In this guide you’ll find a full list of Linux syscalls along with their definition, parameters, and commonly used flags.

You can combine multiple flags by using a logical AND and passing the result to the argument in question.

Some notes about this guide:

• Calls that have been long depreciated or removed have been omitted.
• Items pertaining to outdated or infrequently used architectures (i.e. MIPS, PowerPC) are generally omitted.
• Structures are defined only once. If a struct is mentinoned and cannot be found in the syscall, please search the document for its definition.

Source materials include man pages, kernel source, and kernel development headers.

Table of Contents

• List of Linux Syscalls
• Table of Contents
  • read
  • write
  • open
    • open flags
  • close
  • stat
  • fstat
  • lstat
  • poll
  • lseek
    • whence flags
  • mmap
    • prot flags
    • flags
  • mprotect
    • prot flags
  • munmap
  • brk
  • rt_sigaction
  • rt_sigprocmask
    • how flags
  • rt_sigreturn
  • ioctl
  • pread64
  • pwrite64
  • readv
  • writev
  • access
  • pipe
  • select
  • sched_yield
  • mremap
    • flags
  • msync
    • flags
  • mincore
  • madvise
    • advice
  • shmget
    • shmflg
  • shmat
    • shmflg
  • shmctl
    • cmd
  • dup
  • dup2
  • pause
  • nanosleep
  • getitimer
    • which timers
  • alarm
  • setitimer
  • getpid
  • sendfile
  • socket
    • domain flags
    • type flags
  • connect
  • accept
  • sendto
    • flags
  • recvfrom
    • flags
  • sendmsg
  • recvmsg
  • shutdown
    • how
  • bind
  • listen
  • getsockname
  • getpeername
  • socketpair
  • setsockopt
  • getsockopt
  • clone
    • flags
  • fork
  • vfork
  • execve
  • exit
  • wait4
    • options
  • kill
  • getppid
  • uname
  • semget
  • semop
  • semctl
    • cmd
  • shmdt
  • msgget
  • msgsnd
    • msgflg
  • msgrcv
  • msgctl
    • cmd
  • fcntl
    • cmd
    • flock
    • f_owner_ex
  • flock
    • operation
  • fsync
  • fdatasync
  • truncate
  • ftruncate
  • getdents
    • types
  • getcwd
  • chdir
  • fchdir
  • rename
  • mkdir
  • rmdir
  • creat
  • link
  • unlink
  • symlink
  • readlink
  • chmod
  • fchmod
  • chown
  • fchown
  • lchown
  • umask
  • gettimeofday
  • getrlimit
    • resource flags
  • getrusage
    • who target
  • sysinfo
  • times
  • ptrace
    • request flags
  • getuid
  • syslog
    • type flag
  • getgid
  • setuid
  • setgid
  • geteuid
  • getegid
  • setpgid
  • getppid
  • getpgrp
  • setsid
  • setreuid
  • setregid
  • getgroups
  • setgroups
  • setresuid
  • setresgid
  • getresuid
  • getresgid
  • getpgid
  • setfsuid
  • setfsgid
  • getsid
  • capget
  • capset
  • rt_sigpending
  • rt_sigtimedwait
  • rt_sigqueueinfo
  • rt_sigsuspend
  • sigaltstack
  • utime
  • mknod
  • uselib
  • personality
  • ustat
  • statfs
  • fstatfs
  • sysfs
  • getpriority
    • which
  • setpriority
  • sched_setparam
  • sched_getparam
  • sched_setscheduler
    • policy
  • sched_getscheduler
  • sched_get_priority_max
  • sched_get_priority_min
  • sched_rr_get_interval
  • mlock
  • munlock
  • mlockall
    • flags
  • munlockall
  • vhangup
  • modify_ldt
  • pivot_root
  • prctl
    • option
  • arch_prctl
  • adjtimex
  • setrlimit
  • chroot
  • sync
  • acct
  • settimeofday
  • mount
    • mountflags
  • umount2
    • flags
  • swapon
    • swapflags
  • swapoff
  • reboot
    • arg
  • sethostname
  • setdomainname
  • iopl
  • ioperm
  • init_module
  • delete_module
    • flags
  • quotactl
    • cmd
  • gettid
  • readahead
  • setxattr
  • lsetxattr
  • fsetxattr
  • getxattr
  • lgetxattr
  • fgetxattr
  • listxattr
  • llistxattr
  • flistxattr
  • removexattr
  • lremovexattr
  • fremovexattr
  • tkill
  • time
  • futex
    • op
  • sched_setaffinity
  • sched_getaffinity
  • set_thread_area
  • io_setup
  • io_destroy
  • io_getevents
  • io_submit
  • io_cancel
  • get_thread_area
  • lookup_dcookie
  • epoll_create
  • getdents64
  • set_tid_address
  • restart_syscall
  • semtimedop
  • fadvise64
    • advice
  • timer_create
    • clockid
  • timer_settime
  • timer_gettime
  • timer_getoverrun
  • timer_delete
  • clock_settime
  • clock_gettime
  • clock_getres
  • clock_nanosleep
  • exit_group
  • epoll_wait
  • epoll_ctl
    • op
  • tgkill
  • utimes
  • mbind
    • mode
  • set_mempolicy
  • get_mempolicy
    • flags
  • mq_open
    • oflag
  • mq_unlink
  • mq_timedsend
  • mq_timedreceive
  • mq_notify
  • kexec_load
    • flags
  • waitid
    • options
  • add_key
    • keyring
  • request_key
  • keyctl
    • cmd
  • ioprio_set
    • which
  • ioprio_get
  • inotify_init
  • inotify_add_watch
  • inotify_rm_watch
  • migrate_pages
  • openat
  • mkdirat
  • mknodat
  • fchownat
  • unlinkat
  • renameat
  • linkat
  • symlinkat
  • readlinkat
  • fchmodat
  • faccessat
  • pselect6
  • ppoll
  • unshare
    • flags
  • set_robust_list
  • get_robust_list
  • splice
    • flags
  • tee
  • sync_file_range
    • flags
  • vmsplice
  • move_pages
    • flags
  • utimensat
  • epoll_pwait
  • signalfd
  • timerfd_create
  • eventfd
    • flags
  • fallocate
    • mode
  • timerfd_settime
  • timerfd_gettime
  • accept4
  • signalfd4
  • eventfd2
  • epoll_create1
  • dup3
  • pipe2
  • inotify_init1
  • preadv
  • pwritev
  • rt_tgsigqueueinfo
  • perf_event_open
    • flags
  • recvmmsg
  • fanotify_init
    • flags
    • event_f_flags
  • fanotify_mark
    • dirfd
    • flags
  • name_to_handle_at
  • open_by_handle_at
  • syncfs
  • sendmmsg
  • setns
    • nsflag
  • getcpu
  • process_vm_readv
  • process_vm_writev
  • kcmp
    • type flags
  • finit_module
    • flags

read

Reads from a specified file using a file descriptor. Before using this call, you must first obtain a file descriptor using the opensyscall. Returns bytes read successfully.

• fd – file descriptor
• buf – pointer to the buffer to fill with read contents
• count – number of bytes to read

write

Writes to a specified file using a file descriptor. Before using this call, you must first obtain a file descriptor using the open syscall. Returns bytes written successfully.

• fd – file descriptor
• buf – pointer to the buffer to write
• count – number of bytes to write

open

Opens or creates a file, depending on the flags passed to the call. Returns an integer with the file descriptor.

• pathname – pointer to a buffer containing the full path and filename
• flags – integer with operation flags (see below)
• mode – (optional) defines the permissions mode if file is to be created

open flags

• O_APPEND – append to existing file
• O_ASYNC – use signal-driven IO
• O_CLOEXEC – use close-on-exec (avoid race conditions and lock contentions)
• O_CREAT – create file if it doesn’t exist
• O_DIRECT – bypass cache (slower)
• O_DIRECTORY – fail if pathname isn’t a directory
• O_DSYNC – ensure output is sent to hardware and metadata written before return
• O_EXCL – ensure creation of file
• O_LARGEFILE – allows use of file sizes represented by off64_t
• O_NOATIME – do not increment access time upon open
• O_NOCTTY – if pathname is a terminal device, don’t become controlling terminal
• O_NOFOLLOW – fail if pathname is symbolic link
• O_NONBLOCK – if possible, open file with non-blocking IO
• O_NDELAY – same as O_NONBLOCK
• O_PATH – open descriptor for obtaining permissions and status of a file but does not allow read/write operations
• O_SYNC – wait for IO to complete before returning
• O_TMPFILE – create an unnamed, unreachable (via any other open call) temporary file
• O_TRUNC – if file exists, ovewrite it (careful!)

close

Close a file descriptor. After successful execution, it can no longer be used to reference the file.

• fd – file descriptor to close

stat

Returns information about a file in a structure named stat.

• path – pointer to the name of the file
• buf – pointer to the structure to receive file information

On success, the buf structure is filled with the following data:

struct stat {
    dev_t     st_dev;     /* device ID of device with file */
    ino_t     st_ino;     /* inode */
    mode_t    st_mode;    /* permission mode */
    nlink_t   st_nlink;   /* number of hard links to file */
    uid_t     st_uid;     /* owner user ID */
    gid_t     st_gid;     /* owner group ID */
    dev_t     st_rdev;    /* device ID (only if device file) */
    off_t     st_size;    /* total size (bytes) */
    blksize_t st_blksize; /* blocksize for I/O */
    blkcnt_t  st_blocks;  /* number of 512 byte blocks allocated */
    time_t    st_atime;   /* last access time */
    time_t    st_mtime;   /* last modification time */
    time_t    st_ctime;   /* last status change time */
};

fstat

Works exactly like the stat syscall except a file descriptor (fd) is provided instead of a path.

• fd – file descriptor
• buf – pointer to stat buffer (described in stat syscall)

Return data in buf is identical to the stat call.

lstat

Works exactly like the stat syscall, but if the file in question is a symbolic link, information on the link is returned rather than its target.

• path – full path to file
• buf – pointer to stat buffer (described in stat syscall)

Return data in buf is identical to the stat call.

poll

Wait for an event to occur on the specified file descriptor.

• fds – pointer to an array of pollfd structures (described below)
• nfds – number of pollfd items in the fds array
• timeout – sets the number of milliseconds the syscall should block (negative forces poll to return immediately)

struct pollfd {
    int   fd;         /* file descriptor */
    short events;     /* events requested for polling */
    short revents;    /* events that occurred during polling */
};

lseek

This syscall repositions the read/write offset of the associated file descriptor. Useful for setting the position to a specific location to read or write starting from that offset.

• fd – file descriptor
• offset – offset to read/write from
• whence – specifies offset relation and seek behavior

whence flags

• SEEK_SET – offset is the absolute offset position in the file
• SEEK_CUR – offset is the current offset location plus offset
• SEEK_END – offset is the file size plus offset
• SEEK_DATA – set offset to next location greater or equal to offset that contains data
• SEEK_HOLE – set offset to next hole in file great or equal to offset

Returns resulting offset in bytes from the start of the file.

mmap

Maps files or devices into memory.

