System calls: What are system calls and why are they necessary?

Es­pe­cial­ly nowadays, operating systems have to provide users not only with the highest possible level of comfort, but also with maximum stability and security. That is why the de­vel­op­ers of systems like Linux or Windows endeavor to keep the risk of potential system com­pli­ca­tions as a result of un­in­ten­tion­al neg­li­gence or of targeted attacks from outside as low as possible. One of the most important steps taken to this end is the strict sep­a­ra­tion of the operation system core (the kernel) and ap­pli­ca­tion programs or user processes. The con­se­quence of this is that programs and processes that do not belong to the system have no direct access to the CPU and the memory, and instead rely on so-called system calls.

What exactly do these calls involve, and what kinds are there?

A system call, or syscall or short, is a method used by ap­pli­ca­tion programs to com­mu­ni­cate with the system core. In modern operating systems, this method is used if a user ap­pli­ca­tion or process needs to pass in­for­ma­tion onto the hardware, other processes or the kernel itself, or if it needs to read in­for­ma­tion from these sources. This makes these calls a link between user mode and kernel mode, the two key access and security modes for pro­cess­ing CPU commands in computer systems.

Until a system call has been processed and the data required has been trans­mit­ted or received, the system core takes control of the program or process, which will tem­porar­i­ly stop running. As soon as the action required by a system call is carried out, the kernel gives control back again, and the program code is continued from the point it had reached before the syscall was started.

The need for system calls is closely tied to the modern operating system model with user mode and kernel mode, which was im­ple­ment­ed as a response to the rising number of processes being carried out si­mul­ta­ne­ous­ly in computers’ main memory (working memory) In this way, each in­di­vid­ual process has its own data with special access per­mis­sions, and it is only possible for system and ap­pli­ca­tion programs to run properly if resources are divided up fairly.

The more priv­i­leged kernel mode is the pivotal control system here because – as mentioned already – not only are all services and processes in the system itself run there, but also system-critical actions by ap­pli­ca­tion programs that are blocked in user mode. One re­quire­ment is the right system call through the re­spec­tive program, which in most cases is simply for access to pro­cess­ing power (CPU) or memory struc­tures (working memory and hard drive space). If an ap­pli­ca­tion needs more computing power or storage space, for example, or an ap­pli­ca­tion-external file (open, read, edit, etc.) is required, system calls are essential.

As already mentioned, all system calls can es­sen­tial­ly be used as control units for the com­mu­ni­ca­tion between ap­pli­ca­tion processes and the operating system or the hardware. Es­tab­lished system calls can also be clas­si­fied into different cat­e­gories, though, whereby the following five clas­si­fi­ca­tion types are generally accepted:

• Process control: All processes in a computer system must be monitored so that they can be stopped at any time or be con­trolled by other processes. For this reason, system calls in this category monitor the start and running or the abortion of processes.
• File man­age­ment: This kind of system call is needed by ap­pli­ca­tion programs to gain access to typical file op­er­a­tions. These methods of file ma­nip­u­la­tion include ‘create’, ‘delete’, ‘open’, ‘close’, ‘write’ and ‘read’.
• Device man­age­ment: This category includes all system calls that request or manage hardware resources such as pro­cess­ing power or storage space.
• In­for­ma­tion main­te­nance: Processes are linked to a great deal of in­for­ma­tion that must be up-to-date and correct. To exchange or demand this in­for­ma­tion, ap­pli­ca­tion programs use system calls to manage and maintain in­for­ma­tion.
• Inter-process com­mu­ni­ca­tion: The operating system and the various active ap­pli­ca­tion programs are only guar­an­teed to interact smoothly if the in­di­vid­ual processes are well-co­or­di­nat­ed with one another. For this reason, com­mu­ni­ca­tion via relevant system calls is essential.

The extent to which the kinds of system calls listed can be made and im­ple­ment­ed depends primarily on the hardware used and the system ar­chi­tec­ture, but also on the operating system used. In Linux, for example, system calls are stored directly in the Linux core in the ‘system call table’. Each entry in this table is assigned a unique number and a certain function to be run in kernel mode. To execute any desired Linux system call, the re­spec­tive number is loaded in the CPU memory and then loaded with software interrupt 128 (a cue for a sub­func­tion of the operating system that in­ter­rupts the program running in user mode).

The process is similar in Windows systems, where a system call is always first converted in­ter­nal­ly, however: From a library function in the Windows API (WinAPI or short), a system call that can be read by the operating system is au­to­mat­i­cal­ly made with a unique number that refers to the desired function in kernel mode.

You can find some examples of specific Windows and Linux system calls in the following table: