Difference between revisions of "Kernel Syscalls"

From The iPhone Wiki
Jump to: navigation, search
m (updated from i0n1c infos)
m (new tweet)
Line 1: Line 1:
 
WARNING: i0nic just [http://twitter.com/i0n1c/status/175258824360476672 tweeted]:
 
WARNING: i0nic just [http://twitter.com/i0n1c/status/175258824360476672 tweeted]:
 
The CPU system call description on theiphonewiki is wrong
 
The CPU system call description on theiphonewiki is wrong
After asking, he answered[http://twitter.com/i0n1c/status/175281084936888320 1][http://twitter.com/i0n1c/status/175281257633165313 2]
+
After asking, he answered[http://twitter.com/i0n1c/status/175281084936888320 1][http://twitter.com/i0n1c/status/175281257633165313 2][http://twitter.com/i0n1c/status/175322765925158912 3]
 
Yes, the CPU syscall part is completely bogus.
 
Yes, the CPU syscall part is completely bogus.
   
 
as in: CPU syscalls are not called as described there
 
as in: CPU syscalls are not called as described there
  +
  +
I think R12 must be 0x80000000, R3 is code and R0-R2 are parameters?!?
   
 
== Note on these ==
 
== Note on these ==

Revision as of 20:56, 1 March 2012

WARNING: i0nic just tweeted:

The CPU system call description on theiphonewiki is wrong

After asking, he answered123

Yes, the CPU syscall part is completely bogus.
as in: CPU syscalls are not called as described there
I think R12 must be 0x80000000, R3 is code and R0-R2 are parameters?!?

Note on these

Args go in their normal registers, like arg1 in R0, as usual. Syscall # goes in IP (that's intra-procedural, not instruction pointer!), a.k.a R12.

As in all ARM (i.e. also on Android) the kernel entry is accomplished by the SVC command (SWI in some debuggers and ARM dialects). On the kernel end, a low level CPU exception handler (fleh_swi) is installed as part of the ExceptionVectorsBase, and - upon issuing a SWI/SVC - control is transferred to that address. This handler can check the syscall number to distinguish between POSIX calls (non negative) and Mach traps (negative).


CPU

Usage

MOV R12, #x // number from list
swi 0x80
bx lr

List

  • Clear Instruction Cache: 0
  • Flush Data Cache: 1
  • _pthread_set_self: 2
  • Unknown: 3

Unix

Usage

MOV IP, #x // number from following list into Intraprocedural, a.k.a. r12
SVC 0x80   // Formerly, SWI (software interrupt)

For example:


(gdb) disass chown
0x30d2ad54 <chown>:	mov	r12, #16	       ; 0x10, being # of chown
0x30d2ad58 <chown+4>:	svc	0x00000080

Most of these are the same as you would find in the XNU open source kernel, with ARM idiosyncrasies aside (and #372, ledger)