• addr – location hint for mapping location in memory, otherwise, if NULL, kernel assigns address
• length – length of the mapping
• prot – specifies memory protection of the mapping
• flags – control visibility of mapping with other processes
• fd – file descriptor
• offset – file offset

Returns a pointer to the mapped file in memory.

prot flags

• PROT_EXEC – allows execution of mapped pages
• PROT_READ – allows reading of mapped pages
• PROT_WRITE – allows mapped pages to be written
• PROT_NONE – prevents access of mapped pages

flags

• MAP_SHARED – allows other processes to use this mapping
• MAP_SHARED_VALIDATE – same as MAP_SHARED but ensures all flags are valid
• MAP_PRIVATE – prevents other processes from using this mapping
• MAP_32BIT – tells the kernel to locate mapping in the first 2 GB of RAM
• MAP_ANONYMOUS – lets the mapping not be backed by any file (thus ignoring
  fd

  )

• MAP_FIXED – treats addr argument as an actual address and not a hint
• MAP_FIXED_NOREPLACE – same as MAP_FIXED but prevents clobbering existing mapped ranges
• MAP_GROWSDOWN – tells the kernel to expand mapping downward in RAM (useful for stacks)
• MAP_HUGETB – forces use of huge pages in mapping
• MAP_HUGE_1MB – use with MAP_HUGETB to set 1 MB pages
• MAP_HUGE_2MB – use with MAP_HUGETB to set 2 MB pages
• MAP_LOCKED – maps the region to be locked (similar behavior to mlock)
• MAP_NONBLOCK – prevents read-ahead for this mapping
• MAP_NORESERVE – prevents allocation of swap space for this mappining
• MAP_POPULATE – tells the kernel to populate page tables for this mapping (causing read-ahead)
• MAP_STACK – tells the kernel to allocate address suitable for use in a stack
• MAP_UNINITIALIZED – prevents clearing of anonymous pages

mprotect

Sets or adjusts protection on a region of memory.

• addr – pointer to region in memory
• prot – protection flag

Returns zero when successful.

prot flags

• PROT_NONE – prevents access to memory
• PROT_READ – allows reading of memory
• PROT_EXEC – allows execution of memory
• PROT_WRITE – allows memory to be modified
• PROT_SEM – allows memory to be used in atomic operations
• PROT_GROWSUP – sets protection mode upward (for arcitectures that have stack that grows upward)
• PROT_GROWSDOWN – sets protection mode downward (useful for stack memory)

munmap

Unmaps mapped files or devices.

• addr – pointer to mapped address
• len – size of mapping

Returns zero when successful.

brk

Allows for altering the program break that defines end of process’s data segment.

• addr – new program break address pointer

Returns zero when successful.

rt_sigaction

Change action taken when process receives a specific signal (except SIGKILL and SIGSTOP).

• signum – signal number
• act – structure for the new action
• oldact – structure for the old action

struct sigaction {
    void     (*sa_handler)(int);
    void     (*sa_sigaction)(int, siginfo_t *, void *);
    sigset_t   sa_mask;
    int        sa_flags;
    void     (*sa_restorer)(void);
};

siginfo_t {
    int      si_signo;      /* signal number */
    int      si_errno;      /* errno value */
    int      si_code;       /* signal code */
    int      si_trapno;     /* trap that caused hardware signal (unusued on most architectures) */
    pid_t    si_pid;        /* sending PID */
    uid_t    si_uid;        /* real UID of sending program */
    int      si_status;     /* exit value or signal */
    clock_t  si_utime;      /* user time consumed */
    clock_t  si_stime;      /* system time consumed */
    sigval_t si_value;      /* signal value */
    int      si_int;        /* POSIX.1b signal */
    void    *si_ptr;        /* POSIX.1b signal */
    int      si_overrun;    /* count of timer overrun */
    int      si_timerid;    /* timer ID */
    void    *si_addr;       /* memory location that generated fault */
    long     si_band;       /* band event */
    int      si_fd;         /* file descriptor */
    short    si_addr_lsb;   /* LSB of address */
    void    *si_lower;      /* lower bound when address vioation occured */
    void    *si_upper;      /* upper bound when address violation occured */
    int      si_pkey;       /* protection key on PTE causing faut */
    void    *si_call_addr;  /* address of system call instruction */
    int      si_syscall;    /* number of attempted syscall */
    unsigned int si_arch;   /* arch of attempted syscall */
}

rt_sigprocmask

Retreive and/or set the signal mask of the thread.

• how – flag to determine call behavior
• set – new signal mask (NULL to leave unchanged)
• oldset – previous signal mask

Returns zero upon success.

how flags

• SIG_BLOCK – set mask to block according to set
• SIG_UNBLOCK – set mask to allow according to set
• SIG_SETMASK – set mask to set

rt_sigreturn

Return from signal handler and clean the stack frame.

ioctl

Set parameters of device files.

• d – open file descriptor the device file
• request – request code
• ... – untyped pointer

Returns zero upon success in most cases.

pread64

Read from file or device starting at a specific offset.

• fd – file descriptor
• buf – pointer to read buffer
• count – bytes to read
• offset – offset to read from

Returns bytes read.

pwrite64

Write to file or device starting at a specific offset.

• fd – file descriptor
• buf – pointer to buffer
• count – bytes to write
• offset – offset to start writing

Returns bytes written.

readv

Read from file or device into multiple buffers.

• fd – file descriptor
• iov – pointer to iovec structue
• iovcnt – number of buffers (described by iovec)

struct iovec {
    void  *iov_base;    /* Starting address */
    size_t iov_len;     /* Number of bytes to transfer */
};

Returns bytes read.

writev

Write to file or device from multiple buffers.

• fd – file descriptor
• iov – pointer to iovec structue
• iovcnt – number of buffers (described by iovec)

struct iovec {
    void  *iov_base;    /* Starting address */
    size_t iov_len;     /* Number of bytes to transfer */
};

Returns bytes written.

access

Check permissions of current user for a specified file or device.

• pathname – file or device
• mode – permissions check to perform

Returns zero on success.

pipe

Create a pipe.

• pipefd – array of file descriptors with two ends of the pipe

Returns zero on success.

select

Wait for file descriptors to become ready for I/O.

• nfds – number of file desctipros to monitor (add 1)
• readfds – fixed buffer with list of file descriptors to wait for read access
• writefds – fixed buffer with list of file descriptors to wait for write access
• exceptfds – fixed buffer with list of file descriptors to wait for exceptional conditions
• timeout – timeval structure with time to wait before returning

typedef struct fd_set {
    u_int  fd_count;
    SOCKET fd_array[FD_SETSIZE];
} 

struct timeval {
	   long    tv_sec;         /* seconds */
	   long    tv_usec;        /* microseconds */
};

Returns number of file descriptors, or zero if timeout occurs.

sched_yield

Yield CPU time back to the kernel or other processes.

Returns zero on success.

mremap

Shrink or enlarge a memory region, possibly moving it in the process.

• old_address – pointer to the old address to remap
• old_size – size of old memory region
• new_size – size of new memory region
• flags – define additional behavior

flags

• MREMAP_MAYMOVE – allow the kernel to move the region if there isn’t enough room (default)
• MREMAP_FIXED – move the mapping (must also specify MREMAP_MAYMOVE)

msync

Syncronize a memory-mapped file previously mapped with mmap.

• addr – address of memoy mapped file
• length – length of memory mapping
• flags – define additional behavior

flags

• MS_ASYNC – schedule sync but return immediately
• MS_SYNC – wait until sync is complete
• MS_INVALIDATE – invalidate other mappings of same file

Returns zero on success.

mincore

Check if pages are in memory.

• addr – address of memory to check
• length – length of memory segment
• vec – pointer to array sized to (length+PAGE_SIZE-1) / PAGE_SIZE that is clear if page is in memory

Returns zero, but vec must be referenced for presence of pages in memory.

madvise

Advise kernel on how to use a given memory segment.

• addr – address of memory
• length – length of segment
• advice – advice flag

advice

• MADV_NORMAL – no advice (default)
• MADV_RANDOM – pages can be in random order (read-ahead performance may be hampered)
• MADV_SEQUENTIAL – pages should be in sequential order
• MADV_WILLNEED – will need pages soon (hinting to kernel to schedule read-ahead)
• MADV_DONTNEED – do not need anytime soon (discourages read-ahead)

shmget

Allocate System V shared memory segment.

• key – an identifier for the memory segment
• size – length of memory segment
• shmflg – behavior modifier flag

shmflg

• IPC_CREAT – create a new segment
• IPC_EXCL – ensure creation happens, else call will fail
• SHM_HUGETLB – use huge pages when allocating segment
• SHM_HUGE_1GB – use 1 GB hugetlb size
• SHM_HUGE_2M – use 2 MB hugetlb size
• SHM_NORESERVE – do not reserve swap space for this segment

shmat

Attach shared memory segment to calling process’s memory space.

• shmid – shared memory segment id
• shmaddr – shared memory segment address
• shmflg – define additional behavior

shmflg

• SHM_RDONLY – attach segment as read-only
• SHM_REMAP – replace exiting mapping

shmctl

Get or set control details on shared memory segment.

• shmid – shared memory segment id
• cmd – command flag
• buf – shmid_ds structure buffer for return or set parameters

struct shmid_ds {
    struct ipc_perm shm_perm;    /* Ownership and permissions */
    size_t          shm_segsz;   /* Size of shared segment (bytes) */
    time_t          shm_atime;   /* Last attach time */
    time_t          shm_dtime;   /* Last detach time */
    time_t          shm_ctime;   /* Last change time */
    pid_t           shm_cpid;    /* PID of shared segment creator */
    pid_t           shm_lpid;    /* PID of last shmat(2)/shmdt(2) syscall */
    shmatt_t        shm_nattch;  /* Number of current attaches */
    ...
};

struct ipc_perm {
    key_t          __key;    /* Key providedto shmget */
    uid_t          uid;      /* Effective UID of owner */
    gid_t          gid;      /* Effective GID of owner */
    uid_t          cuid;     /* Effective UID of creator */
    gid_t          cgid;     /* Effective GID of creator */
    unsigned short mode;     /* Permissions and SHM_DEST + SHM_LOCKED flags */
    unsigned short __seq;    /* Sequence */
 };

Successful IPC_INFO or SHM_INFO syscalls return index of highest used entry in the kernel’s array of shared memory segments. Successful SHM_STAT syscalls return id of memory segment provided in shmid. Everything else returns zero upon success.

cmd

• IPC_STAT – get shared memory segment info and place in buffer
• IPC_SET – set shared memory segment parameters defined in buffer
• IPC_RMID – mark shared memory segment to be removed

dup

Duplicate file desciptor.

• oldfd – file descriptor to copy

Returns new file descriptor.

dup2

Same as dup except dup2 uses file descriptor number specified in newfd.

• oldfd – file descriptor to copy
• newfd – new file descriptor

pause

Wait for a signal, then return.

Returns -1 when signal received.

nanosleep

Same as sleep but with time specified in nanoseconds.

• req – pointer to syscall argument structure
• rem – pointer to structure with remaining time if interrupted by signal

struct timespec {
    time_t tv_sec;        /* time in seconds */
    long   tv_nsec;       /* time in nanoseconds */
};

Returns zero upon successful sleep, otherwise time elapsed is copied into rem structure.

getitimer

Get value from an interval timer.

• which – which kind of timer
• curr_value – pointer to itimerval structure with argument details

struct itimerval {
    struct timeval it_interval; /* Interval for periodic timer */
    struct timeval it_value;    /* Time until next expiration */
 };

Returns zero on success.

which timers

• ITIMER_REAL – timer uses real time
• ITIMER_VIRTUAL – timer uses user-mode CPU execution time
• ITIMER_PROF – timer uses both user and system CPU execution time

alarm

Set an alarm for delivery of signal SIGALRM.

