# System Calls
The boundary between user-space and kernel-space can be crossed using system calls (aka syscalls). These are the functions that are supported by the kernel. They can be split into some categories:
- filesystem management
- processes management
For example, to execute a binary file, the
execve syscall should be used.
We can see what system calls are invoked by any program by running
strace ls will show the system calls invoked by the
strace uses a ptrace (opens new window) system call to work.
System calls are not C functions. They don't use the call stack. Instead, we run them via interrupts on CPU. We have to set an appropriate number in registers, provide required arguments, and then we can invoke the interrupt. Linux kernel registers handler for that interrupt and it is able to act on the system call. That execution is the kernel-mode operation.
User-space programs can invoke system calls via abstraction provided by the standard C library (like glibc (opens new window), musl (opens new window), or other). Such a library covers the whole spectrum of syscalls that the kernel supports.
We can see which libc functions are being used by a program by using
libc implementations have a function
syscall which allows us to invoke the
syscall explicitly, without any additional "overhead". It could be useful if our
kernel supports some system call not covered by our version of libc.
An alternative would be to write the assembly code to invoke that system call.