Skip to main content
Explain

System Calls in Linux

System calls are an integral part of the Linux architecture. Learn about the most common types of system calls in Linux.

Sagar Sharma

Warp Terminal

System calls are slightly different from what it suggests from its naming schema.

It is a standard interface by which the user programs can interact with the Linux kernel to access the resources safely.

Still, sounds complex? Let me explain.

What are the system calls in Linux

When running a computer, you interact with various programs that require system resources like network, filesystem, memory, and CPU. And here's where the concept of system calls kicks in! When a program requires a system resource, it sends a request for that resource to the kernel by making a system call.

Image source: LinuxBnB

Suppose you run a text editor to open a file and make changes. So here, the text editor will send system calls like  open(), write(), and close().

In fact, every Linux command and program makes several types of system calls. You can easily see them with the strace command.

strace linux_command

Take a look at how many system calls a simple echo command makes:

Using strace to see system calls in Linux (Click to expand)

Types of system calls in Linux

The system calls are divided into five categories:

  1. Process management system calls
  2. File management system calls
  3. Device management system calls
  4. Network management system calls
  5. System information system calls

While there are a huge number of system calls, I'll briefly discuss the most popular calls of each category.

So let's start with the first one.

1. Process management system calls

The process management system calls provide a way to create, manage and control the processes. In simple words, process management is a way to handle multiple processes and plays a crucial role in multitasking.

And these are some common process management system calls:

  • fork(): As the name suggests, this creates a child process from the parent process which results in the exact same process except for some values like PID and parent PID.
  • exec(): This system call replaces the current process image with the new image and it is used when you want to run a different program from the current process.
  • wait(): This system call waits to will the child process gets terminated and then gives some information about the child process. The prime example of this would be the exit status.
  • exit(): This system call terminates the current process and returns the resources acquired by that process (which was terminated recently) to the system.

2. File system calls

The filesystem calls in Linux facilities other programs to interact with the filesystem.

Here are some of the popular system calls:

  • open(): As the name suggests, it is used to open the file.
  • read(): This system call can be used to read data from a wide range of data types including regular files, and special files like pipes and sockets, and it can also read from device files like /dev directory.
  • write(): It is used to modify files, generate log files, reports, etc.
  • close(): This will close the file and save the changes to the disk(if any).

3. Network system calls

The network system calls are used to manage networks, send/receive data, resolve network addresses, etc.

And here are some of the popular network system calls:

  • socket(): This system call is used to create sockets which are endpoints for communication.
  • bind(): It is used to bind a socket to the specific address and port on the local network.
  • listen(): It is used to mark the socket as a passive listener so it can accept incoming requests from the other hosts.
  • accept(): This system call is used to accept the new incoming connection request.
  • connect(): It establishes the connection to the external network endpoint.
  • send(): As the name suggests, it is used to send data over the socket.
  • recv(): It is used to receive data over the socket.

4. Device management system calls

💡
The device management system calls include all the calls mentioned in the File system calls so I won't mention them here. 

The device management system calls are used to manage devices that are connected to your system. In simple terms, the device management system calls provides a way to read/write data, and control and configure those devices.

Here are some common device management system calls:

ioctl(): It is used to send control commands to the connected devices. Think of you controlling a robotic arm using a computer! Yep, that's how it is used.

mmap(): It is used to map the partition of a file into the memory of the own process. This results in direct access to the memory-mapped data as if it was a part of the process's own memory.

For example, let's say you want to process a large file in a program so rather than loading a whole file, you can map a portion of a file, use it and then unmap it.  

5. System information system calls

As the name suggests, the system information system calls are used to get various kinds of information such as system resources, system time, system configuration, etc.

Here are some of the most commonly used system information calls:

  • getpid(): Gets the PID (process ID) of the current process.
  • getppid(): Gets the parent PID of the current process.
  • getuid(): It will get the UID (used ID) of the current process.
  • getgid(): It will get the GID (group ID) of the current process.
  • uname(): This system call gets the information about the system name, version, release info, and other system-related info.
  • sysinfo(): It gets general information about the system which includes free memory, total memory, number of current processes, etc.
  • time(): It gets the current system time in seconds since 1t January 1970.

Pretty basic yet crucial to make your system work. Isn't it?

💡
You can get detail information on each system call through the man pages. Since they are in section 2, use the man command like this: man 2 system_call_name

Your call on system calls

You may wonder why the system needs to call for resources in the first place.

If your applications are directly allowed to use the system resource, it will result in a significant security threat and conflicts over the system.

And it is the same reason why it is not recommended to use Linux as root (always) and why you need to use sudo, which elevates the privileges for some time.

Here are a few interesting take on system calls I found on the web:

The Fascinating World of Linux System Calls – Sysdig
Simply put, system calls are the primary way that programs interface with the operating system. Contact Sysdig for more information.

And a good resource on the strace command use:

Understanding system calls on Linux with strace
A system call is a programmatic way a program requests a service from the kernel, and strace is a powerful tool that allows you to trace the thin layer bet

I hope you have a little better understanding of the system calls now.

Sagar Sharma