• seconds – send SIGALRM in x seconds

Returns number of seconds remaining until a previously set alarm will trigger, or zero if no alarm was previously set.

setitimer

Create or destroy alarm specified by which.

• which – which kind of timer
• new_value – pointer to itimerval structure with new timer details
• old_value – if not null, pointer to itimerval structure with previous timer details

struct itimerval {
    struct timeval it_interval; /* Interval for periodic timer */
    struct timeval it_value;    /* Time until next expiration */
 };

Returns zero on success.

getpid

Get PID of current process.

Returns the PID of the process.

sendfile

Transfer data between two files or devices.

• out_fd – file descriptor for destination
• in_fd – file descriptor for source
• offset – position to begin read
• count – bytes to copy

Returns bytes written.

socket

Create an endpoint for network communication.

• domain – flag specifying type of socket
• type – flag specifying socket specifics
• protocol – flag specifying protocol for communication

domain flags

• AF_UNIX – Local communication
• AF_LOCAL – Same as AF_UNIX
• AF_INET – IPv4 Internet protocol
• AF_AX25 – Amateur radio AX.25 protocol
• AF_IPXIPX – Novell protocols
• AF_APPLETALK – AppleTalk
• AF_X25 – ITU-T X.25 / ISO-8208 protocol
• AF_INET6 – IPv6 Internet protocol
• AF_DECnet – DECet protocol sockets
• AF_KEYKey – IPsec management protocol
• AF_NETLINK – Kernel user interface device
• AF_PACKET – Low-level packet interface
• AF_RDS – Reliable Datagram Sockets (RDS)
• AF_PPPOX – Generic PPP transport layer for L2 tunnels (L2TP, PPPoE, etc.)
• AF_LLC – Logical link control (IEEE 802.2 LLC)
• AF_IB – InfiniBand native addressing
• AF_MPLS – Multiprotocol Label Switching
• AF_CAN – Controller Area Network automotive bus protocol
• AF_TIPC – TIPC (cluster domain sockets)
• AF_BLUETOOTH – Bluetooth low-level socket protocol
• AF_ALG – Interface to kernel cryptography API
• AF_VSOCK – VSOCK protocol for hypervisor-guest communication (VMWare, etc.)
• AF_KCMKCM – Kernel connection multiplexor interface
• AF_XDPXDP – Express data path interface

type flags

• SOCK_STREAM – sequenced, reliable byte streams
• SOCK_DGRAM – datagrams (connectionless and unreliable messages, fixed maximum length)
• SOCK_SEQPACKET – sequenced, reliable transmission for datagrams
• SOCK_RAW– raw network protocol access
• SOCK_RDM – reliable datagram layer with possible out-of-order transmission
• SOCK_NONBLOCK – socket is non-blocking (avoid extra calls to fcntl)
• SOCK_CLOEXEC – set close-on-exec flag

Returns file descriptor on success.

connect

Connect to a socket.

• sockfd – socket file descriptor
• addr – pointer to socket address
• addrlen – size of address

Returns zero on success.

accept

Accept connection on socket.

• sockfd – socket file descriptor
• addr – pointer to socket address
• addrlen – size of address

Returns file descriptor of accepted socket on success.

sendto

Send message on a socket.

• sockfd – socket file descriptor
• buf – buffer with message to send
• len – length of message
• flags – additional parameters

flags

• MSG_CONFIRM – informs link layer a reply has been received
• MSG_DONTROUTE – do not use gateway in transmission of packet
• MSG_DONTWAIT – perform non-blocking operation
• MSG_EOR – end of record
• MSG_MORE – more data to send
• MSG_NOSIGNAL – do not generate SIGPIPE signal if peer closed connection
• MSG_OOB – sends out-of-band data on supported sockets and protocols

recvfrom

Receive message from socket.

• sockfd – socket file descriptor
• buf – buffer to receive message
• size – size of buffer
• flags – additional parameters
• src_addr – pointer to source address
• addrlen – length of source address.

flags

• MSG_CMSG_CLOEXEC – set close-on-exec flag for socket file descriptor
• MSG_DONTWAIT – perform operation in a non-blocking manner
• MSG_ERRQUEUE – queued errors should be received in socket error queue

Returns bytes received successfully.

sendmsg

Similar to the sendto syscall but allows sending additional data via the msg argument.

• sockfd – socket file descriptor
• msg – pointer to msghdr structure with message to send (with headers)
• flags– same as sendto syscall

struct msghdr {
    void         *msg_name;       /* optional address */
    socklen_t     msg_namelen;    /* address size */
    struct iovec *msg_iov;        /* scatter/gather array */
    size_t        msg_iovlen;     /* number of array elements in msg_iov */
    void         *msg_control;    /* ancillary data */
    size_t        msg_controllen; /* ancillary data length */
    int           msg_flags;      /* flags on received message */
};

recvmsg

Receive message from socket.

• sockfd – socket file descriptor
• msg – pointer to msghdr structure (defined in sendmsg above) to receive
• flags – define additional behavior (see sendto syscall)

shutdown

Shut down full-duplex connection of a socket.

• sockfd – socket file descriptor
• how – flags definining additional behavior

Returns zero on success.

how

• SHUT_RD – prevent further receptions
• SHUT_WR – prevent further transmissions
• SHUT_RDWR – prevent further reception and transmission

bind

Bind name to a socket.

• sockfd – socket file descriptor
• addr – pointer to sockaddr structure with socket address
• addrlen – length of address

struct sockaddr {
    sa_family_t sa_family;
    char        sa_data[14];
}

Returns zero on success.

listen

Listen on a socket for connections.

• sockfd – socket file descriptor
• backlog – maximum length for pending connection queue

Returns zero on success.

getsockname

Get socket name.

• sockfd – socket file descriptor
• addr – pointer to buffer where socket name will be returned
• addrlen – length of buffer

Returns zero on success.

getpeername

Get the name of the connected peer socket.

• sockfd – socket file descriptor
• addr – pointer to buffer where peer name will be returned
• addrlen – length of buffer

Returns zero on success.

socketpair

Create pair of sockets already connected.

Arguments are identical to socket syscall except fourth argument (sv) is an integer array that is filled with the two socket descriptors.

Returns zero on success.

setsockopt

Set options on a socket.

• sockfd – socket file descriptor
• optname – option to set
• optval – pointer to the value of the option
• optlen – length of option

Returns zero on success.

getsockopt

Get current options of a socket.

• sockfd – socket file descriptor
• optname – option to get
• optval – pointer to receive option value
• optlen – length of option

Returns zero on success.

clone

Create child process.

• fd – pointer to initial execution address
• stack – pointer to child process’s stack
• flag – define behavior of clone syscall
• arg – pointer to arguments for child process

flags

• CLONE_CHILD_CLEARTID – clear id of child thread at location referenced by child_tld
• CLONE_CHILD_SETTID – store id of child thread at location referenced by child_tid
• CLONE_FILES – parent and child process share same file descriptors
• CLONE_FS – parent and child process share same filesystem information
• CLONE_IO – child process shares I/O context with parent
• CLONE_NEWCGROUP – child is created in new cgroup namespace
• CLONE_NEWIPC – child process created in new IPC namespace
• CLONE_NEWNET – create child in new network namespace
• CLONE_NEWNS – create child in new mount namespace
• CLONE_NEWPID – create child in new PID namespace
• CLONE_NEWUSER – create child in new user namespace
• CLONE_NEWUTS – create child process in new UTS namespace
• CLONE_PARENT – child is clone of the calling process
• CLONE_PARENT_SETTID – store id of child thread at location referenced by parent_tid
• CLONE_PID – child process is created with same PID as parent
• CLONE_PIDFD – PID file descriptor of child process is placed in parent’s memory
• CLONE_PTRACE – if parent process is traced, trace child as well
• CLONE_SETTLS – thread local storage (TLS) descriptor is set to TLS
• CLONE_SIGHAND – parent and child share signal handlers
• CLONE_SYSVSEM – child and parent share same System V semaphore adjustment values
• CLONE_THREAD – child is created in same thread group as parent
• CLONE_UNTRACED – if parent is traced, child is not traced
• CLONE_VFORK – parent process is suspended until child calls execve or _exit
• CLONE_VM – parent and child run in same memory space

fork

Create child process.

Returns PID of child process.

vfork

Create child process without copying page tables of parent process.

Returns PID of child process.

execve

Execute a program.

• pathname – path to program to run
• argv – pointer to array of arguments for program
• envp – pointer to array of strings (in key=value format) for the environment

Does not return on success, returns -1 on error.

exit

Terminate calling process.

• status – status code to return to parent

Does not return a value.

wait4

Wait for a process to change state.

• pid – PID of process
• wstatus – status to wait for
• options – options flags for call
• rusage – pointer to structure with usage about child process filled on return

Returns PID of terminated child.

options

• WNOHANG – return if no child exited
• WUNTRACED – return if child stops (but not traced with ptrace)
• WCONTINUED – return if stopped child resumed with SIGCONT
• WIFEXITED – return if child terminates normally
• WEXITSTATUS – return exit status of child
• WIFSIGNALED – return true if child was terminated with signal
• WTERMSIG – return number of signal that caused child to terminate
• WCOREDUMP – return true if child core dumped
• IFSTOPPED – return true if child was stopped by signal
• WSTOPSIG – returns signal number that caused child to stop
• WIFCONTINUED – return true if child was resumed with SIGCONT

kill

Send a signal to process.

• pid – PID of process
• sig – number of signal to send to process

Return zero on success.

getppid

Get PID of parent’s calling process.

Returns the PID of parent of calling process.

uname

Get information about the kernel.

• buf – pointer to utsname structure to receive information

Return zero on success.

struct utsname {
    char sysname[];    /* OS name (i.e. "Linux") */
    char nodename[];   /* node name */
    char release[];    /* OS release (i.e. "4.1.0") */
    char version[];    /* OS version */
    char machine[];    /* hardware identifer */
    #ifdef _GNU_SOURCE
        char domainname[]; /* NIS or YP domain name */
    #endif
};

semget

Get System V semaphore set identifier.

• key – key of identifier to retreive
• nsems – number of semaphores per set
• semflg – semaphore flags

Returns value of semaphore set identifier.

semop

Perform operation on specified semampore(s).

• semid – id of semaphore
• sops – pointer to sembuf structure for operations
• nsops – number of operations

struct sembuf {
    ushort  sem_num;        /* semaphore index in array */
    short   sem_op;         /* semaphore operation */
    short   sem_flg;        /* flags for operation */
};

Return zero on success.

semctl

Perform control operation on semaphore.

• semid – semaphore set id
• semnum – number of semaphor in set
• cmd – operation to perform

Optional fourth argument is a semun structure:

union semun {
    int              val;    /* SETVAL value */
    struct semid_ds *buf;    /* buffer for IPC_STAT, IPC_SET */
    unsigned short  *array;  /* array for GETALL, SETALL */
    struct seminfo  *__buf;  /* buffer for IPC_INFO */
};

Returns non-negative value corresponding to cmd flag on success, or -1 on error.

cmd

• IPC_STAT – copy information from kernel associated with semid into semid_ds referenced by arg.buf
• IPC_SET – write values of semid_ds structure referenced by arg.buf
• IPC_RMID – remove semaphore set
• IPC_INFO – get information about system semaphore limits info seminfo structure
• SEM_INFO – return seminfo structure with same info as IPC_INFO except some fields are returned with info about resources consumed by semaphores
• SEM_STAT – return semid_ds structure like IPC_STAT but semid argument is index into kernel’s semaphore array
• SEM_STAT_ANY – return seminfo structure with same info as SEM_STAT but sem_perm.mode isn’t checked for read permission
• GETALL – return semval for all semaphores in set specified by semid into arg.array
• GETNCNT – return value of semncnt for the semaphore of the set indexed by semnum
• GETPID – return value of sempid for the semaphore of the set indexed by semnum
• GETVAL – return value of semval for the semaphore of the set indexed by semnum
• GETZCNT – return value of semzcnt for the semaphore of the set indexed by semnum
• SETALL – set semval for all the semaphores set using arg.array
• SETVAL – set value of semval to arg.val for the semaphore of the set indexed by semnum

shmdt

Detach shared memory segment referenced by shmaddr.

