One possible way to view the kernel is as a comprehensive library of things it can do for userland applications. System calls are the interface between an application and this library. By invoking a system call, an application can request a service that the kernel then fulfills. This chapter first introduced you to the basics of system programming, which led to how system calls are implemented within the kernel. In contrast to regular functions, invoking system calls requires more effort because a switch between the kernel and user modes of the CPU must be performed. Since the kernel lives in a different portion of the virtual address space from userland, you have also seen that some care is required when the kernel transfers data from or to an application. Finally, you have seen how system call tracing allows for tracking the behavior of programs and serves as an indispensable debugging tool in userspace.

System calls are a synchronous mechanism to change from user into kernel mode. The next chapter introduces you to interrupts that require asynchronously changing between the modes.

13A Boolean parameter can be selected to specify whether data are read only (PTRACE_POKETEXT or PTRACE_POKEDATA) or are to be replaced with a new value en passant.

Continue reading here: Kernel Activities

Was this article helpful?

0 0