#compsci 

## Protection ring

![[Pasted image 20230308115920.png]]
(for an x86 computer)

**System calls** allow us to perform a privileged instruction in kernel mode and then switch back to user mode.

## System calls
The basics is that when you call a program, the code inside it contains a system call wrapper, which invokes the system call which will execute a trap, which then gets caught by the system call handler and then references the system call in the system call table.

Example:
Let's say we are trying to call the stat() system call, it's identified by a syscall ID and the purpose of the stat() system call is to query the status of a file. Now remember, you were running the ls program in non-privilege mode. So now it sees you're trying to make a syscall, it then switches you over to kernel mode, there it does lots of things but most importantly it looks up your syscall number, finds it in a table based on the syscall ID and then executes the function you wanted to run. Once it's done, it will return back to user mode and your process will receive a return status if it was successful or if it had an error.

P.S. you can view the system calls that a process makes with the **[[strace]]** command

## Kernel location
Kernels are usuallly added to /boot.
Added files:
- vmlinuz (the actual linux kernel)
- initrd (temp file sys like initramfs)
- System.map (symbol lookup table - the entries of System.map store the information related to the entry's corresponding symbol)
- config (kernel config settings)

## Modules
View a list of currently loaded modules:
$ lsmod

Load a module:
$ sudo modprobe %modulename%
Modules are loaded from /lib/modules/%kernel version%/kernel/drivers/

Remove a module:
$ sudo modprobe -r %modulenam%

Load on bootup:
add a config file in /etc/modprobe.d/ :
options %modulename% type=%parameter%

Do not load on bootup:
add a config file in /etc/modprobe.d/ :
blacklist %modulename%