System Calls also known as Syscalls are function invocation from User-Space into the kernel in order to request/receive some service from the Operating System . eg : read() , exit() etc etc..

Invoking System Calls

It is not possible to directly link the User Space with the Kernel space , as it would lead to security problems , system instability leading to more chances of a system crash. Therefore User-Space applications should not be allowed to directly execute or manipulate kernel data.. To encounter this problem the kernel provides a mechanism to the user-space applications to signal the kernel when it wished to invoke a syscall.

On i386 the mechanism carries out as follows :-
  1. The User-Space Application executes a interrupt instruction(int) with a value of 0x80
  2. This signals the kernel and switches to kernel space.
  3. The kernel executes a software interrupt handler.
If you are familiar with assembly (or even basics of registers etc) you must be knowing that the registers are used for parameter passing. The syscalls are denoted by a unique number eg: 0,1,2,3 etc . The user-space application stuffs this number in eax before executing the software interrupt instruction (int)..

Lets take a look at the functioning of a simple ASM program(just 2 instructions) to clear the concept :-
Code: asm
mov eax,1   ; 1 is the sycall for exit
int 0x80      ; switch to kernel space and execute exit(3)
This is a simple assembly program which performs a exit() syscall.

The Working (in i386):-
  • Move 1 to 'eax' (syscall number), which happens to be exit().
  • Switch to kernel space.
This was a short tutorial on how syscall works in linux and i hope it helped you in some way or other..