How does system calls work in Linux

What is a system call?

ü The functions which change the execution mode of the program from user mode to kernel mode are known as system calls.

ü These calls are required in case some services are required by the program from kernel.

ü For example- if we want to change the date and time of the system or if we want to create a network socket then these services can only be provided by kernel and hence these cases require system calls. For example, socket () is a system call.

Why do we need system calls?

ü System calls acts as entry point to OS kernel. There are certain tasks that can only be done if a process is running in kernel mode.

ü Examples of these tasks can be interacting with hardware etc.

ü So if a process wants to do such kind of task then it would require itself to be running in kernel mode which is made possible by system calls.

How system call works?

ü From a programmer point of view, calling a system call is equivalent to calling any normal C function.

ü Inside the Linux kernel, each system call has a number associated with it.

ü The kernel expects all the information like system call number, the arguments to the system call etc to be present in CPU registers.

ü A system call first invokes a C library wrapper function which does all this work of placing the information required to be placed in CPU registers. The system call number is placed in the register %eax.

ü After doing the above work, the same wrapper function invokes a trap instruction 'int 0x80'. This instruction switches the processor mode from user mode to the kernel mode and executes the code kept at location 0x80.

ü After the above step, now since the processor is in kernel mode, the kernel calls a general trap handler function system_call() to handle this trap.

ü This handler function copies all the relevant information kept in the CPU registers onto the kernel stack, Validates the system call number, Uses the system call number to find the corresponding system call service routine from a table (sys_call_table) of service routines maintained by kernel and Calls the system call service routine with the arguments passed from the user space.

ü The system call service routine that is finally called by the trap handler first checks the validity of the arguments sent to it and then it does the actual work requested by the application.

ü Once the system call service routine is done with its processing, the control is returned back to the trap handler function which returns the flow back to the wrapper function in the user-mode.

A graphical example for system call working-

More on system Call-

ü The big picture view is that a system call is wrapped up in a user space function call, which accepts certain arguments from the user.

ü These arguments are packed up into a structure, along with a code that indicates which kernel resident function to execute.

ü The code then executes a CPU instruction which causes it's privilege level to rise to that of the kernel, while simultaneously executing a path of code that is now inside the kernel. This is called entering the kernel.

ü This code inside the kernel has access to the data structure that was assembled for the system call.

ü  It locates the target code, sets up the arguments for the code from the structure, and makes the call.