System Call Finder

System Call Finder

TITLE: System Call Finder

ISSUE_NAME: System Call Finder

DESCRIPTION: System calls are how programs request services from an operating system’s kernel. The operating system executes at the highest level of privilege and allows applications to request services via system calls, which are often executed via interrupts.

RELEVANCE: System calls can take up high CPU usage as they indicate time in the kernel. Keeping applications in user space and reducing both the transition time it takes to go from Ring 3 to Ring 0 and the time in kernel space is generally better and should be done where possible.

SOLUTION: In certain situations, similar user operations can be relied upon instead of going to Ring 0 all the time. For example, emulation of the kernel-bound clock_gettime() function in Linux  using rdtsc() in user space reduces time in the vmlinux kernel. On Windows, it should be noted that WaitForSingleObject() always makes a Ring 0 transition and can be replaced with EnterCriticalSection() or TryEnterCriticalSection() to reduce expensive calls to the kernel even if there is no contention on the lock.  Further discussion on the WFSO topic can be found here:


1 post / 0 new
For more complete information about compiler optimizations, see our Optimization Notice.