Linux Kernel Architecture

Chapter 13: System Calls

The read operation is delegated to theaccess_process_vmfunction that is implemented inmm/memory.c.

(Itusedtobelocatedinkernel/ptrace.c, but the new location is clearly a better choice.)

This function usesget_user_pagesto find the page matching the desired address in userspace memory.

A temporary memory location in the kernel is used to buffer the required data. After some clean-up

work, control is returned to the dispatcher.

Because the required data are still in kernel space,put_usermust be used to copy the result to the

userspace location specified by theaddrparameter.

The traced process is manipulated in a similar way byPTRACE_POKEDATA.(PTRACE_POKETEXTis used in

exactly the same way because again there is no difference between the two segments of virtual address

space.)access_process_vmfinds the memory page with the required address.access_process_vmis

directly responsible for replacing existing data with the new values passed in the system call.^13

13.4 Summary

One possible way to view the kernel is as a comprehensive library of things it can do for userland appli-

cations. System calls are the interface between an application and this library. By invoking a system call,

an application can request a service that the kernel then fulfills. This chapter first introduced you to the

basics of system programming, which led to how system calls are implemented within the kernel. In con-

trast to regular functions, invoking system calls requires more effort because a switch between the kernel

and user modes of the CPU must be performed. Since thekernel lives in a different portion of the virtual

address space from userland, you have also seen that some care is required when the kernel transfers

data from or to an application. Finally, you have seen how system call tracing allows for tracking the

behavior of programs and serves as an indispensable debugging tool in userspace.

System calls are a synchronous mechanism to change from user into kernel mode. The next chapter

introduces you to interrupts that require asynchronously changing between the modes.

(^13) A Boolean parameter can be selected to specify whether data are read only (PTRACE_POKETEXTorPTRACE_POKEDATA)orare
to be replaced with a new valueen passant.