Linux Kernel sys_call_table、Kernel Symbols Export Table Generation Principle、Difference Between System Calls Entrance In 32bit、64bit Linux(undone)

目录

1. sys_call_table:系统调用表

2. 内核符号导出表、kallsyms_lookup_name

3. Linux 32bit、64bit下系统调用入口的异同

1. sys_call_table:系统调用表

Relevant Link:

2. 内核符号导出表、kallsyms_lookup_name

Relevant Link:

3. Linux 32bit、64bit下系统调用入口的异同

以sys_execve、sys_socketcall、sys_init_module这三个系统调用作为研究对象

0x1: Linux 32bit

1. sys_execve

对于Linux 32bit操作系统来说,sys_execve的系统调用号保存在:

\linux-3.15.5\arch\sh\include\uapi\asm\unistd_32.h

#define __NR_execve         11

系统调用处理函数在内核内存中的地址可以通过以下方式得到

cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_execve
//c0408150 T sys_execve

在正常情况下(当前linux没有被rootkit、sys_call_table没有被hooked),sys_call_table(系统调用表)中的函数地址和内核导出符号表中的函数地址应该是相同的,即

sys_call_table[__NR_sys_execve] = cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_execve

系统调用函数的入口点跟踪如下

linux-3.15.5\fs\exec.c

SYSCALL_DEFINE3(execve,
        const char __user *, filename,
        const char __user *const __user *, argv,
        const char __user *const __user *, envp)
{
    return do_execve(getname(filename), argv, envp);
}

这是个宏定义,等价于对sys_execve的声明

int do_execve(struct filename *filename,
    const char __user *const __user *__argv,
    const char __user *const __user *__envp)
{
    struct user_arg_ptr argv = { .ptr.native = __argv };
    struct user_arg_ptr envp = { .ptr.native = __envp };
    return do_execve_common(filename, argv, envp);
}

2. sys_socketcall

\linux-3.15.5\arch\sh\include\uapi\asm\unistd_32.h

#define __NR_socketcall        102

在内核符号导出表中得到的内核内存地址

cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_socketcall
//c078fd70 T sys_socketcall

\linux-3.15.5\net\socket.c

/*
进行socket调用派发
*/
SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
{
    unsigned long a[AUDITSC_ARGS];
    unsigned long a0, a1;
    int err;
    unsigned int len;

    if (call < 1 || call > SYS_SENDMMSG)
        return -EINVAL;

    len = nargs[call];
    if (len > sizeof(a))
        return -EINVAL;

    /* copy_from_user should be SMP safe. */
    if (copy_from_user(a, args, len))
        return -EFAULT;

    err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
    if (err)
        return err;

    a0 = a[0];
    a1 = a[1];

    switch (call) {
    case SYS_SOCKET:
        err = sys_socket(a0, a1, a[2]);
        break;
    case SYS_BIND:
        err = sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
        break;
    case SYS_CONNECT:
        err = sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
        break;
    case SYS_LISTEN:
        err = sys_listen(a0, a1);
        break;
    case SYS_ACCEPT:
        err = sys_accept4(a0, (struct sockaddr __user *)a1,
                  (int __user *)a[2], 0);
        break;
    case SYS_GETSOCKNAME:
        err =
            sys_getsockname(a0, (struct sockaddr __user *)a1,
                    (int __user *)a[2]);
        break;
    case SYS_GETPEERNAME:
        err =
            sys_getpeername(a0, (struct sockaddr __user *)a1,
                    (int __user *)a[2]);
        break;
    case SYS_SOCKETPAIR:
        err = sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
        break;
    case SYS_SEND:
        err = sys_send(a0, (void __user *)a1, a[2], a[3]);
        break;
    case SYS_SENDTO:
        err = sys_sendto(a0, (void __user *)a1, a[2], a[3],
                 (struct sockaddr __user *)a[4], a[5]);
        break;
    case SYS_RECV:
        err = sys_recv(a0, (void __user *)a1, a[2], a[3]);
        break;
    case SYS_RECVFROM:
        err = sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
                   (struct sockaddr __user *)a[4],
                   (int __user *)a[5]);
        break;
    case SYS_SHUTDOWN:
        err = sys_shutdown(a0, a1);
        break;
    case SYS_SETSOCKOPT:
        err = sys_setsockopt(a0, a1, a[2], (char __user *)a[3], a[4]);
        break;
    case SYS_GETSOCKOPT:
        err =
            sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
                   (int __user *)a[4]);
        break;
    case SYS_SENDMSG:
        err = sys_sendmsg(a0, (struct msghdr __user *)a1, a[2]);
        break;
    case SYS_SENDMMSG:
        err = sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3]);
        break;
    case SYS_RECVMSG:
        err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]);
        break;
    case SYS_RECVMMSG:
        err = sys_recvmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3],
                   (struct timespec __user *)a[4]);
        break;
    case SYS_ACCEPT4:
        err = sys_accept4(a0, (struct sockaddr __user *)a1,
                  (int __user *)a[2], a[3]);
        break;
    default:
        err = -EINVAL;
        break;
    }
    return err;
}

