System Calls
Initiating the System Call Handler
Before calling the System call routine, the following registers are initialized
rax- contains system call number;rcx- contains return address to the user space;r11- contains register flags;rdi- contains first argument of a system call handler;rsi- contains second argument of a system call handler;rdx- contains third argument of a system call handler;r10- contains fourth argument of a system call handler;r8- contains fifth argument of a system call handler;r9- contains sixth argument of a system call handler;
If the System Call requires more than 6 arguments, the remaining ones are placed on the stack
Calling the System Call
A System call is a form of interrupt with an interrupt vector of 0x80.
When a interrupt comes in with a vector of 0x80, it gets the address of the IDT from the IDTr, and searches for entry for the corresponding vector.
In this case, the address points to entry_SYSCALL_64, which is a preparation function for the system call
entry_SYSCALL_64
Once the registers have been prepared for the system call, we entry into a function routine called entry_SYSCALL_64
entry_SYSCALL_64 switches to the kernel stack and saves some general purpose registers, old stack and code segment, flags and on the stack;
Once that is done, entry_SYSCALL_64 uses the value provided in rax to search for the address of the System Call Handler in the System Call Table SCT
System Call Table (SCT)
A System Call Table (SCT) is a collection of system call address handlers.
After the SCT is initialized, when a System Call is triggered, the kernel does not immediate read entries from the SCT.
Instead, it has to do some pre-processing from a function called entry_SYSCALL_64
Returning from System Call Handler
After the system call handler finishes processing, it calls sysretq and places the return value into rax register