I study the Linux kernel and found out that for x86_64 architecture the interrupt int 0x80
doesn't work for calling system calls1.
For the i386 architecture (32-bit x86 user-space), what is more preferable: syscall
or int 0x80
and why?
I use Linux kernel version 3.4.
Footnote 1: int 0x80
does work in some cases in 64-bit code, but is never recommended. What happens if you use the 32-bit int 0x80 Linux ABI in 64-bit code?
syscall
is the default way of entering kernel mode on x86-64
. This instruction is not available in 32 bit modes of operation on Intel processors.sysenter
is an instruction most frequently used to invoke system calls in 32 bit modes of operation. It is similar to syscall
, a bit more difficult to use though, but that is the kernel's concern.int 0x80
is a legacy way to invoke a system call and should be avoided.The preferred way to invoke a system call is to use vDSO, a part of memory mapped in each process address space that allows to use system calls more efficiently (for example, by not entering kernel mode in some cases at all). vDSO also takes care of more difficult, in comparison to the legacy int 0x80
way, handling of syscall
or sysenter
instructions.