3. sys_init_module

\linux-3.15.5\arch\sh\include\uapi\asm\unistd_32.h

#define __NR_init_module    128

在内核符号导出表中得到的内核内存地址

cat /boot/System.map-2.6.32-358.el6.i686 | grep sys_init_module
//c04975a0 T sys_init_module

\linux-3.15.5\kernel\module.c

SYSCALL_DEFINE3(init_module, void __user *, umod,
        unsigned long, len, const char __user *, uargs)
{
    int err;
    struct load_info info = { };

    err = may_init_module();
    if (err)
        return err;

    pr_debug("init_module: umod=%p, len=%lu, uargs=%p\n", umod, len, uargs);

    err = copy_module_from_user(umod, len, &info);
    if (err)
        return err;

    return load_module(&info, uargs, 0);
}

0x2: Linux 64bit

在Linux 64bit下,系统调用的入口点和32bit下有一点区别

1. sys_execve

\linux-3.15.5\arch\sh\include\uapi\asm\unistd_64.h

#define __NR_execve         11
//和32bit下一样

在内核符号导出表中得到的内核内存地址

cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep stub_execve
ffffffff8100b4e0 T stub_execve
cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_execve
ffffffff810095b0 T sys_execve

对于64bit的Linux系统来说,在系统调用外层使用了stub(wrapper functions),我们打印一下Linux 64bit的sys_call_table

find_sys_call_table.c

#include <linux/module.h>
#include <linux/init.h>
#include <linux/types.h>
#include <asm/uaccess.h>
#include <asm/cacheflush.h>
#include <linux/syscalls.h>
#include <linux/delay.h>    // loops_per_jiffy

/* Just so we do not taint the kernel */
MODULE_LICENSE("GPL");

void **syscall_table;
unsigned long **find_sys_call_table(void);

unsigned long **find_sys_call_table() {

    unsigned long ptr;
    unsigned long *p;

    for (ptr = (unsigned long)sys_close;
         ptr < (unsigned long)&loops_per_jiffy;
         ptr += sizeof(void *)) {

        p = (unsigned long *)ptr;

        if (p[__NR_close] == (unsigned long)sys_close) {
            printk(KERN_DEBUG "Found the sys_call_table!!!\n");
            return (unsigned long **)p;
        }
    }

    return NULL;
} 

static int __init syscall_init(void)
{
    int ret;
    unsigned long addr;
    unsigned long cr0;
    int num = 0;

    syscall_table = (void **)find_sys_call_table();

    if (!syscall_table)
    {
        printk(KERN_DEBUG "Cannot find the system call address\n");
        return -1;
    }

    do
        {
            printk("%d:  the address is: %16x\n", num, syscall_table[num]);
            num++;
        } while (num < 400);

    return 0;
}

static void __exit syscall_release(void)
{
}

module_init(syscall_init);
module_exit(syscall_release);

Makefile

obj-m := find_sys_call_table.o
PWD       := $(shell pwd)

all:
    make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules

clean:
    rm -rf *.o *~ core .*.cmd *.mod.c ./tmp_version *.ko modules.order  Module.symvers

clean_omit:
    rm -rf *.o *~ core .*.cmd *.mod.c ./tmp_version modules.order  Module.symvers

