1SYSCALL(2) Linux Programmer's Manual SYSCALL(2)
2
6 syscall - indirect system call
7
9 #define _GNU_SOURCE /* See feature_test_macros(7) */
10 #include <unistd.h>
11 #include <sys/syscall.h> /* For SYS_xxx definitions */
12 long syscall(long number, ...);
14
16 syscall() is a small library function that invokes the system call
17 whose assembly language interface has the specified number with the
18 specified arguments. Employing syscall() is useful, for example, when
19 invoking a system call that has no wrapper function in the C library.
20 syscall() saves CPU registers before making the system call, restores
22 the registers upon return from the system call, and stores any error
23 code returned by the system call in errno(3) if an error occurs.
24 Symbolic constants for system call numbers can be found in the header
26 file <sys/syscall.h>.
27
29 The return value is defined by the system call being invoked. In gen‐
30 eral, a 0 return value indicates success. A -1 return value indicates
31 an error, and an error code is stored in errno.
32
34 syscall() first appeared in 4BSD.
35 Architecture-specific requirements
37 Each architecture ABI has its own requirements on how system call argu‐
38 ments are passed to the kernel. For system calls that have a glibc
39 wrapper (e.g., most system calls), glibc handles the details of copying
40 arguments to the right registers in a manner suitable for the architec‐
41 ture. However, when using syscall() to make a system call, the caller
42 might need to handle architecture-dependent details; this requirement
43 is most commonly encountered on certain 32-bit architectures.
44 For example, on the ARM architecture Embedded ABI (EABI), a 64-bit
46 value (e.g., long long) must be aligned to an even register pair.
47 Thus, using syscall() instead of the wrapper provided by glibc, the
48 readahead() system call would be invoked as follows on the ARM archi‐
49 tecture with the EABI in little endian mode:
50 syscall(SYS_readahead, fd, 0,
52 (unsigned int) (offset & 0xFFFFFFFF),
53 (unsigned int) (offset >> 32),
54 count);
55 Since the offset argument is 64 bits, and the first argument (fd) is
57 passed in r0, the caller must manually split and align the 64-bit value
58 so that it is passed in the r2/r3 register pair. That means inserting
59 a dummy value into r1 (the second argument of 0). Care also must be
60 taken so that the split follows endian conventions (according to the C
61 ABI for the platform).
62 Similar issues can occur on MIPS with the O32 ABI, on PowerPC and
64 parisc with the 32-bit ABI, and on Xtensa.
65 Note that while the parisc C ABI also uses aligned register pairs, it
67 uses a shim layer to hide the issue from user space.
68 The affected system calls are fadvise64_64(2), ftruncate64(2),
70 posix_fadvise(2), pread64(2), pwrite64(2), readahead(2),
71 sync_file_range(2), and truncate64(2).
72 This does not affect syscalls that manually split and assemble 64-bit
74 values such as _llseek(2), preadv(2), preadv2(2), pwritev(2), and
75 pwritev2(2). Welcome to the wonderful world of historical baggage.
76 Architecture calling conventions
78 Every architecture has its own way of invoking and passing arguments to
79 the kernel. The details for various architectures are listed in the
80 two tables below.
81 The first table lists the instruction used to transition to kernel mode
83 (which might not be the fastest or best way to transition to the ker‐
84 nel, so you might have to refer to vdso(7)), the register used to indi‐
85 cate the system call number, the register(s) used to return the system
86 call result, and the register used to signal an error.
87 Arch/ABI Instruction System Ret Ret Error Notes
89 call # val val2
90 ───────────────────────────────────────────────────────────────────
91 alpha callsys v0 v0 a4 a3 1, 6
92 arc trap0 r8 r0 - -
93 arm/OABI swi NR - a1 - - 2
94 arm/EABI swi 0x0 r7 r0 r1 -
95 arm64 svc #0 x8 x0 x1 -
96 blackfin excpt 0x0 P0 R0 - -
97 i386 int $0x80 eax eax edx -
98 ia64 break 0x100000 r15 r8 r9 r10 1, 6
99 m68k trap #0 d0 d0 - -
100 microblaze brki r14,8 r12 r3 - -
101 mips syscall v0 v0 v1 a3 1, 6
102 nios2 trap r2 r2 - r7
103 parisc ble 0x100(%sr2, %r0) r20 r28 - -
104 powerpc sc r0 r3 - r0 1
105 riscv scall a7 a0 a1 -
106 s390 svc 0 r1 r2 r3 - 3
107 s390x svc 0 r1 r2 r3 - 3
108 superh trap #0x17 r3 r0 r1 - 4, 6
109 sparc/32 t 0x10 g1 o0 o1 psr/csr 1, 6
110 sparc/64 t 0x6d g1 o0 o1 psr/csr 1, 6
111 tile swint1 R10 R00 - R01 1
112 x86-64 syscall rax rax rdx - 5
113 x32 syscall rax rax rdx - 5
114 xtensa syscall a2 a2 - -
115 Notes:
117 [1] On a few architectures, a register is used as a boolean (0 indicat‐
119 ing no error, and -1 indicating an error) to signal that the system
120 call failed. The actual error value is still contained in the
121 return register. On sparc, the carry bit (csr) in the processor
122 status register (psr) is used instead of a full register.
