I have a confusion about the system call mechanism. In X86, System Call uses eax to pass the system call number to kernel.
But what does it use to pass the parameters to kernel, at some place I am seeing it uses stack and at other places it says, it uses ebx, ecx, etc registers.
So can someone confirm which one is correct ?
Fore reference : this link says it uses stack.
And this link says it uses registers.
Both the links tell that the parameters are passed through registers like EBX, ECX, etc to the kernel space from the user space.
In the first reference page : 35/352, System Call Implementation/wrappers task 1st point, it is given that
the parameters available in the user stack are moved to the processor registers and then this registers are used to pass parameters of the syscall to the kernel space.
I think you must be confused after seeing the word stack in that point about implementing the libc wrappers like write() which are callable from C, to interface between the system-call calling convention (6 regs) and the function-calling convention (stack args since user-space doesn't normally use -mregparm=3)
Both the links are correct.
You can see in , all system calls are declared with prefix asmlinkage. Infact when you define your system call using SYSCALL_DEFINEx macro, it defines your system call function with asmlinkage directive. asmlinkage directive directs compiler that the function should not expect any of it's parameters from CPU registers i.e. all parameters should be accessed from stack only.
When called from user space each parameters are pushed to CPU registers, during user to kernel transition, kernel needs to save all the registers onto stack (in order to restore the environment before returning to the user space) when handling the system call requests from user space, so after that the parameters are available on stack for kernel space system call function.