List

  • exit: 1
  • fork: 2
  • read: 3
  • write: 4
  • open: 5
  • close: 6
  • wait4: 7
  • link: 9
  • unlink: 10
  • chdir: 12
  • fchdir: 13
  • mknod: 14
  • chmod: 15
  • chown: 16
  • getfsstat: 18
  • getpid: 20
  • setuid: 23
  • getuid: 24
  • geteuid: 25
  • ptrace: 26
  • recvmsg: 27
  • sendmsg: 28
  • recvfrom: 29
  • accept: 30
  • getpeername: 31
  • getsockname: 32
  • access: 33
  • chflags: 34
  • fchflags: 35
  • sync: 36
  • kill: 37
  • getppid: 39
  • dup: 41
  • pipe: 42
  • getegid: 43
  • profil: 44
  • sigaction: 46
  • getgid: 47
  • sigprocmask: 48
  • getlogin: 49
  • setlogin: 50
  • acct: 51
  • sigpending: 52
  • signalstack: 53
  • ioctl: 54
  • reboot: 55
  • revoke: 56
  • symlink: 57
  • readlink: 58
  • execve: 59
  • umask: 60
  • chroot: 61
  • msync: 65
  • vfork: 66
  • munmap: 73
  • mprotect: 74
  • madvise: 75
  • mincore: 78
  • getgroups: 79
  • setgroups: 80
  • getpgrp: 81
  • setpgid: 82
  • setitimer: 83
  • swapon: 85
  • getitimer: 86
  • getdtablesize: 89
  • dup2: 90
  • fnctl: 92
  • select: 93
  • fsync: 95
  • setpriority: 96
  • socket: 97
  • connect: 98
  • getpriority: 100
  • bind: 104
  • setsockopt: 105
  • listen: 106
  • sigsuspend: 111
  • gettimeofday: 116
  • getrusage: 117
  • getsockopt: 118
  • readv: 120
  • writev: 121
  • settimeofday: 122
  • fchown: 123
  • fchmod: 124
  • setreuid: 126
  • setregid: 127
  • rename: 128
  • flock: 131
  • mkfifo: 132
  • sendto: 133
  • shutdown: 134
  • socketpair: 135
  • mkdir: 136
  • rmdir: 137
  • utimes: 138
  • futimes: 139
  • adjtime: 140
  • gethostuuid: 142
  • setsid: 145
  • getpgid: 151
  • setprivexec: 152
  • pread: 153
  • pwrite: 154
  • statfs: 157
  • fstatfs: 158
  • unmount: 159
  • quotactl: 165
  • mount: 167
  • csops: 169
  • waitid: 173
  • add_profil: 176
  • kdebug_trace: 180
  • setgid: 181
  • setegid: 182
  • seteuid: 183
  • sigreturn: 184
  • chod: 185
  • fdatasync: 187
  • stat: 188
  • fstat: 189
  • lstat: 190
  • pathconf: 191
  • fpathconf: 192
  • getrlimit: 194
  • setrlimit: 195
  • getdirentries: 196
  • mmap: 197
  • lseek: 199
  • truncate: 200
  • ftruncate: 201
  • __sysctl: 202
  • mlock: 203
  • munlock: 204
  • undelete: 205
  • mkcomplex: 216
  • statv: 217
  • lstatv: 218
  • fstatv: 219
  • getattrlist: 220
  • setattrlist: 221
  • getdirentriesattr: 222
  • exchangedata: 223
  • fsgetpath: 224
  • searchfs: 225
  • delete: 226
  • copyfile: 227
  • fgetattrlist: 228
  • fsetattrlist: 229
  • poll: 230
  • watchevent: 231
  • waitevent: 232
  • modwatch: 233
  • getxattr: 234
  • fgetxattr: 235
  • setxattr: 236
  • fsetxattr: 237
  • removexattr: 238
  • fremovexattr: 239
  • listxattr: 240
  • flistxattr: 241
  • fsctl: 242
  • initgroups: 243
  • posix_spawn: 244
  • ffsctl: 245
  • minherit: 250
  • shm_open: 266
  • shm_unlink: 267
  • sem_open: 268
  • sem_close: 269
  • sem_unlink: 270
  • sem_wait: 271
  • sem_trywait: 272
  • sem_post: 273
  • sem_getvalue: 274
  • sem_init: 275
  • sem_destroy: 276
  • open_extended: 277
  • umask_extended: 278
  • stat_extended: 279
  • lstat_extended: 280
  • fstat_extended: 281
  • chmod_extended: 282
  • fchmod_extended: 283
  • access_extended: 284
  • settid: 285
  • gettid: 286
  • setsgroups: 287
  • getsgroups: 288
  • setwgroups: 289
  • getwgroups: 290
  • mkfifo_extended: 291
  • mkdir_extended: 292
  • identitysvc: 293
  • shared_region_check_np: 294
  • shared_region_map_np: 295
  • vm_pressure_monitor: 296
  • __pthread_mutex_destroy: 301
  • __pthread_mutex_init: 302
  • __pthread_mutex_lock: 303
  • __pthread_mutex_trylock: 304
  • __pthread_mutex_unlock: 305
  • __pthread_cond_init: 306
  • __pthread_cond_destroy: 307
  • __pthread_cond_broadcast: 308
  • __pthread_cond_signal: 309
  • getsid: 310
  • settid_with_pid: 311
  • __pthread_cond_timedwait: 312
  • aio_fsync: 313
  • aio_return: 314
  • aio_suspend: 315
  • aio_cancel: 316
  • aio_error: 317
  • aio_read: 318
  • aio_write: 319
  • lio_listio: 320
  • __pthread_cond_wait: 321
  • iopolicysys: 322
  • mlockall: 324
  • munlockall: 325
  • issetugid: 327
  • __pthread_kill: 328
  • __pthread_sigmask: 329
  • __sigwait: 330
  • __disable_threadsignal: 331
  • __pthread_markcancel: 332
  • __pthread_canceled: 333
  • proc_info: 336
  • stat64: 338
  • fstat64: 339
  • lstat64: 340
  • stat64_extended: 341
  • lstat64_extended: 342
  • fstat64_extended: 343
  • getdirectories64: 344
  • statfs64: 345
  • fstatfs64: 346
  • getfsstat64: 347
  • __pthread_chdir: 348
  • __pthread_fchdir: 349
  • kqueue: 362
  • kevent: 363
  • lchown: 364
  • stack_snapshot: 365
  • kevent64: 369
  • __semwait_signal: 370
  • __semwait_signal_nocancel: 371
  • ledger: 372 - This Syscall exists only in iOS, having been taken out of OS X a while ago.

