kernel 系统调用----system call

Init

在trap_init中对SYSCALL_VECTOR（编号0x80）的向量进行初始化。

 808     set_system_trap_gate(SYSCALL_VECTOR, &system_call);

将system call初始化为trap门，加入到IDT table中，发生中断以后，会跳转到对应system_call的地址去执行后续的中断流程。发生中断到跳转执行中断向量的过程在kernel 中断分析三——中断处理流程有详细解释，本篇只关注system_call的运行过程。

ENTRY(system_call)

 499 /*
 500  * syscall stub including irq exit should be protected against kprobes
 501  */
 502     .pushsection .kprobes.text, "ax"
 503     # system call handler stub
 504 ENTRY(system_call)
 505     RING0_INT_FRAME         # can't unwind into user space anyway
 506     ASM_CLAC
 507     pushl_cfi %eax          # save orig_eax  --------------1
 508     SAVE_ALL                                    -----------2
 509     GET_THREAD_INFO(%ebp)                       -----------3
 510                     # system call tracing in operation / emulation
 511     testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) ---------4
 512     jnz syscall_trace_entry
 513     cmpl $(NR_syscalls), %eax
 514     jae syscall_badsys
 515 syscall_call:                                      --------5
 516     call *sys_call_table(,%eax,4)
 517 syscall_after_call:                                --------6
 518     movl %eax,PT_EAX(%esp)      # store the return value
 519 syscall_exit:                                      --------7
 520     LOCKDEP_SYS_EXIT
 521     DISABLE_INTERRUPTS(CLBR_ANY)    # make sure we don't miss an interrupt
 522                     # setting need_resched or sigpending
 523                     # between sampling and the iret
 524     TRACE_IRQS_OFF
 525     movl TI_flags(%ebp), %ecx
 526     testl $_TIF_ALLWORK_MASK, %ecx  # current->work
 527     jne syscall_exit_work
 528

1. RING0_INT_FRAME设置esp、eip指向内核态，然后将eax中的系统调用号入栈
2. 保存现场，即用户态的一些寄存器值
3. 将thread_info的地址保存到ebp寄存器
4. 当前进程是否有被trace，如果有就执行相关的动作保存当时的追踪信息
5. 调用对应的系统调用函数
6. 将返回值入栈
7. 屏蔽其他中断。检测当前进程是否还有工作没有完成，如果有，那么跳转到syscall_exit_work
8. 然后恢复userspace被压入栈的寄存器，返回userspace

 529 restore_all:
 530     TRACE_IRQS_IRET
 531 restore_all_notrace:
 532 #ifdef CONFIG_X86_ESPFIX32
 533     movl PT_EFLAGS(%esp), %eax  # mix EFLAGS, SS and CS     ------------1
 534     # Warning: PT_OLDSS(%esp) contains the wrong/random values if we
 535     # are returning to the kernel.
 536     # See comments in process.c:copy_thread() for details.
 537     movb PT_OLDSS(%esp), %ah
 538     movb PT_CS(%esp), %al
 539     andl $(X86_EFLAGS_VM | (SEGMENT_TI_MASK << 8) | SEGMENT_RPL_MASK), %eax
 540     cmpl $((SEGMENT_LDT << 8) | USER_RPL), %eax
 541     CFI_REMEMBER_STATE
 542     je ldt_ss           # returning to user-space with LDT SS
 543 #endif
 544 restore_nocheck:
 545     RESTORE_REGS 4          # skip orig_eax/error_code
 546 irq_return:
 547     INTERRUPT_RETURN                            ----------
 548 .section .fixup,"ax"
 549 ENTRY(iret_exc)
 550     pushl $0            # no error code
 551     pushl $do_iret_error
 552     jmp error_code
 553 .previous
 554     _ASM_EXTABLE(irq_return,iret_exc)
 555
 556 #ifdef CONFIG_X86_ESPFIX32
 557     CFI_RESTORE_STATE
 558 ldt_ss:
 559 #ifdef CONFIG_PARAVIRT
 560     /*
 561      * The kernel can't run on a non-flat stack if paravirt mode
 562      * is active.  Rather than try to fixup the high bits of
 563      * ESP, bypass this code entirely.  This may break DOSemu
 564      * and/or Wine support in a paravirt VM, although the option
 565      * is still available to implement the setting of the high
 566      * 16-bits in the INTERRUPT_RETURN paravirt-op.
 567      */
 568     cmpl $0, pv_info+PARAVIRT_enabled
 569     jne restore_nocheck
 570 #endif
 571
 572 /*
 573  * Setup and switch to ESPFIX stack
 574  *
 575  * We're returning to userspace with a 16 bit stack. The CPU will not
 576  * restore the high word of ESP for us on executing iret... This is an
 577  * "official" bug of all the x86-compatible CPUs, which we can work
 578  * around to make dosemu and wine happy. We do this by preloading the
 579  * high word of ESP with the high word of the userspace ESP while
 580  * compensating for the offset by changing to the ESPFIX segment with
 581  * a base address that matches for the difference.
 582  */
 583 #define GDT_ESPFIX_SS PER_CPU_VAR(gdt_page) + (GDT_ENTRY_ESPFIX_SS * 8)
 584     mov %esp, %edx          /* load kernel esp */
 585     mov PT_OLDESP(%esp), %eax   /* load userspace esp */
 586     mov %dx, %ax            /* eax: new kernel esp */
 587     sub %eax, %edx          /* offset (low word is 0) */
 588     shr $16, %edx
 589     mov %dl, GDT_ESPFIX_SS + 4 /* bits 16..23 */
 590     mov %dh, GDT_ESPFIX_SS + 7 /* bits 24..31 */
 591     pushl_cfi $__ESPFIX_SS
 592     pushl_cfi %eax          /* new kernel esp */
 593     /* Disable interrupts, but do not irqtrace this section: we
 594      * will soon execute iret and the tracer was already set to
 595      * the irqstate after the iret */
 596     DISABLE_INTERRUPTS(CLBR_EAX)
 597     lss (%esp), %esp        /* switch to espfix segment */
 598     CFI_ADJUST_CFA_OFFSET -8
 599     jmp restore_nocheck
 600 #endif
 601     CFI_ENDPROC
 602 ENDPROC(system_call)