打印64bit上的sys_call_table的函数地址

[924227.139499] 0:  the address is:         811788a0
[924227.139500] 1:  the address is:         81178930
[924227.139501] 2:  the address is:         81175690
[924227.139503] 3:  the address is:         81175430
[924227.139504] 4:  the address is:         8117d420
[924227.139505] 5:  the address is:         8117d520
[924227.139506] 6:  the address is:         8117d360
[924227.139508] 7:  the address is:         8118dbe0
[924227.139509] 8:  the address is:         81178280
[924227.139510] 9:  the address is:         81010450
[924227.139511] 10:  the address is:         81144710
[924227.139512] 11:  the address is:         81142f50
[924227.139514] 12:  the address is:         81143320
[924227.139515] 13:  the address is:         81080d70
[924227.139516] 14:  the address is:         81081ee0
[924227.139517] 15:  the address is:         8100b5a0
[924227.139518] 16:  the address is:         8118b3c0
[924227.139520] 17:  the address is:         81178a60
[924227.139521] 18:  the address is:         811789c0
[924227.139522] 19:  the address is:         81178fe0
[924227.139523] 20:  the address is:         81178e10
[924227.139525] 21:  the address is:         81176500
[924227.139526] 22:  the address is:         811827a0
[924227.139527] 23:  the address is:         8118e220
[924227.139528] 24:  the address is:         810612b0
[924227.139529] 25:  the address is:         81145a20
[924227.139531] 26:  the address is:         81145c10
[924227.139532] 27:  the address is:         8113e7e0
[924227.139533] 28:  the address is:         811374b0
[924227.139534] 29:  the address is:         81205d50
[924227.139535] 30:  the address is:         81206fd0
[924227.139537] 31:  the address is:         81206360
[924227.139538] 32:  the address is:         8118a920
[924227.139539] 33:  the address is:         8118ab20
[924227.139540] 34:  the address is:         81080950
[924227.139542] 35:  the address is:         81096780
[924227.139543] 36:  the address is:         810700a0
[924227.139544] 37:  the address is:         8107c9c0
[924227.139545] 38:  the address is:         8106fcf0
[924227.139546] 39:  the address is:         8107c990
[924227.139548] 40:  the address is:         811784f0
[924227.139549] 41:  the address is:         8140a210
[924227.139550] 42:  the address is:         8140bfb0
[924227.139551] 43:  the address is:         8140c810
[924227.139552] 44:  the address is:         8140b490
[924227.139554] 45:  the address is:         8140b890
[924227.139555] 46:  the address is:         8140bdd0
[924227.139556] 47:  the address is:         8140bd40
[924227.139557] 48:  the address is:         8140be60
[924227.139558] 49:  the address is:         8140c0a0
[924227.139560] 50:  the address is:         8140b800
[924227.139561] 51:  the address is:         8140c190
[924227.139562] 52:  the address is:         8140c830
[924227.139563] 53:  the address is:         8140a040
[924227.139565] 54:  the address is:         8140c480
[924227.139566] 55:  the address is:         8140bee0
[924227.139567] 56:  the address is:         8100b400
[924227.139568] 57:  the address is:         8100b420
[924227.139569] 58:  the address is:         8100b440
[924227.139571] 59:  the address is:         8100b4e0
[924227.139572] 60:  the address is:         8106f540
[924227.139573] 61:  the address is:         8106e350
[924227.139574] 62:  the address is:         810833b0
[924227.139575] 63:  the address is:         810103a0
[924227.139577] 64:  the address is:         81203c40
[924227.139578] 65:  the address is:         812053f0
[924227.139579] 66:  the address is:         81204ac0
[924227.139580] 67:  the address is:         81205ab0
[924227.139582] 68:  the address is:         81202a50
[924227.139583] 69:  the address is:         812028d0
[924227.139584] 70:  the address is:         812024b0
[924227.139585] 71:  the address is:         81202fb0
[924227.139586] 72:  the address is:         8118a3f0
[924227.139588] 73:  the address is:         811c4000
[924227.139589] 74:  the address is:         811a7130
[924227.139590] 75:  the address is:         811a7110
[924227.139591] 76:  the address is:         811767c0
[924227.139592] 77:  the address is:         81176960
[924227.139594] 78:  the address is:         8118c150
[924227.139595] 79:  the address is:         8118f9b0
[924227.139596] 80:  the address is:         811762a0