• shmaddr – address of shared memory segment to detach

Return zero on success.

msgget

Get System V message queue identifier.

• key – message queue identifier
• msgflg – if IPC_CREAT and IPC_EXCL are specified and queue exists for key, then msgget fails with return error set to EEXIST

Return message queue identifier.

msgsnd

Send a message to a System V message queue.

• msqid – message queue id
• msgp – pointer to msgbuf structure
• msgsz – size of msgbuf structure
• msgflg – flags defining specific behavior

struct msgbuf {
    long mtype;       /* msg type, must be greater than zero */
    char mtext[1];    /* msg text */
};

Returns zero on success or otherwise modified by msgflg.

msgflg

• IPC_NOWAIT – return immediately if no message of requested type in queue
• MSG_EXCEPT – use with msgtyp > 0 to read first message in queue with type different from msgtyp
• MSG_NOERROR – truncate message text if longer than msgsz bytes

msgrcv

Receive message from a system V message queue.

• msqid – message queue id
• msgp – pointer to msgbuf structure
• msgsz – size of msgbuf structure
• msgtyp – read first msg if 0, read first msg of msgtyp if > 0, or if negative, read first msg in queue with type less or equal to absolute value of msgtyp
• msgflg – flags defining specific behavior

struct msgbuf {
    long mtype;       /* msg type, must be greater than zero */
    char mtext[1];    /* msg text */
};

Returns zero on success or otherwise modified by msgflg.

msgctl

System V message contol.

• msqid – message queue id
• cmd – command to execute
• buf – pointer to buffer styled in msqid_ds

struct msqid_ds {
    struct ipc_perm msg_perm;     /* ownership/permissions */
    time_t          msg_stime;    /* last msgsnd(2) time */
    time_t          msg_rtime;    /* last msgrcv(2) time */
    time_t          msg_ctime;    /* last change time */
    unsigned long   __msg_cbytes; /* bytes in queue */
    msgqnum_t       msg_qnum;     /* messages in queue */
    msglen_t        msg_qbytes;   /* max bytes allowed in queue
    pid_t           msg_lspid;    /* PID of last msgsnd(2) */
    pid_t           msg_lrpid;    /* PID of last msgrcv(2) */
};

struct msginfo {
    int msgpool; /* kb of buffer pool used */
    int msgmap;  /* max # of entries in message map */
    int msgmax;  /* max # of bytes per single message */
    int msgmnb;  /* max # of bytes in the queue */
    int msgmni;  /* max # of message queues */
    int msgssz;  /* message segment size */
    int msgtql;  /* max # of messages on queues */
    unsigned short int msgseg; /* max # of segments unused in kernel */
};

Returns zero on successor modified return value based on cmd.

cmd

• IPC_STAT – copy data structure from kernel by msqid into msqid_ds structure referenced by buf
• IPC_SET – update msqid_ds structure referenced by buf to kernel, updating its msg_ctime
• IPC_RMID – remove message queue
• IPC_INFO – returns information about message queue limits into msginfo structure referenced by buf
• MSG_INFO – same as IPC_INFO except msginfo structure is filled with usage vs. max usage statistics
• MSG_STAT – same as IPC_STAT except msqid is a pointer into kernel’s internal array

fcntl

Manipulate a file descriptor.

• fd – file descriptor
• cmd – cmd flag
• /* arg */ – additional parameters based on cmd

Return value varies based on cmd flags.

cmd

Parameters in () is the optional /* arg */ with specified type.

• F_DUPFD – find lowest numbered file descriptor greater or equal to (int) and duplicate it, returning new file descriptor
• F_DUPFD_CLOEXEC – same as F_DUPFD but sets close-on-exec flag
• F_GETFD – return file descriptor flags
• F_SETFD – set file descriptor flags based on (int)
• F_GETFL – get file access mode
• F_SETFL – set file access mode based on (int)
• F_GETLK – get record locks on file (pointer to struct flock)
• F_SETLK – set lock on file (pointer to struct flock)
• F_SETLKW – set lock on file with wait (pointer to struct flock)
• F_GETOWN – return process id receiving SIGIO and SIGURG
• F_SETOWN – set process id to receive SIGIO and SIGURG (int)
• F_GETOWN_EX – return file descriptor owner settings (struct f_owner_ex *)
• F_SETOWN_EX – direct IO signals on file descriptor (struct f_owner_ex *)
• F_GETSIG – return signal sent when IO is available
• F_SETSIG – set signal sent when IO is available (int)
• F_SETLEASE – obtain lease on file descriptor (int), where arg is F_RDLCK, F_WRLCK, and F_UNLCK
• F_GETLEASE – get current lease on file descriptor (F_RDLCK, F_WRLCK, or F_UNLCK are returned)
• F_NOTIFY – notify when dir referenced by file descriptor changes (int) (DN_ACCESS, DN_MODIFY, DN_CREATE, DN_DELETE, DN_RENAME, DN_ATTRIB are returned)
• F_SETPIPE_SZ – change size of pipe referenced by file descriptor to (int) bytes
• F_GETPIPE_SZ – get size of pipe referenced by file descriptor

flock

struct flock {
    ...
    short l_type;    /* lock type: F_RDLCK, F_WRLCK, or F_UNLCK */
    short l_whence;  /* interpret l_start with SEEK_SET, SEEK_CUR, or SEEK_END */
    off_t l_start;   /* offset for lock */
    off_t l_len;     /* bytes to lock */
    pid_t l_pid;     /* PID of blocking process (F_GETLK only) */
    ...
};

f_owner_ex

struct f_owner_ex {
    int   type;
    pid_t pid;
};

flock

Apply or remove advisory lock on open file

• fd – file descriptor
• operation – operaton flag

Returns zero on success.

operation

• LOCK_SH – place shared lock
• LOCK_EX – place exclusive lock
• LOCK_UN – remove existing lock

fsync

Sync file’s data and metadata in memory to disk, flushing all write buffers and completes pending I/O.

• fd – file descriptor

Returns zero on success.

fdatasync

Sync file’s data (but not metadata, unless needed) to disk.

• fd – file descriptor

Returns zero on success.

truncate

Truncate file to a certain length.

• path – pointer to path of file
• length – length to truncate to

Returns zero on success.

ftruncate

Truncate file descriptor to a certain length.

• fd – file descriptor
• length – length to truncate to

Returns zero on success.

getdents

Get directory entries from a specified file descriptor.

• fd – file descriptor of directory
• dirp – pointer to linux_dirent structure to receive return values
• count – size of dirp buffer

Returns bytes read on success.

struct linux_dirent {
    unsigned long  d_ino;     /* number of inode */
    unsigned long  d_off;     /* offset to next linux_dirent */
    unsigned short d_reclen;  /* length of this linux_dirent */
    char           d_name[];  /* filename (null terminated) */
    char           pad;       /* padding byte */
    char           d_type;    /* type of file (see types below) */
}

types

• DT_BLK – block device
• DT_CHR – char device
• DT_DIR – directory
• DT_FIFO – FIFO named pipe
• DT_LNK – symlink
• DT_REG – regular file
• DT_SOCK – UNIX socket
• DT_UNKNOWN – unknown

getcwd

Get current working directory

• buf – pointer to buffer to receive path
• size – size of buf

Returns pointer to string containing current working directory.

chdir

Change the current directory.

• path – pointer to string with name of path

Returns zero on success.

fchdir

Change to the current directory specified by supplied file descriptor.

• fd – file descriptor

Returns zero on success.

rename

Rename or move a file.

• oldpath – pointer to string with old path/name
• newpath – pointer to string with new path/name

Returns zero on success.

mkdir

Make a directory.

• pathname – pointer to string with directory name
• mode – file system permissions mode

Returns zero on success.

rmdir

Remove a directory.

• pathname – pointer to string with directory name

Returns zero on success.

creat

Create a file or device.

• pathname – pointer to string with file or device name
• mode – file system permissions mode

Returns a file descriptor on success.

link

Creates a hard link for a file.

• oldpath – pointer to string with old filename
• newpath – pointer to string with new filename

Returns zero on success.

unlink

Remove a file.

• pathname – pointer to string with path name

Return zero on success.

symlink

Create a symlink.

• oldpath – pointer to string with old path name
• newpath – pointer to string with new path name

Return zero on success.

readlink

Return name of a symbolic link.

• path – pointer to string with symlink name
• buf – pointer to buffer with result
• bufsiz – size of buffer for result

Returns number of bytes placed in buf.

chmod

Set permission on a file or device.

• path – pointer to string with name of file or device
• mode – new permissions mode

Returns zero on success.

fchmod

Same as chmod but sets permissions on file or device referenced by file descriptor.

• fd – file descriptor
• mode – new permissions mode

Returns zero on success.

chown

Change owner of file or device.

• path – pointer to string with name of file or device
• owner – new owner of file or device
• group – new group of file or device

Returns zero on success.

fchown

Same as chown but sets owner and group on a file or device referenced by file descriptor.

• fd – file descriptor
• owner – new owner
• group – new group

Returns zero on success.

lchown

Same as chown but doesn’t reference symlinks.

• path – pointer to string with name of file or device
• owner – new owner
• group – new group

Returns zero on success.

umask

Sets the mask used to create new files.

• mask – mask for new files

System call will always succeed and returns previous mask.

gettimeofday

• tv – pointer to timeval structure to retreive time
• tz – pointer to timezone structure to receive time zone

struct timeval {
    time_t      tv_sec;     /* seconds */
    suseconds_t tv_usec;    /* microseconds */
};

struct timezone {
    int tz_minuteswest;     /* minutes west of GMT */
    int tz_dsttime;         /* DST correction type */
};

Returns zero on success.

getrlimit

Get current resource limits.

• resource – resource flag
• rlim – pointer to rlimit structure

struct rlimit {
    rlim_t rlim_cur;  /* soft limit */
    rlim_t rlim_max;  /* hard limit */
};

Returns zero on success and fills rlim structure with results.

resource flags

• RLIMIT_AS – max size of process virtual memory
• RLIMIT_CORE – max size of core file
• RLIMIT_CPU – max CPU time, in seconds
• RLIMIT_DATA – max size of process’s data segment
• RLIMIT_FSIZE – max size of files that process is allowed to create
• RLIMIT_LOCKS – max flock and fcntl leases allowed
• RLIMIT_MEMLOCK – max bytes of RAM allowed to be locked
• RLIMIT_MSGQUEUE – max size of POSIX message queues
• RLIMIT_NICE – max nice value
• RLIMIT_NOFILE – max number of files allowed to be opened plus one
• RLIMIT_NPROC – max number of processes or threads
• RLIMIT_RSS – max resident set pages
• RLIMIT_RTPRIO – real-time priority ceiling
• RLIMIT_RTTIME – limit in microseconds of real-time CPU scheduling
• RLIMIT_SIGPENDING – max number of queued signals
• RLIMIT_STACK – max size of process stack

getrusage

Obtain resource usage.