syscall_exit_work

_TIF_ALLWORK_MASK 的定义如下：

144 /* Work to do on any return to user space. */
145 #define _TIF_ALLWORK_MASK \
146   (_TIF_SIGPENDING|_TIF_NEED_RESCHED|_TIF_SINGLESTEP|\
147    _TIF_ASYNC_TLB|_TIF_NOTIFY_RESUME)

当以下情况之一发生时，返回用户态之前需要进入syscall_exit_work处理：
1. 当前进程有信号pending
2. 当前进程需要被重新调度
3. 设置了_TIF_SINGLESTEP，restore singlestep on return to user mode
4. got an async TLB fault in kernel
5. callback before returning to user

 670 syscall_exit_work:
 671     testl $_TIF_WORK_SYSCALL_EXIT, %ecx----------1
 672     jz work_pending
 673     TRACE_IRQS_ON
 674     ENABLE_INTERRUPTS(CLBR_ANY) # could let syscall_trace_leave() call
 675                     # schedule() instead
 676     movl %esp, %eax
 677     call syscall_trace_leave
 678     jmp resume_userspace------------------------2
 679 END(syscall_exit_work)

1. 检测是否有work pending
2. 否则开中断然后返回用户态

 607 work_pending:
 608     testb $_TIF_NEED_RESCHED, %cl     -------------1
 609     jz work_notifysig                 -------------2
 610 work_resched:                         -------------3     
 611     call schedule
 612     LOCKDEP_SYS_EXIT
 613     DISABLE_INTERRUPTS(CLBR_ANY)    # make sure we don't miss an interrupt
 614                     # setting need_resched or sigpending
 615                     # between sampling and the iret
 616     TRACE_IRQS_OFF
 617     movl TI_flags(%ebp), %ecx
 618     andl $_TIF_WORK_MASK, %ecx  # is there any work to be done other
 619                     # than syscall tracing?
 620     jz restore_all
 621     testb $_TIF_NEED_RESCHED, %cl
 622     jnz work_resched
 623
 624 work_notifysig:             # deal with pending signals and-------------------4
 625                     # notify-resume requests
 626 #ifdef CONFIG_VM86
 627     testl $X86_EFLAGS_VM, PT_EFLAGS(%esp)
 628     movl %esp, %eax
 629     jne work_notifysig_v86      # returning to kernel-space or
 630                     # vm86-space
 631 1:
 632 #else
 633     movl %esp, %eax
 634 #endif
 635     TRACE_IRQS_ON
 636     ENABLE_INTERRUPTS(CLBR_NONE)
 637     movb PT_CS(%esp), %bl
 638     andb $SEGMENT_RPL_MASK, %bl
 639     cmpb $USER_RPL, %bl
 640     jb resume_kernel
 641     xorl %edx, %edx
 642     call do_notify_resume -------------------5
 643     jmp resume_userspace
 644
 645 #ifdef CONFIG_VM86
 646     ALIGN
 647 work_notifysig_v86:
 648     pushl_cfi %ecx          # save ti_flags for do_notify_resume
 649     call save_v86_state     # %eax contains pt_regs pointer
 650     popl_cfi %ecx
 651     movl %eax, %esp
 652     jmp 1b
 653 #endif
 654 END(work_pending)

1. 检测_TIF_NEED_RESCHED，若被设置，跳转到work_resched，否则跳转到work_notifysig，进行信号处理
2. 调用schedule主动让出CPU
3. 处理pending的信号，具体的处理流程在do_notify_resume 中的do_signal

整个处理流程用流程图表现得更加直观：