Introduction

Applications running on Linux operate in user space with restricted privileges. For security and stability reasons, user programs cannot directly:

  • Access hardware

  • Allocate physical memory

  • Control devices

  • Modify kernel data

  • Perform privileged operations

However, applications still need operating system services such as:

  • File access

  • Process creation

  • Network communication

  • Memory allocation

  • Device interaction

To safely provide these services, Linux uses:

System calls

System calls are one of the most fundamental concepts in operating systems because they form the controlled interface between:

  • User applications

  • Linux kernel

Every major application operation eventually relies on system calls.

Understanding Linux system calls is extremely important because they explain:

  • How applications interact with the OS

  • How privilege transitions occur

  • How kernel services are accessed

  • How operating systems maintain protection and abstraction

What is a System Call?

A system call is a controlled interface through which a user-space application requests services from the Linux kernel.

System calls allow applications to:

  • Access hardware indirectly

  • Request kernel operations

  • Use privileged services safely

Core Idea

Applications request kernel services through system calls

Important Insight

System calls form the secure boundary between user space and kernel space

Why System Calls Are Necessary

Applications run in:

  • User mode

User mode restricts:

  • Direct hardware access

  • Privileged instructions

Without system calls:

  • Applications could compromise system stability and security.

System calls allow:

  • Controlled access to kernel functionality.

Example Operations Requiring System Calls

  • Opening files

  • Creating processes

  • Sending network packets

  • Reading keyboard input

  • Allocating memory

User Space vs Kernel Space

Linux divides execution into:

  • User space

  • Kernel space

User Space

Restricted execution environment.

Applications run here.

Kernel Space

Privileged execution environment.

Kernel executes here.

CPU Modes

Modern CPUs support privilege levels.

User Mode

Limited privileges.

Cannot:

  • Access hardware directly

  • Execute sensitive instructions

Kernel Mode

Full privileges.

Kernel may:

  • Access memory

  • Control devices

  • Execute privileged operations

Important Insight

System calls trigger controlled transitions from user mode to kernel mode

Basic System Call Flow

Suppose application wants to read a file.

Step 1: Application Calls Library Function

Example:

read(fd, buffer, size);

Step 2: Library Invokes System Call

glibc wrapper prepares syscall.

Step 3: CPU Traps into Kernel

Special instruction executed.

CPU switches:

  • User mode → Kernel mode

Step 4: Kernel Executes Requested Service

Kernel performs file read.

Step 5: Result Returned

Kernel switches back:

  • Kernel mode → User mode

Application continues execution.

Important Insight

System calls temporarily transfer control from applications to the kernel

System Call Interface

Applications usually do not invoke raw system calls directly.

Instead:

  • Use standard libraries

Examples:

  • glibc

  • POSIX APIs

Example

open("file.txt", O_RDONLY);

Internally:

  • Library performs syscall instruction.

Trap Instruction

System calls use special CPU instructions.

Examples:

  • syscall

  • sysenter

  • int 0x80 (older Linux)

These instructions:

  • Transfer execution into kernel.

System Call Table

Linux maintains:

System call table

Maps:

  • Syscall numbers
    → Kernel functions

Example

read → syscall number
write → syscall number
fork → syscall number

Important Insight

The syscall table maps user requests to kernel service routines

Categories of Linux System Calls

Linux system calls generally fall into major categories.

1. Process Control

Examples:

  • fork()

  • exec()

  • exit()

  • wait()

2. File Management

Examples:

  • open()

  • read()

  • write()

  • close()

3. Device Management

Examples:

  • ioctl()

4. Information Maintenance

Examples:

  • getpid()

  • alarm()

5. Communication

Examples:

  • pipe()

  • socket()

  • shmget()

6. Memory Management

Examples:

  • mmap()

  • brk()

File-Related System Calls

open()

Opens file.

read()

Reads data.

write()

Writes data.

close()

Closes file descriptor.

Example

int fd = open("a.txt", O_RDONLY);
read(fd, buf, 100);
close(fd);

Process-Related System Calls

fork()

Creates process.

exec()

Loads new program.

wait()

Waits for child process.

exit()

Terminates process.

Example

pid_t pid = fork();

Memory-Related System Calls

mmap()

Maps files/memory regions.

brk()

Changes process heap size.

mprotect()

Changes memory permissions.

Important Insight

Linux exposes memory management functionality through specialized system calls

Networking System Calls

Linux networking heavily depends on system calls.

Examples:

  • socket()

  • bind()

  • connect()

  • send()

  • recv()

These form foundation of:

  • Internet applications

  • Servers

  • Cloud systems

Context Switching During System Calls

System calls involve:

  • Mode switching

  • Context saving

Kernel saves:

  • Registers

  • CPU state

before executing privileged operations.

Difference Between Function Call and System Call

FeatureFunction CallSystem Call
Execution spaceUser spaceUser → Kernel
Privilege switchNoYes
OverheadLowHigher
Hardware accessNoYes

Important Insight

System calls are significantly more expensive than normal function calls

Why System Calls Are Slower

Overhead includes:

  • Mode switching

  • Context saving

  • Security checks

  • Kernel execution

Therefore:

  • Excessive syscalls reduce performance.

Blocking vs Non-Blocking System Calls

Blocking

Process waits for operation completion.

Example:

  • Waiting for disk read.

Non-Blocking

Process continues immediately.

Used heavily in:

  • High-performance servers

Example

read() may block waiting for data

Asynchronous I/O and System Calls

Modern Linux supports:

  • Asynchronous system calls

  • Event-driven I/O

Examples:

  • epoll

  • io_uring

Very important for:

  • High-performance networking

POSIX System Calls

Linux largely follows:

POSIX standard

Provides portable system-call behavior across UNIX-like systems.

Security and System Calls

System calls heavily secured because:

  • They expose kernel functionality

Security mechanisms include:

  • Permission checks

  • Capability checks

  • SELinux policies

  • seccomp filtering

seccomp

Linux feature restricting allowed system calls.

Used heavily in:

  • Containers

  • Sandboxing

Example

Container may block:

  • mount()

  • reboot()

Important Insight

seccomp improves security by restricting accessible system calls

System Calls and Libraries

Many library functions eventually invoke syscalls.

Example:

printf()

ultimately may call:

  • write()

Direct System Call Invocation

Possible using:

  • syscall()

Example:

syscall(SYS_write, 1, "Hi", 2);

Usually avoided because:

  • Less portable

  • More complex

Monitoring System Calls

Linux provides tools for syscall tracing.

strace

Very important debugging tool.

Example:

strace ls

Displays:

  • All syscalls executed by program.

Example Output

open()
read()
write()
close()

Real-World Example

Suppose user saves document in editor.

Internally:

  1. Application calls write()

  2. System call traps into kernel

  3. Kernel accesses filesystem

  4. Disk driver writes data

  5. Kernel returns status

  6. User application continues

All coordinated through system calls.

Advantages of System Calls

1. Security

Controlled kernel access.

2. Hardware Abstraction

Applications need not know hardware details.

3. Stability

Kernel protects system resources.

4. Standardized Interface

Portable programming model.

Challenges of System Calls

1. Performance Overhead

Mode switching expensive.

2. Complexity

Kernel must validate requests carefully.

3. Security Risks

Kernel bugs dangerous.