[924227.139597] 81:  the address is:         81176200
[924227.139599] 82:  the address is:         81187e00
[924227.139600] 83:  the address is:         811882a0
[924227.139601] 84:  the address is:         81188160
[924227.139602] 85:  the address is:         811756c0
[924227.139603] 86:  the address is:         81188880
[924227.139605] 87:  the address is:         81187fe0
[924227.139606] 88:  the address is:         81188660
[924227.139607] 89:  the address is:         8117cf80
[924227.139608] 90:  the address is:         81176120
[924227.139609] 91:  the address is:         81175d00
[924227.139611] 92:  the address is:         81175f80
[924227.139612] 93:  the address is:         81175c40
[924227.139613] 94:  the address is:         81175e30
[924227.139614] 95:  the address is:         81084d90
[924227.139615] 96:  the address is:         81070fb0
[924227.139617] 97:  the address is:         81088280
[924227.139618] 98:  the address is:         81087f30
[924227.139619] 99:  the address is:         8107c790
[924227.139620] 100:  the address is:         81088ae0
[924227.139622] 101:  the address is:         81077910
[924227.139623] 102:  the address is:         81077f90
[924227.139624] 103:  the address is:         8106bc40
[924227.139625] 104:  the address is:         81077fd0
[924227.139627] 105:  the address is:         810892e0
[924227.139628] 106:  the address is:         81088d70
[924227.139629] 107:  the address is:         81077fb0
[924227.139630] 108:  the address is:         81077ff0
[924227.139631] 109:  the address is:         81088840
[924227.139633] 110:  the address is:         8107c960
[924227.139634] 111:  the address is:         81088820
[924227.139635] 112:  the address is:         81088640
[924227.139636] 113:  the address is:         810893e0
[924227.139638] 114:  the address is:         81088e50
[924227.139639] 115:  the address is:         81099f10
[924227.139640] 116:  the address is:         8109a360
[924227.139641] 117:  the address is:         81089160
[924227.139642] 118:  the address is:         81087860
[924227.139644] 119:  the address is:         81088c30
[924227.139645] 120:  the address is:         810877c0
[924227.139646] 121:  the address is:         810887a0
[924227.139647] 122:  the address is:         81088fa0
[924227.139649] 123:  the address is:         81088b50
[924227.139650] 124:  the address is:         81088720
[924227.139651] 125:  the address is:         81077340
[924227.139652] 126:  the address is:         810771a0
[924227.139653] 127:  the address is:         81080a60
[924227.139655] 128:  the address is:         81084580
[924227.139656] 129:  the address is:         81083210
[924227.139657] 130:  the address is:         81081af0
[924227.139658] 131:  the address is:         8100b460
[924227.139660] 132:  the address is:         811a7f30
[924227.139661] 133:  the address is:         81188530
[924227.139662] 134:  the address is:         810927d0
[924227.139663] 135:  the address is:         81069c80
[924227.139665] 136:  the address is:         811a8d90
[924227.139666] 137:  the address is:         811a9280
[924227.139667] 138:  the address is:         811a91f0
[924227.139668] 139:  the address is:         81195730
[924227.139669] 140:  the address is:         81089a20
[924227.139671] 141:  the address is:         81089d00
[924227.139672] 142:  the address is:         810663d0
[924227.139673] 143:  the address is:         81056590
[924227.139674] 144:  the address is:         810663f0
[924227.139676] 145:  the address is:         81056610
[924227.139677] 146:  the address is:         8104cf10
[924227.139678] 147:  the address is:         8104cf40
[924227.139679] 148:  the address is:         810564c0
[924227.139680] 149:  the address is:         81140120
[924227.139682] 150:  the address is:         81140090
[924227.139683] 151:  the address is:         8113fe90
[924227.139684] 152:  the address is:         8113fe30
[924227.139685] 153:  the address is:         81175240
[924227.139687] 154:  the address is:         8100ef20
[924227.139688] 155:  the address is:         81198120
[924227.139689] 156:  the address is:         81075800
[924227.139690] 157:  the address is:         81087900
[924227.139691] 158:  the address is:         810094a0
[924227.139693] 159:  the address is:         81070d40
[924227.139694] 160:  the address is:         81088120
[924227.139695] 161:  the address is:         81176140