• who – target flag
• usage – pointer to rusage structure

struct rusage {
    struct timeval ru_utime; /* used user CPU time */
    struct timeval ru_stime; /* used system CPU time */
    long   ru_maxrss;        /* maximum RSS */
    long   ru_ixrss;         /* shared memory size */
    long   ru_idrss;         /* unshared data size */
    long   ru_isrss;         /* unshared stack size */
    long   ru_minflt;        /* soft page faults */
    long   ru_majflt;        /* hard page faults */
    long   ru_nswap;         /* swaps */
    long   ru_inblock;       /* block input operations */
    long   ru_oublock;       /* block output operations */
    long   ru_msgsnd;        /* sent # of IPC messages */
    long   ru_msgrcv;        /* received # IPC messages */
    long   ru_nsignals;      /* number of signals received */
    long   ru_nvcsw;         /* voluntary context switches */
    long   ru_nivcsw;        /* involuntary context switches */
};

Returns zero on success.

who target

• RUSAGE_SELF – get usage statistics for calling process
• RUSAGE_CHILDREN – get usage statistics for all children of calling process
• RUSAGE_THREAD – get usage statistics for calling thread

sysinfo

Return information about the system.

• info – pointer to sysinfo structure

struct sysinfo {
    long uptime;             /* seconds since boot */
    unsigned long loads[3];  /* 1/5/15 minute load avg */
    unsigned long totalram;  /* total usable memory size */
    unsigned long freeram;   /* available memory */
    unsigned long sharedram; /* shared memory amount */
    unsigned long bufferram; /* buffer memory usage */
    unsigned long totalswap; /* swap space size */
    unsigned long freeswap;  /* swap space available */
    unsigned short procs;    /* total number of current processes */
    unsigned long totalhigh; /* total high memory size */
    unsigned long freehigh;  /* available high memory size */
    unsigned int mem_unit;   /* memory unit size in bytes */
    char _f[20-2*sizeof(long)-sizeof(int)];  /* padding to 64 bytes */
};

Returns zero on success and places system information in sysinfo structure.

times

Get process times.

• buf – pointer to tms structure

struct tms {
    clock_t tms_utime;  /* user time */
    clock_t tms_stime;  /* system time */
    clock_t tms_cutime; /* children user time */
    clock_t tms_cstime; /* children system time */
};

Returns clock ticks since arbitary point in past and may overflow. tms structure is filled with values.

ptrace

Trace a process.

• request – determine type of trace to perform
• pid – process id to trace
• addr – pointer to buffer for certain response values
• data – pointer to buffer used in certain types of traces

Returns zero on request, placing trace data into addr and/or data, depending on trace details in request flags.

request flags

• PTRACE_TRACEME – indicate process traced by parent
• PTRACE_PEEKTEXT and PTRACE_PEEKDATA – read word at addr and return as result of call
• PTRACE_PEEKUSER – read word at addr in USER area of the traced process’s memory
• PTRACE_POKETEXT and PTRACE_POKEDATA – copy data into addr in traced process’s memory
• PTRACE_POKEUSER – copy data into addr in the traced process’s USER area in memory
• PTRACE_GETREGS – copy traced program’s general registers into data
• PTRACE_GETFPREGS – copy traced program’s floating-point registers into data
• PTRACE_GETREGSET – read traced program’s registers in architecture-agnostic way
• PTRACE_SETREGS – modify traced program’s general registers
• PTRACE_SETFPREGS – modify traced program’s floating-point registers
• PTRACE_SETREGSET – modify traced program’s registers (architecture-agnostic)
• PTRACE_GETSIGINFO – get info about signal that caused stop into siginfo_t structure
• PTRACE_SETSIGINFO – set signal info by copying siginfo_t structure from data into traced program
• PTRACE_PEEKSIGINFO – get siginfo_t structures without removing queued signals
• PTRACE_GETSIGMASK – copy mask of blocked signals into data which will be a sigset_t structure
• PTRACE_SETSIGMASK – change blocked signals mask to value in data which should be a sigset_t structure
• PTRACE_SETOPTIONS – set options from data, where data is a bit mask of the following options:
  • PTRACE_O_EXITKILL – send SIGKILL to traced program if tracing program exists
  • PTRACE_O_TRACECLONE – stop traced program at next clone syscall and start tracing new process
  • PTRACE_O_TRACEEXEC – stop traced program at next execve syscall
  • PTRACE_O_TRACEEXIT – stop the traced program at exit
  • PTRACE_O_TRACEFORK– stop traced program at next fork and start tracing forked process
  • PTRACE_O_TRACESYSGOOD – set bit 7 in signal number (SIGTRAP|0x80) when sending system call traps
  • PTRACE_O_TRACEVFORK – stop traced program at next vfork and start tracing new process
  • PTRACE_O_TRACEVFORKDONE – stop traced program after next vfork
  • PTRACE_O_TRACESECCOMP – stop traced program when seccomp rule is triggered
  • PTRACE_O_SUSPEND_SECCOMP – suspend traced program’s seccomp protections
• PTRACE_GETEVENTMSG – get message about most recent ptrace event and put in data of tracing program
• PTRACE_CONT – restart traced process that was stopped and if data is not zero, send number of signal to it
• PTRACE_SYSCALL and PTRACE_SIGNELSTEP – restart traced process that was stopped but stop at entry or exit of next syscall
• PTRACE_SYSEMU – continue, then stop on entry for next syscall (but don’t execute it)
• PTRACE_SYSEMU_SINGLESTEP – same as PTRACE_SYSEMU but single step if instruction isn’t a syscall
• PTRACE_LISTEN – restart traced program but prevent from executing (similar to SIGSTOP)
• PTRACE_INTERRUPT – stop the traced program
• PTRACE_ATTACH – attach to process pid
• PTRACE_SEIZE attach to process pid but do not stop process
• PTRACE_SECCOMP_GET_FILTER – allows for drump of traced program’s classic BPF filters, where addr is the index of filter and data is pointer to structure sock_filter
• PTRACE_DETACH – detach then restart stopped traced program
• PTRACE_GET_THREAD_AREA – reads TLS entry into GDT with index specified by addr, placing copy struct user_desc at data
• PTRACE_SET_THREAD_AREA – sets TLS entry into GTD with index specified by addr, assigning it struct user_desc at data
• PTRACE_GET_SYSCALL_INFO – get information about syscall that caused stop and place struct ptrace_syscall_info into data, where addr is size of buffer

struct ptrace_peeksiginfo_args {
    u64 off;    /* queue position to start copying signals */
    u32 flags;  /* PTRACE_PEEKSIGINFO_SHARED or 0 */
    s32 nr;     /* # of signals to copy */
};

struct ptrace_syscall_info {
    __u8 op;                    /* type of syscall stop */
    __u32 arch;                 /* AUDIT_ARCH_* value */
    __u64 instruction_pointer;  /* CPU instruction pointer */
    __u64 stack_pointer;        /* CPU stack pointer */
    union {
        struct {                /* op == PTRACE_SYSCALL_INFO_ENTRY */
            __u64 nr;           /* syscall number */
            __u64 args[6];      /* syscall arguments */
        } entry;
        struct {                /* op == PTRACE_SYSCALL_INFO_EXIT */
            __s64 rval;         /* syscall return value */
            __u8 is_error;      /* syscall error flag */
        } exit;
        struct {                /* op == PTRACE_SYSCALL_INFO_SECCOMP */
            __u64 nr;           /* syscall number */
            __u64 args[6];      /* syscall arguments */
            __u32 ret_data;    /* SECCOMP_RET_DATA part of SECCOMP_RET_TRACE return value */
        } seccomp;
    };
};

getuid

Get UID of calling process.

Returns the UID. Always succeeds.

syslog

Read or clear kernel message buffer.

• type – function to perform
• bufp – pointer to buffer (used for reading)
• len – length of buffer

Returns bytes read, available to read, total size of kernel buffer, or 0, depending on type flag.

type flag

• SYSLOG_ACTION_READ – read len bytes of kernel message log into bufp, returns number of bytes read
• SYSLOG_ACTION_READ_ALL – read entire kernel message log into bufp, reading last len bytes from kernel, returning bytes read
• SYSLOG_ACTION_READ_CLEAR – read, then clear kernel message log into bufp, up to len bytes, returning bytes read
• SYSLOG_ACTION_CLEAR – clear the kernel message log buffer, returns zero on success
• SYSLOG_ACTION_CONSOLE_OFF – prevents kernel messages being sent to the console
• SYSLOG_ACTION_CONSOLE_ON – enables kernel messages being sent to the console
• SYSLOG_ACTION_CONSOLE_LEVEL – sets the log level of messages (values 1 to 8 via len) to allow message filtering
• SYSLOG_ACTION_SIZE_UNREAD – returns number of bytes available for reading in kernel message log
• SYSLOG_ACTION_SIZE_BUFFER – returns size of kernel message buffer

getgid

Get GID of calling process.

Returns the GID. Always succeeds.

setuid

Set UID of calling process.

• uid – new UID

Returns zero on success.

setgid

Set GID of calling process.

• gid – new GID

Returns zero on success.

geteuid

Get effective UID of calling process.

Returns the effective UID. Always succeeds.

getegid

Get effective GID of calling process.

Returns the effective GID. Always succeeds.

setpgid

Set process group ID of a process.

• pid – process ID
• pgid – process group ID

Returns zero on success.

getppid

Get process group ID of a process.

• pid – process ID

Returns process group ID.

getpgrp

Get process group ID of calling process.

Return process group ID.

setsid

Create session if calling process isn’t leader of a process group.

Returns created session ID.

setreuid

Set both real and effective UID for calling process.

• ruid – the real UID
• euid – the effective UID

Returns zero on success.

setregid

Set both real and effective GID for calling process.

• rgid – the real GID
• egid – the effective GID

Returns zero on success.

getgroups

Get a list of supplementary group IDs for calling process.

• size – size of array list
• list – array of gid_t to retreive list

Returns number of supplementary group IDs retreived into list.

setgroups

Set list of supplementary group IDs for calling process.

• size – size of array list
• list – array of gid_t to set list

Returns zero on success.

setresuid

Sets real, effective, and saved UID.

• ruid – the real UID
• euid – the effective UID
• suid – the saved UID

Returns zero on success.

setresgid

Sets real, effective, and saved GID.

• rgid – the real GID
• egid – the effective GID
• sgid – the saved GID

Returns zero on success.

getresuid

Get the real, effective, and saved UID.

• ruid – the real UID
• euid – the effective UID
• suid – the saved UID

Returns zero on success.

getresgid

Get the real, effective, and saved GID.

• rgid – the real GID
• egid – the effective GID
• sgid – the saved GID

Returns zero on success.

getpgid

Get process group ID of a process.

• pid – process ID

Returns process group ID.

setfsuid

Set UID for filesystem checks.

Always returns previous filesystem UID.

setfsgid

Set GID for filesystem checks.

Always returns previous filesystem GID.

getsid

Get session ID.

Returns session ID.

capget

Get capabilities of a thread.

• hdrp – capability header structure
• datap – capability data structure

typedef struct __user_cap_header_struct {
    __u32 version;
    int pid;
} *cap_user_header_t;

typedef struct __user_cap_data_struct {
    __u32 effective;
    __u32 permitted;
    __u32 inheritable;
} *cap_user_data_t;

Returns zero on success.

capset

Set capabilities of a thread.

