
Guide to Linux System Calls (2016) - crunchbang123
https://blog.packagecloud.io/eng/2016/04/05/the-definitive-guide-to-linux-system-calls/
======
saagarjha
> Calling system calls by crafting your own assembly is generally a bad idea
> as the ABI may break underneath you.

syscall should have a stable ABI at the very least, because this would
otherwise break all statically linked code.

~~~
ufo
That is true for Linux but might not be true for other operating systems
though.

~~~
yjftsjthsd-h
It is absolutely not true on many (most?) operating systems; Linux is actually
an outlier, and we mostly forget that it's the odd one out because it's so
popular. Off the top of my head, I believe both NT and Solaris define libc as
the stable interface that userspace uses; I don't recall exactly what the BSDs
do, but I suspect that they at least _strongly encourage_ using libc and not
trying to talk to the kernel yourself (IIRC OpenBSD does this because some of
their security measures are managed by libc). Go has hit this a few times
because they don't want to depend on libc if they can avoid it, but on a lot
of systems they really can't avoid it.

Ah, here we go:
[https://github.com/golang/go/issues/36435](https://github.com/golang/go/issues/36435)

> Upcoming changes to the OpenBSD kernel will prevent system calls from being
> made unless they are coming from libc.so (with some exceptions, for example,
> a static binary). There are also likely to be changes to the APIs used for
> system calls. As such, the Go runtime (and other packages) need to stop
> using direct syscalls, rather calling into libc functions instead (as has
> always been done for Solaris and now also for macOS).

(and the "with some exceptions" is why I say "strongly encouraged")

~~~
pjmlp
Only UNIX based OSes use libc as part of the stable interface, which on UNIXes
case actually means ISO C + POSIX.

On non-POSIX OSes like NT and plenty of others, libc is part of whatever
compiler one decides to use and as such not part of any OS interface as such.

On NT the stable OS APIs are provided via the OS personalities, meaning OS/2
(dead now), the old POSIX one (also dead and replaced by WSL), and Win32
(actually User, Kernel, GDI as the main ones), which as of Windows 8 and
MinWin refactoring is split into redirection dlls know as API sets,
[https://docs.microsoft.com/en-
us/windows/win32/apiindex/wind...](https://docs.microsoft.com/en-
us/windows/win32/apiindex/windows-apisets).

Which is why on code that never intends to be portable, you will see calls
like ZeroMemory instead of memset.

~~~
yjftsjthsd-h
Oh, interesting; I'd assumed that NT was just using libc as its stable ABI,
but on further reading it looks more like ntdll.dll (probably just for that
personality?). Similar concept, slightly different place. Still, my point was
that under the "Windows" personalities, you talk to a library, never directly
to the kernel.

EDIT: Found
[https://web.archive.org/web/20121224002314/http://netcode.cz...](https://web.archive.org/web/20121224002314/http://netcode.cz/img/83/nativeapi.html)
which if I'm reading right indicates that ntdll is indeed the bottom-layer
library that's allowed to actually talk to the kernel.

~~~
pjmlp
Yes, ntdll is the lowest level, but you aren't supposed to use it directly,
and if you do, well no one is going to help when a patch Tuesday or something
like that breaks the application.

The personality DLLs are the applications entry point with the kernel.

~~~
monocasa
Most of ntdll.dll is officially sanctioned at this point. It's officially
documented, and obviously plays into the backwards compat choices they make.

~~~
pjmlp
Not really, Windows Internals always refers to the few public ones as _" take
care when relying on this"_, very few entries do exist on MSDN or Technet, and
those that do exist are mostly tailored for device drivers scenarios.

------
loopz
I guess not many actually need to call linux kernel system calls directly
bypassing proper measures, but how many fondly remembers int 21h?

~~~
cellularmitosis
The thing I don't like using language like "proper" is that it creates a frame
of "good or bad", when in reality everything in tech is a trade-off, rather
than "good or bad".

~~~
loopz
Well put!

------
krackers
If you're interested in more detail: [https://0xax.gitbooks.io/linux-
insides/content/SysCall/linux...](https://0xax.gitbooks.io/linux-
insides/content/SysCall/linux-syscall-2.html)

------
jkingsbery
In grad school for Operating Systems class, one of our assignments was adding
a system call to the linux kernel. I found that a useful exercise - both
doable in a reasonable amount of time and also a way to learn a lot.

------
andrepd
18pt text, gray, thin.

Why?