[924227.139696] 162:  the address is:         811a73c0
[924227.139698] 163:  the address is:         810b8cd0
[924227.139699] 164:  the address is:         81070f00
[924227.139700] 165:  the address is:         81199a10
[924227.139701] 166:  the address is:         81197ce0
[924227.139702] 167:  the address is:         811502e0
[924227.139704] 168:  the address is:         8114fbb0
[924227.139705] 169:  the address is:         810897f0
[924227.139706] 170:  the address is:         81088430
[924227.139707] 171:  the address is:         81088330
[924227.139709] 172:  the address is:         8100b480
[924227.139710] 173:  the address is:         8100e860
[924227.139711] 174:  the address is:         810927d0
[924227.139712] 175:  the address is:         810afe50
[924227.139714] 176:  the address is:         810acea0
[924227.139715] 177:  the address is:         810927d0
[924227.139716] 178:  the address is:         810927d0
[924227.139717] 179:  the address is:         811db160
[924227.139718] 180:  the address is:         811cbb30
[924227.139720] 181:  the address is:         810927d0
[924227.139721] 182:  the address is:         810927d0
[924227.139722] 183:  the address is:         810927d0
[924227.139723] 184:  the address is:         810927d0
[924227.139725] 185:  the address is:         810927d0
[924227.139726] 186:  the address is:         8107c7e0
[924227.139727] 187:  the address is:         81111570
[924227.139728] 188:  the address is:         8119d020
[924227.139729] 189:  the address is:         8119cf60
[924227.139731] 190:  the address is:         8119ce80
[924227.139732] 191:  the address is:         8119c930
[924227.139733] 192:  the address is:         8119c8b0
[924227.139734] 193:  the address is:         8119ca70
[924227.139736] 194:  the address is:         8119d2e0
[924227.139737] 195:  the address is:         8119d270
[924227.139738] 196:  the address is:         8119d1d0
[924227.139739] 197:  the address is:         8119c4a0
[924227.139740] 198:  the address is:         8119c410
[924227.139742] 199:  the address is:         8119c9b0
[924227.139743] 200:  the address is:         81083030
[924227.139744] 201:  the address is:         810710b0
[924227.139745] 202:  the address is:         810a5f50
[924227.139747] 203:  the address is:         81066910
[924227.139748] 204:  the address is:         8105dee0
[924227.139749] 205:  the address is:         810927d0
[924227.139750] 206:  the address is:         811c06e0
[924227.139751] 207:  the address is:         811c02a0
[924227.139753] 208:  the address is:         811c1710
[924227.139754] 209:  the address is:         811c28d0
[924227.139755] 210:  the address is:         811bfde0
[924227.139756] 211:  the address is:         810927d0
[924227.139758] 212:  the address is:         811f61f0
[924227.139759] 213:  the address is:         811bc620
[924227.139760] 214:  the address is:         810927d0
[924227.139761] 215:  the address is:         810927d0
[924227.139762] 216:  the address is:         81136e10
[924227.139764] 217:  the address is:         8118c070
[924227.139765] 218:  the address is:         81066f90
[924227.139766] 219:  the address is:         8107ddd0
[924227.139767] 220:  the address is:         81204b60
[924227.139769] 221:  the address is:         81115c90
[924227.139770] 222:  the address is:         810905e0
[924227.139771] 223:  the address is:         81090200
[924227.139772] 224:  the address is:         81090500
[924227.139773] 225:  the address is:         81090060
[924227.139775] 226:  the address is:         81090c30
[924227.139776] 227:  the address is:         8108fd60
[924227.139777] 228:  the address is:         8108fc80
[924227.139778] 229:  the address is:         8108fbc0
[924227.139780] 230:  the address is:         8108fab0
[924227.139781] 231:  the address is:         8106f520
[924227.139782] 232:  the address is:         811bbaa0
[924227.139783] 233:  the address is:         811bbf90
[924227.139784] 234:  the address is:         81083060
[924227.139786] 235:  the address is:         811a7e80
[924227.139787] 236:  the address is:         810927d0
[924227.139788] 237:  the address is:         8115a480
[924227.139789] 238:  the address is:         811597d0
[924227.139791] 239:  the address is:         81156f90
[924227.139792] 240:  the address is:         81209c70
[924227.139793] 241:  the address is:         81208db0
