直接使用系统调用

网上有很多文档介绍如何添加自定义的系统调用的，说的都特别详细，但是定义好自定义的系统调用后，察看新生成的内核符号表System.map中也出现了自己定义的系统调用，但是在编写用户程序进行测试时，发现问题了：

_syscall0--_syscall6宏在linux/unistd.h中没有了。致使用户测试程序没法进行。

我查阅了内核源码和Changelogs,发现在Linux2.6.19.1中这些宏还在,如下：

#include <linux/err.h>/* * user-visible error numbers are in the range -1 - -MAX_ERRNO: see * <asm-i386/errno.h> */#define __syscall_return(type, res) /do { / if ((unsigned long)(res) >= (unsigned long)(-MAX_ERRNO)) { /  errno = -(res); /  res = -1; / } / return (type) (res); /} while (0)/* XXX - _foo needs to be __foo, while __NR_bar could be _NR_bar. */#define _syscall0(type,name) /type name(void) /{ /long __res; /__asm__ volatile ("int $0x80" / : "=a" (__res) / : "0" (__NR_##name)); /__syscall_return(type,__res); /}#define _syscall1(type,name,type1,arg1) /type name(type1 arg1) /{ /long __res; /__asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" / : "=a" (__res) / : "0" (__NR_##name),"ri" ((long)(arg1)) : "memory"); /__syscall_return(type,__res); /}#define _syscall2(type,name,type1,arg1,type2,arg2) /type name(type1 arg1,type2 arg2) /{ /long __res; /__asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" / : "=a" (__res) / : "0" (__NR_##name),"ri" ((long)(arg1)),"c" ((long)(arg2)) / : "memory"); /__syscall_return(type,__res); /}#define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3) /type name(type1 arg1,type2 arg2,type3 arg3) /{ /long __res; /__asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" / : "=a" (__res) / : "0" (__NR_##name),"ri" ((long)(arg1)),"c" ((long)(arg2)), /    "d" ((long)(arg3)) : "memory"); /__syscall_return(type,__res); /}#define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4) /type name (type1 arg1, type2 arg2, type3 arg3, type4 arg4) /{ /long __res; /__asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" / : "=a" (__res) / : "0" (__NR_##name),"ri" ((long)(arg1)),"c" ((long)(arg2)), /   "d" ((long)(arg3)),"S" ((long)(arg4)) : "memory"); /__syscall_return(type,__res); /} #define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4, /   type5,arg5) /type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) /{ /long __res; /__asm__ volatile ("push %%ebx ; movl %2,%%ebx ; movl %1,%%eax ; " /                  "int $0x80 ; pop %%ebx" / : "=a" (__res) / : "i" (__NR_##name),"ri" ((long)(arg1)),"c" ((long)(arg2)), /   "d" ((long)(arg3)),"S" ((long)(arg4)),"D" ((long)(arg5)) / : "memory"); /__syscall_return(type,__res); /}#define _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4, /   type5,arg5,type6,arg6) /type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,type6 arg6) /{ /long __res; /  struct { long __a1; long __a6; } __s = { (long)arg1, (long)arg6 }; /__asm__ volatile ("push %%ebp ; push %%ebx ; movl 4(%2),%%ebp ; " /                  "movl 0(%2),%%ebx ; movl %1,%%eax ; int $0x80 ; " /                  "pop %%ebx ;  pop %%ebp" / : "=a" (__res) / : "i" (__NR_##name),"0" ((long)(&__s)),"c" ((long)(arg2)), /   "d" ((long)(arg3)),"S" ((long)(arg4)),"D" ((long)(arg5)) / : "memory"); /__syscall_return(type,__res); /}

但是到了Linux2.6.20,这些宏就没有定义了。Changelog中有说是Remove these macros.原因是这些宏会导致系统安全漏洞，网上也有利用此漏洞的例子。

那我们以后自定义系统调用后如何调用呢？我将这些宏加入程序程序后，发现可以很好的运行。

下面是一个例子：

 