• hdrp – capability header structure
• datap – capability data structure

typedef struct __user_cap_header_struct {
    __u32 version;
    int pid;
} *cap_user_header_t;

typedef struct __user_cap_data_struct {
    __u32 effective;
    __u32 permitted;
    __u32 inheritable;
} *cap_user_data_t;

Returns zero on success.

rt_sigpending

Return signal set that are pending delivery to calling process or thread.

• set – pointer to sigset_t structure to retreive mask of signals.

rt_sigtimedwait

Suspend execution (until timeout) of calling process or thread until a signal referenced in set is pending.

• set – pointer to sigset_t structure to define signals to wait for
• info – if not null, pointer to siginfo_t structure with info about signal
• timeout – a timespec structure setting a maximum time to wait before resuming execution

struct timespec {
    long    tv_sec;         /* time in seconds */
    long    tv_nsec;        /* time in nanoseconds */
}

rt_sigqueueinfo

Queue a signal.

• tgid – thread group id
• sig – signal to send
• info – pointer to structure siginfo_t

Returns zero on success.

rt_sigsuspend

Wait for a signal.

• mask – pointer to sigset_t structure (defined in sigaction)

Always returns with -1.

sigaltstack

Set/get signal stack context.

• ss – pointer to stack_t structure representing new signal stack
• oss – pointer to stack_t structure used for getting information on current signal stack

typedef struct {
    void  *ss_sp;     /* stack base address */
    int    ss_flags;  /* flags */
    size_t ss_size;   /* bytes in stack */
} stack_t;

Returns zero on success.

utime

Change the last access and modification time of a file.

• filename – pointer to string with filename
• times – pointer to structure utimbuf structure

struct utimbuf {
    time_t actime;       /* access time */
    time_t modtime;      /* modification time */
};

Returns zero on success.

mknod

Create a special file (usually used for device files).

• pathname – pointer to string with full path of file to create
• mode – permissions and type of file
• dev – device number

Returns zero on success.

uselib

Load a shared library.

• library – pointer to string with full path of library file

Return zero on success.

personality

Set process execution domain (personality)

• persona – domain of persona

Returns previous persona on success unless persona is set to 0xFFFFFFFF.

ustat

Get filesystem statistics

• dev – number of device with mounted filesystem
• ubuf – pointer to ustat structure for return values

struct ustat {
    daddr_t f_tfree;      /* free blocks */
    ino_t   f_tinode;     /* free inodes */
    char    f_fname[6];   /* filesystem name */
    char    f_fpack[6];   /* filesystem pack name */
};

Returns zero on success and ustat structure referenced by ubuf is filled with statistics.

statfs

Get filesystem statistics.

• path – pointer to string with filename of any file on the mounted filesystem
• buf – pointer to statfs structure

struct statfs {
    __SWORD_TYPE    f_type;     /* filesystem type */
    __SWORD_TYPE    f_bsize;    /* optimal transfer block size */
    fsblkcnt_t      f_blocks;   /* total blocks */
    fsblkcnt_t      f_bfree;    /* free blocks */
    fsblkcnt_t      f_bavail;   /* free blocks available to unprivileged user */
    fsfilcnt_t      f_files;    /* total file nodes */
    fsfilcnt_t      f_ffree;    /* free file nodes */
    fsid_t          f_fsid;     /* filesystem id */
    __SWORD_TYPE    f_namelen;  /* maximum length of filenames */
    __SWORD_TYPE    f_frsize;   /* fragment size */
    __SWORD_TYPE    f_spare[5];
};

Returns zero on success.

fstatfs

Works just like statfs except provides filesystem statistics on via a file descriptor.

• fd – file descriptor
• buf – pointer to statfs structure

Returns zero on success.

sysfs

Get filesystem type information.

int sysfs(int option, const char *fsname)
int sysfs(int option, unsigned int fs_index, char *buf)
int sysfs(int option)

• option – when set to 3, return number of filesystem types in kernel, or can be 1 or 2 as indicated below
• fsname – pointer to string with name of filesystem (set option to 1)
• fs_index – index into null-terminated filesystem identifier string written to buffer at buf (set option to 2)
• buf – pointer to buffer

Returns filesystem index when option is 1, zero for 2, and number of filesystem types in kernel for 3.

getpriority

Get priority of a process.

• which – flag determining which priority to get
• who – PID of process

Returns priority of specified process.

which

• PRIO_PROCESS – process
  * PRIO_PGRP – process group
• PRIO_USER – user ID

setpriority

Set priority of a process.

• which – flag determining which priority to set
• who – PID of process
• prio – priority value (-20 to 19)

Returns zero on success.

sched_setparam

Set scheduling parameters of a process.

• pid – PID of process
• param – pointer to sched_param structure

Returns zero on success.

sched_getparam

• pid – PID of process
• param – pointer to sched_param structure

Returns zero on success.

sched_setscheduler

Set scheduling parameters for a process.

• pid – PID of process
• policy – policy flag
• param – pointer to sched_param structure

Returns zero on success.

policy

• SCHED_OTHER – standard round-robin time sharing policy
• SCHED_FIFO – first-in-first-out scheduling policy
• SCHED_BATCH – executes processes in a batch-style schedule
• SCHED_IDLE – denotes a process be set for low priority (background)

sched_getscheduler

Get scheduling parameters for a process.

• pid – PID of process

Returns policy flag (see sched_setscheduler).

sched_get_priority_max

Get static priority maximum.

• policy – policy flag (see sched_setscheduler)

Returns maximum priority value for provided policy.

sched_get_priority_min

Get static priority minimum.

• policy – policy flag (see sched_setscheduler)

Returns minimum priority value for provided policy.

sched_rr_get_interval

Get SCHED_RR interval for a process.

• pid – PID of process
• tp – pointer to timespec structure

Returns zero on success and fills tp with intervals for pid if SCHED_RR is the scheduling policy.

mlock

Lock all or part of calling process’s memory.

• addr – pointer to start of address space
• len – length of address space to lock

Returns zero on success.

munlock

Unlock all or part of calling process’s memory.

• addr – pointer to start of address space
• len – length of address space to unlock

Returns zero on success.

mlockall

Lock all address space of calling process’s memory.

• flags – flags defining additional behavior

flags

• MCL_CURRENT – lock all pages as of time of calling this syscall
• MCL_FUTURE – lock all pages that are mapped to this process in the future
• MCL_ONFAULT – mark all current (or future, along with MCL_FUTURE) when they are page faulted

munlockall

Unlock all address space of calling process’s memory.

Returns zero on success.

vhangup

Send a "hangup" signal to the current terminal.

Returns zero on success.

modify_ldt

Read or write to the local descriptor table for a process

• func – 0 for read, 1 for write
• ptr – pointer to LDT
• bytecount – bytes to read, or for write, size of user_desc structure

struct user_desc {
    unsigned int  entry_number;
    unsigned int  base_addr;
    unsigned int  limit;
    unsigned int  seg_32bit:1;
    unsigned int  contents:2;
    unsigned int  read_exec_only:1;
    unsigned int  limit_in_pages:1;
    unsigned int  seg_not_present:1;
    unsigned int  useable:1;
};

Returns bytes read or zero for success when writing.

pivot_root

Change root mount.

• new_root – pointer to string with path to new mount
• put_old – pointer to string with path for old mount

Returns zero on success.

prctl

• option – specify operation flag
• arg2, arg3, arg4, and arg5 – variables used depending on option, see option flags

option

• PR_CAP_AMBIENT – read/change ambient capability of calling thread referencing value in arg2, in regards to:
  • PR_CAP_AMBIENT_RAISE – capability in arg3 is added to ambient set
  • PR_CAP_AMBIENT_LOWER – capability in arg3 is removed from ambient set
  • PR_CAP_AMBIENT_IS_SET – returns 1 if capability in arg3 is in the ambient set, 0 if not
  • PR_CAP_AMBIENT_CLEAR_ALL – remove all capabilities from ambient set, set arg3 to 0
• PR_CAPBSET_READ – return 1 if capability specified in arg2 is in calling thread’s capability bounding set, 0 if not
• PR_CAPBSET_DROP – if calling thread has CAP_SETPCAP capability in user namespace, drop capability in arg2 from capability bounding set for calling process
• PR_SET_CHILD_SUBREAPER – if arg2 is not zero, set "child subreaper" attribute for calling process, if arg2 is zero, unset
• PR_GET_CHILD_SUBREAPER – return "child subreaper" setting of calling process in location pointed to by arg2
• PR_SET_DUMPABLE – set state of dumpable flag via arg2
• PR_GET_DUMPABLE – return current dumpable flag for calling process
• PR_SET_ENDIAN – set endian-ness of calling process to arg2 via PR_ENDIAN_BIG, PR_ENDIAN_LITTLE, or PR_ENDIAN_PPC_LITTLE
• PR_GET_ENDIAN – return endian-ness of calling process to location pointed by arg2
• PR_SET_KEEPCAPS – set state of calling process’s "keep capabilities" flag via arg2
• PR_GET_KEEPCAPS – return current state of calling process’s "keep capabilities" flag
• PR_MCE_KILL – set machine check memory corruption kill policy for calling process via arg2
• PR_MCE_KILL_GET – return current per-process machine check kill policy
• PR_SET_MM – modify kernel memory map descriptor fields of calling process, where arg2 is one of the following options and arg3 is the new value to set
  • PR_SET_MM_START_CODE – set address above which program text can run
  • PR_SET_MM_END_CODE – set address below which program text can run
  • PR_SET_MM_START_DATA – set address above which initialized and uninitialized data are placed
  • PR_SET_MM_END_DATA – set address below which initialized and uninitialized data are placed
  • PR_SET_MM_START_STACK – set start address of stack
  • PR_SET_MM_START_BRK – set address above which program heap can be expanded with brk
  • PR_SET_MM_BRK – set current brk value
  • PR_SET_MM_ARG_START – set address above which command line is placed
  • PR_SET_MM_ARG_END – set address below which command line is placed
  • PR_SET_MM_ENV_START – set address above which environment is placed
  • PR_SET_MM_ENV_END – set address below which environment is placed
  • PR_SET_MM_AUXV – set new aux vector, with arg3 providing new address and arg4 containing size of vector
  • PR_SET_MM_EXE_FILE – Supersede /proc/pid/exe symlink with a new one pointing to file descriptor in arg3
  • PR_SET_MM_MAP – provide one-shot access to all addresses by passing struct prctl_mm_map pointer in arg3 with size in arg4
  • PR_SET_MM_MAP_SIZE – returns size of prctl_mm_map structure, where arg4 is pointer to unsigned int
• PR_MPX_ENABLE_MANAGEMENT – enable kernel management of memory protection extensions
• PR_MPX_DISABLE_MANAGEMENT – disable kernel management of memory protection extensions
• PR_SET_NAME – set name of calling process to null-terminated string pointed to by arg2
• PR_GET_NAME – get name of calling process in null-terminated string into buffer sized to 16 bytes referenced by pointer in arg2
• PR_SET_NO_NEW_PRIVS – set calling process no_new_privs attribute to value in arg2
• PR_GET_NO_NEW_PRIVS – return value of no_new_privs for calling process
• PR_SET_PDEATHSIG – set parent-death signal of calling process to arg2
• PR_GET_PDEATHSIG – return value of parent-death signal into arg2
• PR_SET_SECCOMP – set "seccomp" mode for calling process via arg2
• PR_GET_SECCOMP – get "seccomp" mode of calling process
• PR_SET_SECUREBITS – set "securebits" flags of calling thread to value in arg2
• PR_GET_SECUREBITS – return "securebits" flags of calling process
• PR_GET_SPECULATION_CTRL – return state of speculation misfeature specified in arg2
• PR_SET_SPECULATION_CTRL – set state of speculation misfeature specified in arg2
• PR_SET_THP_DISABLE – set state of "THP disable" flag for calling process
• PR_TASK_PERF_EVENTS_DISABLE – disable all performance counters for calling process
• PR_TASK_PERF_EVENTS_ENABLE – enable performance counters for calling process
• PR_GET_THP_DISABLE – return current setting of "THP disable" flag
• PR_GET_TID_ADDRESS – return clear_child_tid address set by set_tid_address
• PR_SET_TIMERSLACK – sets current timer slack value for calling process
• PR_GET_TIMERSLACK – return current timer slack value for calling process
• PR_SET_TIMING – set statistical process timing or accurate timestamp-based process timing by flag in arg2 (PR_TIMING_STATISTICAL or PR_TIMING_TIMESTAMP)
• PR_GET_TIMING – return process timing method in use
• PR_SET_TSC – set state of flag determining if timestamp counter can be read by process in arg2 (PR_TSC_ENABLE or PR_TSC_SIGSEGV)
• PR_GET_TSC – return state of flag determing whether timestamp counter can be read in location pointed by arg2

Returns zero on success or value specified in option flag.

arch_prctl

Set architecture-specific thread state.

