The Linux Kernel: System Calls A-E

Discussion in 'Linux Kernel' started by DevynCJohnson, Mar 9, 2014.

  1. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Likes Received:
    Trophy Points:
    Series Index -

    Once a Linux user learns about the different system calls, then it becomes clear just how complex Linux can be in completing common tasks. Below, many system calls are listed and explained. Notice the double parenthesis after each one. These exist because in computer programming (most languages) functions and commands that are to be executed end in "()" with parameters within the parenthesis. Thus, all of the system calls are functions that are defined and programmed in the kernel's source code.

    NOTE: Most of the system calls will be discussed across a few articles, but not all of them will be covered. Some of the obsolete ones will be listed, but most will not be mentioned.

    accept() - This system call creates socket connections. The similar system call accept4() supports flags. This syscall supports various protocols such as IPv4/6, Appletalk, IPX, and others (including sockets for communications between processes).

    access() - This checks the permissions of a file before the calling process can access the file. This syscall first ensures the specified file exists. If so, then the system call checks if the process/user may read, write, and/or execute the file.

    acct() - Process accounting is turned on and off using this system call. Process accounting is record keeping for executed commands. This allows admins to be aware of all commands that were executed, who/what executed them, etc.

    add_key() - This adds or updates a key in the kernel's key management facility.

    adjtimex() - This system call updates the kernel's clock using an algorithm by David L. Mills'. This system call can also get various information like the amount of microseconds between ticks, current time, offset, precision, etc.

    alarm() - An alarm is set which will send a signal to a process.

    alloc_hugepages() - An old system call (no longer used) that allocated and freed huge pages (large chunks of memory).

    bind() - Newly created sockets get an address (sometimes called a name) from this system call. When connecting to a server, the client uses bind() on its side of the connection (the initiated side) and the server will use connect() on its side of the socket.

    brk() - Memory can be given to or taken from running processes using this system call. A "program-break" is the last part of a processes memory on RAM. More memory can be given to the process by allocating more memory at the program-break, and deallocated the program's memory removes memory at the program-break.

    cacheflush() - Flush the data cache in the specified address.

    capget() - Get the capabilities of threads.

    capset() - Set the capabilities of threads.

    NOTE: A thread's capabilities refers to its attributes and permissions such as permissions to access particular network ports, execute Root programs, etc. A complete list of the capabilities may be found here /usr/include/linux/capabilities.h

    chdir() - Yes, this command users regularly use to change the current directory is a system call.

    chmod() - Surprise! Another commonly used command is a system call. This one changes file permissions.

    chown() - At this point, you may not be shocked; another system call that changes file ownership.

    chroot() - This popular shell command is also a system call. This changes the root directory.

    clock_getres() - This retrieves the clock's resolution. Resolution is another term for precision. This syscall only works on POSIX clocks.

    clock_nanosleep() - This system call is like the commonly used "sleep" command, but this system call pauses threads at the nanosecond level.

    clone() - Like fork(), the process is forked, but not with the same results as fork(). There are several differences between fork() and clone(), but clone() makes a child process that uses the parent process's memory space while fork() gives the child process its own memory space.

    close() - After a program is done writing or reading a file, the file should be closed to release memory and a file descriptor for reuse. The close() system call performs the closing of the file. Some documentation may say close() closes a file descriptor. This is also true. Closing a file descriptor just means a file descriptor is freed.

    connect() - Create a connection to a socket.

    creat() - This system call creates a file. No, this is not a typo. The system call really is called "creat()" without the second "e".

    delete_module() - Kernel modules are unloaded by this system call. If the specified module is being used or is needed by other modules or the kernel itself, then the syscall will leave the module alone.

    dup() - File descriptors can be duplicated with this system call. File descriptors would need to be duplicated when a thread viewing a file forks or when a command's output is redirected.

    epoll_create() - Create a new file descriptor for a new instance of epoll.

    epoll_ctl() - This system call is used to perform various tasks on an epoll file descriptor.

    epoll_wait() - This system call waits until an event is performed on a specified epoll file descriptor. This syscall is important when software should only perform some action after a particular event happens to an epoll file descriptor.

    eventfd() - The Event-File-Descriptor system call creates a file descriptor that is used to notify software about events or to make some software wait on some event.

    NOTE: An abbreviation for file descriptor is “fd”. So, system calls that end in “fd” may relate to file descriptors.

    execve() - Have you ever wondered which system call (if any) causes executable to run? Well, this system call is the one that does so. execve() can also execute scripts that begin with a valid hashpling. If needed, this syscall will call the Linux Dynamic Linker ( to set and link required libraries to the executable.

    _exit() - Processes/threads use this system call to close themselves. Yes, there is an underscore at the beginning of this syscall. If a thread calls _exit(), then only that thread closes.

    FUN FACT: Programs close in one of three ways – kill signal, fatal error, or calling _exit(). Notice that only one out of three is a graceful way to close. In other words, programs either willing close (_exit()), crash (fatal error), or they are murdered (kill signal). Wow, software has a harsh life (^u^).

    exit_group() - All of a process's threads and associated threads are closed with this syscall. This is a special form of _exit().

    Further Reading

    Attached Files:

    • slide.JPG
      File size:
      87.2 KB
    Last edited: Jun 23, 2015
    ryanvade likes this.

Share This Page