[924227.139794] 242:  the address is:         812098e0
[924227.139795] 243:  the address is:         81209520
[924227.139797] 244:  the address is:         812086e0
[924227.139798] 245:  the address is:         812084d0
[924227.139799] 246:  the address is:         810ba480
[924227.139800] 247:  the address is:         8106e470
[924227.139802] 248:  the address is:         8120ea40
[924227.139803] 249:  the address is:         8120e7c0
[924227.139804] 250:  the address is:         8120ee10
[924227.139805] 251:  the address is:         811b56b0
[924227.139807] 252:  the address is:         811b52a0
[924227.139808] 253:  the address is:         811ba9b0
[924227.139809] 254:  the address is:         811ba3b0
[924227.139810] 255:  the address is:         811ba1f0
[924227.139811] 256:  the address is:         811592d0
[924227.139813] 257:  the address is:         81175670
[924227.139814] 258:  the address is:         81188180
[924227.139815] 259:  the address is:         811882c0
[924227.139816] 260:  the address is:         81175ed0
[924227.139818] 261:  the address is:         811a7dd0
[924227.139819] 262:  the address is:         8117d2f0
[924227.139820] 263:  the address is:         81188120
[924227.139821] 264:  the address is:         81187ba0
[924227.139822] 265:  the address is:         81188720
[924227.139824] 266:  the address is:         81188550
[924227.139825] 267:  the address is:         8117cec0
[924227.139826] 268:  the address is:         81176020
[924227.139827] 269:  the address is:         81176330
[924227.139829] 270:  the address is:         8118e010
[924227.139830] 271:  the address is:         8118da60
[924227.139831] 272:  the address is:         81067480
[924227.139832] 273:  the address is:         810a2b90
[924227.139833] 274:  the address is:         810a3120
[924227.139835] 275:  the address is:         811a5500
[924227.139836] 276:  the address is:         811a63f0
[924227.139837] 277:  the address is:         811a6e30
[924227.139838] 278:  the address is:         811a5ad0
[924227.139840] 279:  the address is:         81165d40
[924227.139841] 280:  the address is:         811a7ea0
[924227.139842] 281:  the address is:         811bbda0
[924227.139843] 282:  the address is:         811bd380
[924227.139844] 283:  the address is:         811bdd90
[924227.139846] 284:  the address is:         811bee20
[924227.139847] 285:  the address is:         81176630
[924227.139848] 286:  the address is:         811bd920
[924227.139849] 287:  the address is:         811bded0
[924227.139851] 288:  the address is:         8140c560
[924227.139852] 289:  the address is:         811bd1a0
[924227.139853] 290:  the address is:         811beda0
[924227.139854] 291:  the address is:         811bc490
[924227.139856] 292:  the address is:         8118a990
[924227.139857] 293:  the address is:         81182720
[924227.139858] 294:  the address is:         811ba800
[924227.139859] 295:  the address is:         81178f20
[924227.139860] 296:  the address is:         81178d50
[924227.139862] 297:  the address is:         81082f20
[924227.139863] 298:  the address is:         81110160
[924227.139864] 299:  the address is:         8140bc70
[924227.139865] 300:  the address is:         810927d0
[924227.139867] 301:  the address is:         810927d0
[924227.139868] 302:  the address is:         810927d0
[924227.139869] 303:  the address is:         810927d0
[924227.139870] 304:  the address is:         810927d0
[924227.139871] 305:  the address is:         810927d0
[924227.139873] 306:  the address is:         811a7470
[924227.139874] 307:  the address is:         8140b7e0
[924227.139875] 308:  the address is:         810118ef
[924227.139876] 309:  the address is:         810119d0
[924227.139878] 310:  the address is:         81011980
[924227.139879] 311:  the address is:         81011923
[924227.139880] 312:  the address is:         810118f6
[924227.139881] 313:  the address is:         810118c4
[924227.139882] 314:  the address is:         81011b30
[924227.139884] 315:  the address is:         81011b28
[924227.139885] 316:  the address is:         81011b38
[924227.139886] 317:  the address is:         81011af8
[924227.139887] 318:  the address is:         81011aa8
[924227.139889] 319:  the address is:         81011af0
[924227.139890] 320:  the address is:         81011ae8
[924227.139891] 321:  the address is:         81011ae0

