Syscall
From AWOS Wiki
This page describes the system call (commonly referred to as syscall) interface for the AWOS kernel. >==x86== On the Intel IA-32 architecture, there are two different ways to invoke the AWOS syscall interface: software-generated interrupts (INT 0x50) and the "fast" system entrance interface (SYSENTER).
Contents |
Fast syscall
Modern IA-32 processors and all EM64T processors support what is termed 'fast syscall' or SYSENTER/SYSEXIT functionality. However, when fast syscalls are used, the processor doesn't save state information on the current running user-mode process. Therefore, the AWOS kernel will be unable to return to the user process if state information is not saved. The calling process must therefore save its own state information.
The kernel expects the following stack/register layout when <code>SYSENTER</code> is called:
| Reg/location | Expected contents | Default if not specified |
|---|---|---|
| EAX | The calling EIP | Undefined |
| EBX | The callee's stack | Undefined |
| ECX | The syscall function number | Undefined |
| EDX | The memory location to save the return value to | Undefined |
| Stack | The parameters to the syscall. Any number of parameters of any length are supported, but the parameters must match the signature of the called function or Bad Thingsā¢ will result. | Undefined |
As you can see, there will be major problems if the callee doesn't save its EIP and stack. And don't be stupid and think all the registers default to 0 and not set ECX if you want to exit. And even if they do default to 0, your stack IS NOT a null pointer, your function IS NOT running in the BIOS data area, so you DO NOT let them be 0 either.
NOTE for anyone hacking the kernel: you MUST sanity-check the memory location as user-writable to prevent an attack on the kernel. This is worth reiterating: <span style="font-size: larger;">JUST BECAUSE YOU CAN WRITE TO IT IN-KERNEL, DOESN'T MEAN A USER PROGRAM CAN TELL YOU TO.</span> Use MmGetPermissions(<code>EDX</code>) or similar to sanitise.
A debated idea would be to have a parameter map at the beginning of the stack that specifies how the stack is organised. See Discussion page for more.
Software-generated interrupt
This interface is left only for purposes of compatibility with pre-f6/m3 Intel CPUs that do not support the fast syscall. This method works, but is generally slower as the kernel must "translate" the interrupt stack frame into the generic calling convention used by the fast syscall (and other architectures).
The kernel expects the following stack/register layout when <code>INT 0x50</code> is called:
| Reg/location | Expected contents | Default if not specified |
|---|---|---|
| EAX | Syscall function number | Undefined |
| EBX | Parameter #1 | Undefined |
| ECX | Parameter #2 | Undefined |
| EDX | Parameter #3 | Undefined |
| Stack | Unused. | Don't care |
Table of syscalls
| Number | Function name | Parameters |
|---|---|---|
| 0x0 | exit | int code
|
| 0x1 | putch | char ch
|
