System Call

A system call is a request made by a program to the kernel to perform a specific function, such as input/output operations, memory allocation, or process control.

Syscalls are typically made through an interrupt instruction, which is a special type of instruction that stops the execution and transfers control to the kernel. The kernel then performs the requested service and returns control to the program once it is completed.

Certain syscalls are similar to libc functions such as open(), fork() or read(); this is because these functions are simply syscalls wrappers, making it much easier for programmers.

Here is a list of syscalls for x86/x64 and arm architectures

Make a Syscall

The instruction used to make a system call vary for each instruction set architecture. Here is some example :

Once the syscall instruction is called, the kernel will check the value stored into a specific register ( accumulator register for x86/x64 i.e. EAX or RAX ) - This is the syscall number which defines what syscall gets run.

Parameters are stored into the others register dependent of each syscall needs.

Nowaday syscalls aren't realy used for standard call such as exit or write due to vDSO.

vDSO is a mechanism used to accelerate certain system calls in Linux by providing a memory area allocated in user space that exposes some kernel functionality in a safe manner.

Last updated