123 [2] NR is the system call number.
125 [3] For s390 and s390x, NR (the system call number) may be passed
127 directly with svc NR if it is less than 256.
128 [4] On SuperH, the trap number controls the maximum number of arguments
130 passed. A trap #0x10 can be used with only 0-argument system
131 calls, a trap #0x11 can be used with 0- or 1-argument system calls,
132 and so on up to trap #0x17 for 7-argument system calls.
133 [5] The x32 ABI shares syscall table with x86-64 ABI, but there are
135 some nuances:
136 · In order to indicate that a system call is called under the x32
138 ABI, an additional bit, __X32_SYSCALL_BIT, is bitwise-ORed with
139 the system call number. The ABI used by a process affects some
140 process behaviors, including signal handling or system call
141 restarting.
142 · Since x32 has different sizes for long and pointer types, lay‐
144 outs of some (but not all; struct timeval or struct rlimit are
145 64-bit, for example) structures are different. In order to han‐
146 dle this, additional system calls are added to the system call
147 table, starting from number 512 (without the __X32_SYSCALL_BIT).
148 For example, __NR_readv is defined as 19 for the x86-64 ABI and
149 as __X32_SYSCALL_BIT | 515 for the x32 ABI. Most of these addi‐
150 tional system calls are actually identical to the system calls
151 used for providing i386 compat. There are some notable excep‐
152 tions, however, such as preadv2(2), which uses struct iovec
153 entities with 4-byte pointers and sizes ("compat_iovec" in ker‐
154 nel terms), but passes an 8-byte pos argument in a single regis‐
155 ter and not two, as is done in every other ABI.
156 [6] Some architectures (namely, Alpha, IA-64, MIPS, SuperH, sparc/32,
158 and sparc/64) use an additional register ("Retval2" in the above
159 table) to pass back a second return value from the pipe(2) system
160 call; Alpha uses this technique in the architecture-specific getx‐
161 pid(2), getxuid(2), and getxgid(2) system calls as well. Other
162 architectures do not use the second return value register in the
163 system call interface, even if it is defined in the System V ABI.
164 The second table shows the registers used to pass the system call argu‐
166 ments.
167 Arch/ABI arg1 arg2 arg3 arg4 arg5 arg6 arg7 Notes
169 ──────────────────────────────────────────────────────────────
170 alpha a0 a1 a2 a3 a4 a5 -
171 arc r0 r1 r2 r3 r4 r5 -
172 arm/OABI a1 a2 a3 a4 v1 v2 v3
173 arm/EABI r0 r1 r2 r3 r4 r5 r6
174 arm64 x0 x1 x2 x3 x4 x5 -
175 blackfin R0 R1 R2 R3 R4 R5 -
176 i386 ebx ecx edx esi edi ebp -
177 ia64 out0 out1 out2 out3 out4 out5 -
178 m68k d1 d2 d3 d4 d5 a0 -
179 microblaze r5 r6 r7 r8 r9 r10 -
180 mips/o32 a0 a1 a2 a3 - - - 1
181 mips/n32,64 a0 a1 a2 a3 a4 a5 -
182 nios2 r4 r5 r6 r7 r8 r9 -
183 parisc r26 r25 r24 r23 r22 r21 -
184 powerpc r3 r4 r5 r6 r7 r8 r9
185 riscv a0 a1 a2 a3 a4 a5 -
186 s390 r2 r3 r4 r5 r6 r7 -
187 s390x r2 r3 r4 r5 r6 r7 -
188 superh r4 r5 r6 r7 r0 r1 r2
189 sparc/32 o0 o1 o2 o3 o4 o5 -
190 sparc/64 o0 o1 o2 o3 o4 o5 -
191 tile R00 R01 R02 R03 R04 R05 -
192 x86-64 rdi rsi rdx r10 r8 r9 -
193 x32 rdi rsi rdx r10 r8 r9 -
194 xtensa a6 a3 a4 a5 a8 a9 -
195 Notes:
197 [1] The mips/o32 system call convention passes arguments 5 through 8 on
199 the user stack.
200 Note that these tables don't cover the entire calling convention—some
202 architectures may indiscriminately clobber other registers not listed
203 here.
204
206 #define _GNU_SOURCE
207 #include <unistd.h>
208 #include <sys/syscall.h>
209 #include <sys/types.h>
210 #include <signal.h>
211 int
213 main(int argc, char *argv[])
214 {
215 pid_t tid;
216 tid = syscall(SYS_gettid);
218 syscall(SYS_tgkill, getpid(), tid, SIGHUP);
219 }
220
222 _syscall(2), intro(2), syscalls(2), errno(3), vdso(7)
223
225 This page is part of release 5.02 of the Linux man-pages project. A
226 description of the project, information about reporting bugs, and the
227 latest version of this page, can be found at
228 https://www.kernel.org/doc/man-pages/.
229Linux 2018-04-30 SYSCALL(2)