，EABI Linux 保留了__NR_syscall".是为了兼容性吗?我知道 EABI Linux 内核可以运行 OABI 二进制文件.

However, EABI Linux keeps the "__NR_syscall". Is it for compatibility? I know EABI Linux kernel can run the OABI binary.

这篇关于ARM-OABI 上 syscall() 的实现.什么是“svc #0x900071"?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！