• code – defines additional behavior

• addr or *addr – address, or pointer in the case of "get" operations

• ARCH_SET_FS – set 64-bit base for FS register to addr
• ARCH_GET_FS – return 64-bit base value for FS register of current process in memory referenced by addr
• ARCH_SET_GS – set 64-bit base address for GS register to addr
• ARCH_GET_GS – return 64-bit base value for GS register of current process in memory referenced by addr

Returns zero on success.

adjtimex

Tunes kernel clock.

• buf – pointer to buffer with timex structure

struct timex {
    int  modes;             /* mode selector */
    long offset;            /* time offset in nanoseconds if STA_NANO flag set, otherwise microseconds */
    long freq;              /* frequency offset */
    long maxerror;          /* max error in microseconds */
    long esterror;          /* est. error in microseconds */
    int  status;            /* clock command / status */
    long constant;          /* PLL (phase-locked loop) time constant */
    long precision;         /* clock precision in microseconds, read-only */
    long tolerance;         /* clock frequency tolerance, read-only */
    struct timeval time;    /* current time (read-only, except ADJ_SETOFFSET) */
    long tick;              /* microseconds between clock ticks */
    long ppsfreq;           /* PPS (pulse per second) frequency, read-only */
    long jitter;            /* PPS jitter, read-only, in nanoseconds if STA_NANO flag set, otherwise microseconds */
    int  shift;             /* PPS interval duration in seconds, read-only */
    long stabil;            /* PPS stability, read-only */
    long jitcnt;            /* PPS count of jitter limit exceeded events, read-only */
    long calcnt;            /* PPS count of calibration intervals, read-only */
    long errcnt;            /* PPS count of calibration errors, read-only */
    long stbcnt;            /* PPS count of stability limit exceeded events, read-only */
    int tai;                /* TAI offset set by previous ADJ_TAI operations, in seconds, read-only */
    /* padding bytes to allow future expansion */
};

Return clock state, either TIME_OK, TIME_INS, TIME_DEL, TIME_OOP, TIME_WAIT, or TIME_ERROR.

setrlimit

Set resource limits.

• resource – type of resource to set (see getrlimit for list)
• rlim – pointer to rlimit structure

struct rlimit {
    rlim_t rlim_cur;  /* soft limit */
    rlim_t rlim_max;  /* hard limit */
};

Returns zero on success.

chroot

Change root directory.

• path – pointer to string containing path to new mount

Returns zero on success.

sync

Flush filesystem caches to disk.

Returns zero on success.

acct

Toggle process accounting.

• filename – pointer to string with existing file

Returns zero on success.

settimeofday

Set the time of day.

• tv – pointer to timeval structure of new time (see gettimeofday for structure)
• tz – pointer to timezone structure (see gettimeofday for structure)

Returns zero on success.

mount

Mount a file system.

• source – pointer to string containing device path
• target – pointer to string containing mount target path
• filesystemtype – pointer to filesystem type (see /proc/filesystems for supported filesystems)
• mountflags – flags or mount options
• data – usually a comma-separated list of options understood by the filesystem type

Returns zero on success.

mountflags

• MS_BIND – perform bind mount, making file or subtree visible at another point within file systemn
• MS_DIRSYNC – make dir changes synchronous
• MS_MANDLOCK – allow mandatory locking
• MS_MOVE – move subtree, source specifies existing mount point and target specifies new location
• MS_NOATIME – don’t update access time
• MS_NODEV – don’t allow access to special files
• MS_NODIRATIME – don’t update access times for directories
• MS_NOEXEC – don’t allow programs to be executed
• MS_NOSUID – don’t honor SUID or SGID bits when running programs
• MS_RDONLY – mount read-only
• MS_RELATIME – update last access time if current value of atime is less or equal to mtime or ctime
• MS_REMOUNT – remount existing mount
• MS_SILENT – suppress disply of printk() warning messages in kernel log
• MS_STRICTATIME – always update atime when accessed
• MS_SYNCHRONOUS – make write synchronous

umount2

Unmount a filesystem.

• target – poiner to string with filesystem to umount
• flags – additional options

Returns zero on success.

flags

• MNT_FORCE – force unmount even if busy, which can cause data loss
• MNT_DETACH – perform lazy unmount and make mount point unavailable for new access, then actually unmount when mount isn’t busy
• MNT_EXPIRE – mark mount point as expired
• UMOUNT_NOFOLLOW – do not dereference target if symlink

swapon

Start swapping to specified device.

• path – pointer to string with path to device
• swapflags – flags for additional options

Returns zero on success.

swapflags

• SWAP_FLAG_PREFER – new swap area will have a higher priority than the default priority level
• SWAP_FLAG_DISCARD – discard or trim freed swap pages (for SSDs)

swapoff

Stop swapping to specified device.

• path – pointer to string with path to device

Returns zero on success.

reboot

Reboot the system.

• magic – must be set to LINUX_REBOOT_MAGIC1 or LINUX_REBOOT_MAGIC2A for this call to work
• magic2 – must be set to LINUX_REBOOT_MAGIC2 or LINUX_REBOOT_MAGIC2C for this call to work
• arg – pointer to additional argument flag

Does not return on success, returns -1 on failure.

arg

• LINUX_REBOOT_CMD_CAD_OFF – CTRL+ALT+DELETE is disabled, and CTRL+ALT+DELETE will send SIGINT to init
• LINUX_REBOOT_CMD_CAD_ON – CTRL+ALT+DELETE enabled
• LINUX_REBOOT_CMD_HALT – halt system and display "System halted."
• LINUX_REBOOT_CMD_KEXEC – execute a previously loaded kernel with kexec_load, requires CONFIG_KEXEC in kernel
• LINUX_REBOOT_CMD_POWER_OFF – power down system
• LINUX_REBOOT_CMD_RESTART – restart system and display "Restarting system."
• LINUX_REBOOT_CMD_RESTART2 – restart system and display "Restarting system with command aq%saq."

sethostname

Set hostname of machine.

• name – pointer to string with new name
• len – length of new name

Returns zero on success.

setdomainname

Set NIS domain name.

• name – pointer to string with new name
• len – length of new name

Return zero on success.

iopl

Change I/O privilage level

• level – new privilege level

Returns zero on success.

ioperm

Set I/O permissions.

• from – starting port address
• num – number of bits
• turn_on – zero or non-zero denotes enabled or disabled

Returns zero on success.

init_module

Load module into kernel with module file specified by file descriptor.

• module_image – pointer to buffer with binary image of module to load
• len – size of buffer
• param_values – pointer to string with parameters for kernel

Returns zero on success.

delete_module

Unload a kernel module.

• name – pointer to string with name of module
• flags – modify behavior of unload

Return zero on success.

flags

• O_NONBLOCK – immediately return from syscall
• O_NONBLOCK | O_TRUNC – unload module immediately even if reference count is not zero

quotactl

Change disk quotas.

• cmd – command flag
• special – pointer to string with path to mounted block device
• id – user or group ID
• addr – address of data structure, optional to some cmd flags

cmd

• Q_QUOTAON – turn on quotas for filesystem referenced by special, with id specifying quota format to use:
  • QFMT_VFS_OLD – original format
  • QFMT_VFS_V0 – standard VFS v0 format
  • QFMT_VFS_V1 – format with support for 32-bit UIDs and GIDs
• Q_QUOTAOFF – turn off quotas for filesystme referenced by special
• Q_GETQUOTA – get quota limits and usage for a user or group id, referenced by id, where addr is pointer to dqblk structure
• Q_GETNEXTQUOTA – same as Q_GETQUOTA but returns info for next id greater or equal to id that has quota set, where addr points to nextdqblk structure
• Q_SETQUOTA – set quota info for user or group id, using dqblk structure referenced by addr
• Q_GETINFO – get info about quotafile, where addr points to dqinfo structure
• Q_SETINFO – set information about quotafile, where addr points to dqinfo structure
• Q_GETFMT – get quota format used on filesystem referenced by special, where addr points to 4 byte buffer where format number will be stored
• Q_SYNC – update on-disk copy of quota usage for filesystem
• Q_GETSTATS – get statistics about quota subsystem, where addr points to a dqstats structure
• Q_XQUOTAON – enable quotas for an XFS filesystem
• Q_XQUOTAOFF – disable quotas on an XFS filesystem
• Q_XGETQUOTA – on XFS filesystems, get disk quota limits and usage for user id specified by id, where addr points to fs_disk_quota structure
• Q_XGETNEXTQUOTA – same as Q_XGETQUOTA but returns fs_disk_quota referenced by addr for next id greater or equal than id that has quota set
• Q_XSETQLIM – on XFS filesystems, set disk quota for UID, where addr references pointer to fs_disk_quota structure
• Q_XGETQSTAT – returns XFS specific quota info in fs_quota_stat referenced by addr
• Q_XGETQSTATV – returns XFS specific quota info in fs_quota_statv referenced by addr
• Q_XQUOTARM – on XFS filesystems, free disk space used by quotas, where addr references unsigned int value containing flags (same as d_flaags field of fs_disk_quota structure)

struct dqblk {
    uint64_t dqb_bhardlimit;  /* absolute limit on quota blocks alloc */
    uint64_t dqb_bsoftlimit;  /* preferred limit on quota blocks */
    uint64_t dqb_curspace;    /* current space used in bytes */
    uint64_t dqb_ihardlimit;  /* max number of allocated inodes */
    uint64_t dqb_isoftlimit;  /* preferred inode limit */
    uint64_t dqb_curinodes;   /* current allocated inodes */
    uint64_t dqb_btime;       /* time limit for excessive use over quota */
    uint64_t dqb_itime;       /* time limit for excessive files */
    uint32_t dqb_valid;       /* bit mask of QIF_* constants */
};