The following syscalls are for BSD's Mandatory Access Control, on top of which Apple's "SandBox" (sandbox.kext) is implemented

  • __mac_execve: 380
  • __mac_syscall: 381
  • __mac_get_file: 382
  • __mac_set_file: 383
  • __mac_get_link: 384
  • __mac_set_link: 385
  • __mac_get_proc: 386
  • __mac_set_proc: 387
  • __mac_get_fd: 388
  • __mac_set_fd: 389
  • __mac_get_pid: 390
  • __mac_get_lcid: 391
  • __mac_get_lctx: 392
  • __mac_set_lctx: 393

  • setlcid: 394
  • getlcid: 395

The "nocancel"s are the same as their cancellable counterparts. In most cases, the latter are just wrappers, with a call to __pthread_testcancel(1);

  • read_nocancel: 396
  • write_nocancel: 397
  • open_nocancel: 398
  • close_nocancel: 399
  • wait4_nocancel: 400
  • recvmsg_nocancel: 401
  • sendmsg_nocancel: 402
  • recvfrom_nocancel: 403
  • accept_nocancel: 404
  • msync_nocancel: 405
  • fnctl_nocancel: 406
  • select_nocancel: 407
  • fsync_nocancel: 408
  • connect_nocancel: 409
  • sigsuspend_nocancel: 410
  • readv_nocancel: 411
  • writev_nocancel: 412
  • sendto_nocancel: 413
  • pread_nocancel: 414
  • pwrite_nocancel: 415
  • waitid_nocancel: 416
  • poll_nocancel: 417
  • sem_wait_nocancel: 420
  • aio_suspend_nocancel: 421
  • __sigwait_nocancel: 422
  • __semwait_signal_nocancel: 423

  • __mac_mount: 424
  • __mac_get_mount: 425
  • __mac_getfsstat: 426
  • fsgetpath_1: 427
  • _audit_session_self: 428
  • audit_session_join: 429
  • fileport_makeport: 430
  • fileport_makefd: 431
  • audit_session_port: 432
  • pid_suspend: 433
  • pid_resume: 434
  • pid_hibernate: 435
  • pid_shutdown_sockets: 436
  • (unused): 437
  • shared_region_map_and_slide_np: 438 (used in ASLR)