Linux, system call table, 32 and x64

advertisements

I do not understand clearly 1. does system call addresses are the same for all linux machines (or they depend on compilation options) 2. does 32x86 and x64 have the same addresses of system calls? I have found some references in the web, for example swapon has x87 address, but not specified is it 32 bit or 64bit kernel version


I think you're confusing two quite important concepts here. There are two different "addresses" as such to understand:

  1. Actual, in memory addresses. These will vary between kernel compilations and unless deliberately fixed (I don't believe they are) will vary between compiler used. Every new kernel from my distribution has different addresses for system call functions.
  2. System call numbers. These are the integer values you use before running a sysenter (or an interrupt) which say "do a system call". These are always the same for a given ABI. The ABI is the application binary interface; the ability to take a compiled program between machines and have it run.

    x86 Linux and x86_64 Linux have different ABIs and as such the system call numbers are different. But between two different distributions running x86 Linux the ABI is the same, so these systems are ABI compatible and theoretically you should be able to port programs.

    Practically, it is more complicated than that (shared libraries, paths etc).

If you want to see the address of a kernel function on your system and you have System.map (you probably do), try:

cat /boot/System.map-`uname -r` | grep funcname

The system call table for your system is defined in /usr/include/asm/unistd_32.h or /usr/include/asm/unistd_64.h respectively.