通过对比sys_call_table和内核符号导出表的关系,我们可以发现Linux 64bit下的系统调用映射关系是这样的

sys_call_table[59]  = stub_execve = ffffffff8100b4e0
sys_execve = 在sys_call_table中不存在

在Linux 64bit下,stub_execve就是sys_execve的wrapper函数

/source/arch/x86/um/sys_call_table_64.c

#define stub_execve sys_execve

这也意味着在Linux 64bit下,sys_execeve在sys_call_table里不存在了,而是用stub_execve取代了,

2. sys_socketcall

\linux-3.15.5\arch\sh\include\uapi\asm\unistd_64.h

#define __NR_socketcall        102    /* old implementation of socket systemcall */
//和Linux 32bit的一样

在内核符号导出表中得到的内核内存地址

cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_socketcall
ffffffff8140c950 T sys_socketcallffffffff8143a130 T compat_sys_socketcall

需要明白的是,sys_socketcall只适用于x86-32平台下适用,在非x86-32平台下,sys_socketcall是不存在的,Linux 64bit将sys_socketcall的"系统调用派发机制"拆分成了分别独立的系统调用,例如sys_socket、sys_bind、sys_connect

1. sys_socket
cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_socket
ffffffff8140a210 T sys_socket
[924227.139549] 41:  the address is:         8140a210

2. sys_connect
cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_connect
ffffffff8140bfb0 T sys_connect
[924227.139550] 42:  the address is:         8140bfb0

3. sys_bind
cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_bind
ffffffff8140c0a0 T sys_bind
[924227.139558] 49:  the address is:         8140c0a0

3. sys_init_module

\linux-3.15.5\arch\sh\include\uapi\asm\unistd_64.h

#define __NR_init_module    128
//和Linux 32bit的一样

在内核符号导出表中得到的内核内存地址

cat /boot/System.map-2.6.32-220.23.2.ali878.el6.x86_64 | grep sys_init_module
ffffffff810afe50 T sys_init_module
[924227.139712] 175:  the address is:         810afe50

Relevant Link:

http://stackoverflow.com/questions/9940391/looking-for-a-detailed-document-on-linux-system-calls

Copyright (c) 2014 LittleHann All rights reserved

时间: 2024-11-08 18:19:31

Linux Kernel sys_call_table、Kernel Symbols Export Table Generation Principle、Difference Between System Calls Entrance In 32bit、64bit Linux(undone)的相关文章

ARM Linux从Bootloader、kernel到filesystem启动流程

转自:http://www.veryarm.com/1491.html ARM Linux启动流程大致为:bootloader ---->kernel---->root filesystem.bootloader 是一上电就拿到cpu 的控制权的,而bootloader实现了硬件的初始化.bootloader俨然就成了Power on 之后”第一个吃螃蟹”的代码. 谈到这就得想到硬件机制是如何满足这个功能的了.CPU内部一般都集成小容量的SRAM (又叫stapping stone,垫脚石),

Linux系统启动流程之kernel

Linux系统启动流程之kernel   1.内核参数修改方法: 2.内核内核模块管理: 3.内核编译 用户空间访问.监控内核的方式:/proc, /sys 伪文件系统 /proc/sys: 此目录中的文件很多是可读写的 /sys/: 某些文件可写   1.内核参数修改方法: echo VALUE > /proc/sys/TO/SOMEFILE sysctl -w kernel.hostname= [[email protected] vm]# free -m  total   used   f