#include <stdio.h>#include <linux/unistd.h> #include <linux/err.h>/* * user-visible error numbers are in the range -1 - -MAX_ERRNO: see * <asm-i386/errno.h> */#define __syscall_return(type, res) /do { / if ((unsigned long)(res) >= (unsigned long)(-MAX_ERRNO)) { /  errno = -(res); /  res = -1; / } / return (type) (res); /} while (0)/* XXX - _foo needs to be __foo, while __NR_bar could be _NR_bar. */#define _syscall0(type,name) /type name(void) /{ /long __res; /__asm__ volatile ("int $0x80" / : "=a" (__res) / : "0" (__NR_##name)); /__syscall_return(type,__res); /}#define _syscall1(type,name,type1,arg1) /type name(type1 arg1) /{ /long __res; /__asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" / : "=a" (__res) / : "0" (__NR_##name),"ri" ((long)(arg1)) : "memory"); /__syscall_return(type,__res); /}#define _syscall2(type,name,type1,arg1,type2,arg2) /type name(type1 arg1,type2 arg2) /{ /long __res; /__asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" / : "=a" (__res) / : "0" (__NR_##name),"ri" ((long)(arg1)),"c" ((long)(arg2)) / : "memory"); /__syscall_return(type,__res); /}#define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3) /type name(type1 arg1,type2 arg2,type3 arg3) /{ /long __res; /__asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" / : "=a" (__res) / : "0" (__NR_##name),"ri" ((long)(arg1)),"c" ((long)(arg2)), /    "d" ((long)(arg3)) : "memory"); /__syscall_return(type,__res); /}#define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4) /type name (type1 arg1, type2 arg2, type3 arg3, type4 arg4) /{ /long __res; /__asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" / : "=a" (__res) / : "0" (__NR_##name),"ri" ((long)(arg1)),"c" ((long)(arg2)), /   "d" ((long)(arg3)),"S" ((long)(arg4)) : "memory"); /__syscall_return(type,__res); /} #define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4, /   type5,arg5) /type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) /{ /long __res; /__asm__ volatile ("push %%ebx ; movl %2,%%ebx ; movl %1,%%eax ; " /                  "int $0x80 ; pop %%ebx" / : "=a" (__res) / : "i" (__NR_##name),"ri" ((long)(arg1)),"c" ((long)(arg2)), /   "d" ((long)(arg3)),"S" ((long)(arg4)),"D" ((long)(arg5)) / : "memory"); /__syscall_return(type,__res); /}#define _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4, /   type5,arg5,type6,arg6) /type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,type6 arg6) /{ /long __res; /  struct { long __a1; long __a6; } __s = { (long)arg1, (long)arg6 }; /__asm__ volatile ("push %%ebp ; push %%ebx ; movl 4(%2),%%ebp ; " /                  "movl 0(%2),%%ebx ; movl %1,%%eax ; int $0x80 ; " /                  "pop %%ebx ;  pop %%ebp" / : "=a" (__res) / : "i" (__NR_##name),"0" ((long)(&__s)),"c" ((long)(arg2)), /   "d" ((long)(arg3)),"S" ((long)(arg4)),"D" ((long)(arg5)) / : "memory"); /__syscall_return(type,__res); /} #define __NR_mycall 325_syscall1(int,mycall,int,rtvalue) int main(){printf("mycall(100)=%d/n",mycall(100));}

 

自定义的系统调用原型是

asmlinkage sys_mycall(int number){return number;}

 

 

一个open系统调用的例子：

#include <stdio.h>#include <linux/unistd.h>#include <linux/errno.h> #define __NR_myopen                      __NR_open /* * user-visible error numbers are in the range -1 - -MAX_ERRNO: see * <asm-i386/errno.h> */#define __syscall_return(type, res) \do { \ if ((unsigned long)(res) >= (unsigned long)(-4095)) { \  errno = -(res); \  res = -1; \ } \ return (type) (res); \} while (0) #define _syscall2(type,name,type1,arg1,type2,arg2) \type name(type1 arg1,type2 arg2) \{ \long __res; \__asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" \ : "=a" (__res) \ : "0" (__NR_##name),"ri" ((long)(arg1)),"c" ((long)(arg2)) \ : "memory"); \__syscall_return(type,__res); \} _syscall2(long, myopen, const char *, filename, int, flags)void main(){    int fd = myopen("/home/xx.txt", 3);    printf("fd is %d\n", fd);}

由此可见，应用程序的调用相当于直接使用汇编代码进行陷入，库函数相当于对汇编代码进行了封装。