System Calls

Last Updated: 2023-02-16

System calls allow the kernel to carefully expose certain key pieces of functionality to user programs, such as accessing the file system, creating and destroying processes, communicating with other processes, and allocating more memory.

Early Unix systems exposed around twenty calls, Linux and OpenBSD each have over 300 different calls, NetBSD has close to 500, FreeBSD has over 500.

A system call is a C procedure call, the change of mode is achieved by special instructions hidden inside:

  • trap instruction: enter kernel mode.
  • return-from-trap instruction: back to user program in user mode.


Controls hardware devices.

Kernel accepts device drivers as extra modules. Device drivers run in kernel space and can directly address the device. ioctl is a single system call that userspace can use it to communicate with device drivers.

Unix command-line interface is built on pseudo terminals, which are controlled as if they were hardware devices, so ioctl is used.


Secure computing mode (seccomp): Any system calls not on the list are disallowed.