ORACLE Linux以及 Unbreakable Enterprise Kernel

Oracle Linux,全称为Oracle Enterprise Linux,简称OEL,Linux发行版本之一.Oracle公司在2006年初发布第一个版本,以对Oracle软件和硬件支持较好见长.OEL,一般人通常叫法为Oracle企业版Linux,由于Oracle提供的企业级支持计划UBL(Unbreakable Linux),所以很多人都称OEL为坚不可摧Linux.2010年9月,Oracle Enterprise Linux发布新版内核--Unbreakable Enterpris

ipcs、ipcrm、sysresv、kernel.shmmax

ipcs.ipcrm.sysresv.kernel.shmmax 1.1  BLOG文档结构图 1.2  前言部分 1.2.1  导读和注意事项 各位技术爱好者,看完本文后,你可以掌握如下的技能,也可以学到一些其它你所不知道的知识,~O(∩_∩)O~: ① ipcs的使用 ② ipcrm释放oracle内存段 ③ sysresv的使用 ④ 内核参数kernel.shmmax ⑤ 如何快速的清理Oracle的进程 ⑥ 其它维护操作   Tips: ① 本文在itpub(http://blog.it

基于FL2440的3.6.6内核移植出现Uncompressing Linux... done, booting the kernel.

具体问题 参考解决方案 解决思路 深入解决 1.具体问题: 在移植3.6.6的内核后,下载启动卡死,具体是串口打印信息停留在"Uncompressing Linux- done, booting the kernel." 2. 参考解决方案: 依据网上的说法要确保如下情况: 2.1 内核的时钟频率正确 2.2 boot和kerel 配置一致的MACH_TYPE,即板子MACHINE ID 2.3 串口驱动配置正常 在内核配置device drivers->character de

在Linux运行期间升级Linux系统(Uboot+kernel+Rootfs)

版本:v1.2 摘要 本文主要介绍了如何在嵌入式Linux系统运行的时候,进行升级整个Linux系统,包括uboot,kernel和rootfs.以及简介Linux中的已有的通用的Nor Flash驱动m25p80,和简介mtd util以及相关工具mtdinfo,flash_erase,flash_eraseall,nanddump,nandwrite等的基本用法. 本文提供多种格式供: 在线阅读 HTML HTMLs PDF CHM TXT RTF WEBHELP 下载(7zip压缩包) H

Linux设置环境变量方法(export PATH)

1.动态库路径的设置 Linux下调用动态库和windows不一样.linux 可执行程序是靠配置文件去读取路径的,因此有些时候需要设置路径 具体操作如下 export LD_LIBRARY_PATH=/home/.....(动态库的目录) 不过这种设置方法只是在当前的session中有效 你可以修改配置文件实现任何session都有效 2.环境变量的设置 一般来说,配置交叉编译工具链的时候需要指定编译工具的路径,此时就需要设置环境变量.例如我的mips-linux-gcc编译器在"/opt/a

Truncate table、Delete与Drop table的区别

Truncate table.Delete与Drop table的区别 TRUNCATE TABLE 在功能上与不带 WHERE 子句的 DELETE 语句相同:二者均删除表中的全部行.但 TRUNCATE TABLE 比 DELETE 速度快,且使用的系统和事务日志资源少. DELETE 语句每次删除一行,并在事务日志中为所删除的每行记录一项.TRUNCATE TABLE 通过释放存储表数据所用的数据页来删除数据,并且只在事务日志中记录页的释放. TRUNCATE TABLE 删除表中的所有行

Linux VFS Extended Attribute And Access Control Table

catalog 0. 简介 1. 扩展属性 2. 访问控制表 3. 小结 0. 简介 许多文件系统都提供了一些特性,扩展了VFS层提供的标准功能,虚拟文件系统不可能为所有特性都提供具体的数据结构.超出标准的UNIX文件模型的附加特性,通常需要将一个组扩展属性关联到每个文件系统对象Linux内核能够提供的是一个框架,容许增加特定于文件系统的扩展,扩展属性(extended attribute xattrs)是能够关联到文件的任意属性,由于每个文件通常都只关联了所有可能扩展属性的一个子集,扩展属性存