X86 Assembly/Interfacing with Linux

System calls
System calls are the interface between user programs and the Linux kernel. They are used to let the kernel perform various system tasks, such as file access, process management and networking. In the C programming language, you would normally call a wrapper function which executes all required steps or even use high-level features such as the standard IO library.

On Linux, there are several ways to make a system call. This page will focus on making system calls by calling a software interrupt using  or. This is an easy and intuitive method of making system calls in assembly-only programs.

Making a system call
For making a system call using an interrupt, you have to pass all required information to the kernel by copying them into GPRs.

Each system call has a fixed number. Linux persistently guarantees backward compatibility, thus once a number was assigned to a system call it will never change. Ever.

You specify the system call by writing the number into the /  register.

Most system calls take parameters to perform their task. Those parameters are passed by writing them in the appropriate registers before making the actual call. Each parameter index has a specific register. See the tables in the subsections as the mapping differs between  and. Parameters are passed in the order they appear in the function signature of the corresponding C wrapper function. You may find system call functions and their signatures in every Linux ABI documentation, like the reference manual (type  to see the signature of the   system call).

After everything is set up correctly, you call the interrupt using  or   and the kernel performs the task.

The return / error value of a system call is written to /.

The kernel uses its own stack to perform the actions. The user stack is not touched in any way.

Via interrupt
On both Linux x86 and Linux x86_64 systems you can make a system call by calling interrupt  using the   instruction. Parameters are passed by setting the general purpose registers as following:

The system call numbers are described in the Linux generated file  or. The latter could also be present on your Linux system, just omit the.

All registers are preserved during a system call with  except , where the return value is stored.

Via dedicated system call invocation instruction
The x86_64 architecture introduced a dedicated instruction to make a system call. It does not access the interrupt descriptor table and is faster. Parameters are passed by setting the GPRs as following:

The syscall numbers are described in the Linux generated file. This file could also be present on your Linux system, just omit the.

All registers, except  and   (and the return value,  ), are preserved during the system call with.

Choice
In order to achieve maximum compatibility, on 64-bit platforms Linux clips input and output of system calls using the interrupt method. That means, for instance, you cannot pass, nor receive (complete) 64-bit address pointers on an x86-64 platform using the  method, because the upper 32 bits of all arguments and the result are zeroed. This usually aligns with the general preference of, since it is faster than an interrupt.

library call
In call of x86-64 Linux's C library functions, parameter 6 is passed on r9 and further parameters, onto the stack (in reverse order).

The caller can expect to find the return value of the subroutine in the register.

Examples
To summarize and clarify the information, let's have a look at a very simple example: the hello world program. It will write the text "Hello World" to stdout using the  syscall and quit the program using the   syscall.

Syscall signatures:

This is the C program which is implemented in assembly below:

Both examples start alike: a string stored in the data segment and  as a global symbol.

As defined in, the syscall numbers for   and   are:

The parameters are passed exactly as one would in a C program, using the correct registers. After everything is set up, the syscall is made using.

syscall
In, the syscall numbers are defined as following:

Parameters are passed just like in the  example, except that the order of the registers is different. The syscall is made using.

library call
Here is the C Prototype of an example library function.

Parameters are passed just like in the  example, except that the order of the registers is different.

Library function is declared at the beginning of the source file (and the path to the library, at compilation-linking time).

Note the last parameters of function, pushed into the stack, is done in reverse order.