I read that in the newer kernels system calls are invoked using the INT X80 instruction and also using the sysenter instruction. And also the sysenter instruction gives faster invocation as compared to the other method.
How could I check which all system calls are invoked by that method?
Best Answer
Unless you're running a pre-2.6 kernel, you won't be using the
int x80
method for invoking most system calls. They have been replaced in favor of thesystenter/sysexit
method since kernel 2.6 (started in the 2.5 series) for things that matter.Note that if you have old binaries that were built against older kernels, those could still be using the
int x80
method - the only thing you can do about that is rebuilding them (or getting updated binaries).Run
ldd your_exe
on the program you're worried about. If it listslinux-gate.so.1
orlinux-vdso.so.1
, it's using the new syscalls. If not, it's (most likely) using the old method.For static binaries, it's harder to tell. One way would be to
objdump your_exe | less
and look for system call wrappers (__gettimeofday
is a good candidate). You'll see from the disassembly if it is using an interrupt or not.A good rundown of how the old INT 80 calls worked and how the new syscall interface came to be and is setup can be found here: System calls (by Andries Brouwer).
Another good read: What is linux-gate.so.1?.
Both these articles are linked in this other one: Sysenter Based System Call Mechanism in Linux 2.6, and points to the Understanding The Linux Kernel book by Daniel P. Bovet, Marco Cesati which is good for more general information.
So in short: don't worry about it. If you've got a recent-enough system (CPU, kernel and distribution), you're using the "fast" system calls.