struct nextdqblk {
    uint64_t dqb_bhardlimit;
    uint64_t dqb_bsoftlimit;
    uint64_t dqb_curspace;
    uint64_t dqb_ihardlimit;
    uint64_t dqb_isoftlimit;
    uint64_t dqb_curinodes;
    uint64_t dqb_btime;
    uint64_t dqb_itime;
    uint32_t dqb_valid;
    uint32_t dqb_id;
};

struct dqinfo {
    uint64_t dqi_bgrace;  /* time before soft limit becomes hard limit */
    uint64_t dqi_igrace;  /* time before soft inode limit becomes hard limit */
    uint32_t dqi_flags;   /* flags for quotafile */
    uint32_t dqi_valid;
};

struct fs_disk_quota {
    int8_t   d_version;         /* version of structure */
    int8_t   d_flags;           /* XFS_{USER,PROJ,GROUP}_QUOTA */
    uint16_t d_fieldmask;       /* field specifier */
    uint32_t d_id;              /* project, UID, or GID */
    uint64_t d_blk_hardlimit;   /* absolute limit on disk blocks */
    uint64_t d_blk_softlimit;   /* preferred limit on disk blocks */
    uint64_t d_ino_hardlimit;   /* max # allocated inodes */
    uint64_t d_ino_softlimit;   /* preferred inode limit */
    uint64_t d_bcount;          /* # disk blocks owned by user */
    uint64_t d_icount;          /* # inodes owned by user */
    int32_t  d_itimer;          /* zero if within inode limits */
    int32_t  d_btimer;          /* as above for disk blocks */
    uint16_t d_iwarns;          /* # warnings issued regarding # of inodes */
    uint16_t d_bwarns;          /* # warnings issued regarding disk blocks */
    int32_t  d_padding2;        /* padding */
    uint64_t d_rtb_hardlimit;   /* absolute limit on realtime disk blocks */
    uint64_t d_rtb_softlimit;   /* preferred limit on realtime disk blocks */
    uint64_t d_rtbcount;        /* # realtime blocks owned */
    int32_t  d_rtbtimer;        /* as above, but for realtime disk blocks */
    uint16_t d_rtbwarns;        /* # warnings issued regarding realtime disk blocks */
    int16_t  d_padding3;        /* padding */
    char     d_padding4[8];     /* padding */
};

struct fs_quota_stat {
    int8_t   qs_version;            /* version for future changes */
    uint16_t qs_flags;              /* XFS_QUOTA_{U,P,G}DQ_{ACCT,ENFD} */
    int8_t   qs_pad;                /* padding */
    struct fs_qfilestat qs_uquota;  /* user quota storage info */
    struct fs_qfilestat qs_gquota;  /* group quota storage info */
    uint32_t qs_incoredqs;          /* number of dqots in core */
    int32_t  qs_btimelimit;         /* limit for blocks timer */
    int32_t  qs_itimelimit;         /* limit for inodes timer */
    int32_t  qs_rtbtimelimit;       /* limit for realtime blocks timer */
    uint16_t qs_bwarnlimit;         /* limit for # of warnings */
    uint16_t qs_iwarnlimit;         /* limit for # of warnings */
};

struct fs_qfilestatv {
    uint64_t qfs_ino;       /* inode number */
    uint64_t qfs_nblks;     /* number of BBs (512-byte blocks) */
    uint32_t qfs_nextents;  /* number of extents */
    uint32_t qfs_pad;       /* pad for 8-byte alignment */
};

struct fs_quota_statv {
    int8_t   qs_version;             /* version for future changes */
    uint8_t  qs_pad1;                /* pad for 16-bit alignment */
    uint16_t qs_flags;               /* XFS_QUOTA_.* flags */
    uint32_t qs_incoredqs;           /* number of dquots incore */
    struct fs_qfilestatv qs_uquota;  /* user quota info */
    struct fs_qfilestatv qs_gquota;  /* group quota info */
    struct fs_qfilestatv qs_pquota;  /* project quota info */
    int32_t  qs_btimelimit;          /* limit for blocks timer */
    int32_t  qs_itimelimit;          /* limit for inodes timer */
    int32_t  qs_rtbtimelimit;        /* limit for realtime blocks timer */
    uint16_t qs_bwarnlimit;          /* limit for # of warnings */
    uint16_t qs_iwarnlimit;          /* limit for # of warnings */
    uint64_t qs_pad2[8];             /* padding */
};

Returns zero on success.

gettid

Get thread ID.

Returns thread ID of calling process.

readahead

Read file into page cache.

• fd – file descriptor of file to read ahead
• offset – offset from start of file to read
• count – number of bytes to read

Returns zero on success.

setxattr

Set extended attribute value.

• path – pointer to string with filename
• name – pointer to string with attribute name
• value – pointer to string with attribute value
• size – size of value
• flags – set to XATTR_CREATE to create attribute, XATTR_REPLACE to replace

Returns zero on success.

lsetxattr

Set extended attribute value of symbolic link.

• path – pointer to string with symlink
• name – pointer to string with attribute name
• value – pointer to string with attribute value
• size – size of value
• flags – set to XATTR_CREATE to create attribute, XATTR_REPLACE to replace

Returns zero on success.

fsetxattr

Set extended attribute value of file referenced by file descriptor.

• fd – file descriptor of file in question
• name – pointer to string with attribute name
• value – pointer to string with attribute value
• size – size of value
• flags – set to XATTR_CREATE to create attribute, XATTR_REPLACE to replace

Returns zero on success.

getxattr

Get extended attribute value.

• path – pointer to string with filename
• name – pointer to string with attribute name
• value – pointer to string with attribute value
• size – size of value

Returns size of extended attribute value.

lgetxattr

Get extended attribute value from symlink.

• path – pointer to string with symlink
• name – pointer to string with attribute name
• value – pointer to string with attribute value
• size – size of value

Returns size of extended attribute value.

fgetxattr

Get extended attribute value from file referenced by file descriptor.

• fd – file descriptor of file in question
• name – pointer to string with attribute name
• value – pointer to string with attribute value
• size – size of value

Returns size of extended attribute value.

listxattr

List extended attribute names.

• path – pointer to string with filename
• list – pointer to list of attribute names
• size – size of list buffer

Returns size of name list.

llistxattr

List extended attribute names for a symlink.

• path – pointer to string with symlink
• list – pointer to list of attribute names
• size – size of list buffer

Returns size of name list.

flistxattr

List extended attribute names for file referenced by file descriptor.

• fd – file descriptor of file in question
• list – pointer to list of attribute names
• size – size of list buffer

Returns size of name list.

removexattr

Remove an extended attribute.

• path – pointer to string with filename
• name – pointer to string with name of attribute to remove

Returns zero on success.

lremovexattr

Remove an extended attribute of a symlink.

• path – pointer to string with filename
• name – pointer to string with name of attribute to remove

Returns zero on success.

fremovexattr

Remove an extended attribute of a file referenced by a file descriptor.

• fd – file descriptor of file in question
• name – pointer to string with name of attribute to remove

Returns zero on success.

tkill

Send a signal to a thread.

• tid – thread id
• sig – signal to send

Returns zero on success.

time

Get time in seconds.

• t – if not NULL, return value is also stored in referenced memory address

Returns time (in seconds) since UNIX Epoch.

futex

Fast user-space locking.

• uaddr – pointer to address of value to monitor for change
• op – operation flag
• timeout – pointer to timespec structure with timeout
• uaddr2 – pointer to integer used for some operations
• val3 – additional argument in some operations

Return value depends on operation detailed above.

op

• FUTEX_WAIT – atomically varifies that uaddr still contains value val and sleeps awaiting FUTEX_WAKE on this address
• FUTEX_WAKE – wakes at most val processes waiting on futex address
• FUTEX_REQUEUE – wakes up val processes and requeues all waiters on futex at address uaddr2
• FUTEX_CMP_REQUEUE – similar to FUTEX_REQUEUE but first checks if location uaddr contains value of val3

sched_setaffinity

Set process CPU affinity mask.

• pid – PID of process
• cpusetsize – length of data at mask
• mask – pointer to mask

Returns zero on success.

sched_getaffinity

Get process CPU affinity mask.

• pid – PID of process
• cpusetsize – length of data at mask
• mask – pointer to mask

Returns zero on success with mask placed in memory referenced by mask.

set_thread_area

Set thread local storage area.

• u_info – pointer to user_desc structure

Returns zero on success.

io_setup

Create async I/O context.

• nr_events – total number of events to receive
• ctx_idp – pointer reference to created handle

Returns zero on success.

io_destroy

Destroy async I/O context.

• ctx_id – ID of context to destroy

Returns zero on success.

io_getevents

Read async I/O events from queue.

• ctx_id – AIO context ID
• min_nr – minimum number of events to read
• nr – number of events to read
• eventsstruct – pointer to io_event structure
• timeout – pointer to timespec timeout structure

Returns number of events read, or zero if no events are available or are less than min_nr.

io_submit

Submit async I/O blocks for processing.

• ctx_id – AIO context ID
• nrstruct – number of structures
• iocbpp – pointer to iocb structure

Returns number of iocb submitted.

io_cancel

Cancel previously submitted async I/O operation.

• ctx_id – AIO context ID
• iocb – pointer to iocb structure
• result – pointer to io_event structure

Returns zero on success and copies event to memory referenced by result.

get_thread_area

Get a thread local storage area.

• u_info – pointer to user_desc structure to receive data

Returns zero on success.

lookup_dcookie

Return directory entry’s path.

• cookie – unique identifer of a directory entry
• buffer – pointer to buffer with full path of directory entry
• len – length of buffer

Returns bytes written to buffer with path string.

epoll_create

Open epoll file descriptor.

• size – ignored, but must be greater than 0

Returns file desctriptor.

getdents64

Get directory entries.

• fd – file descriptor of directory
• dirp – pointer to linux_dirent structure for results
• count – size of the dirp buffer

struct linux_dirent {
    unsigned long  d_ino;     /* inode number */
    unsigned long  d_off;     /* offset to next linux_dirent */
    unsigned short d_reclen;  /* length of this linux_dirent */
    char           d_name[];  /* null-terminated filename */
    char           pad;       /* zero padding byte */
    char           d_type;    /* file type */ 
}

Returns bytes read, and at end of directory returns zero.

set_tid_address

Set pointer to thread ID.

• tidptr – pointer to thread ID

Returns PID of calling process.

restart_syscall

Restart a syscall.

Returns value of system call it restarts.

semtimedop

Same as the semop syscall except if calling thread would sleep, duraton is limited to timeout.

• semid – id of semaphore
• sops – pointer to sembuf structure for operations
• nsops – number of operations
• timeout – timeout for calling thread, and upon return from syscall time elapsed placed in structure

Returns zero on success.

fadvise64

Predeclare access pattern for file data to allow kernel to optimize I/O operations.

• fd – file descriptor of file in question
• offset – offset that access will begin
• len – length of anticipated access, or 0 to end of file
• advice – advice to give kernel

Returns zero on success.

advice

• POSIX_FADV_NORMAL – application has no specific advice
• POSIX_FADV_SEQUENTIAL – application expects to access data sequentially
• POSIX_FADV_RANDOM – data will be access randomly
• POSIX_FADV_NOREUSE – data will be accessed only once
• POSIX_FADV_WILLNEED – data will be needed in near future
• POSIX_FADV_DONTNEED – data will not be needed in near future

timer_create

Create POSIX per-process timer.

• clockid – type of clock to use
• sevp – pointer to sigevent structure explaining how caller will be notified when timer expires
• timerid – pointer to buffer that will receive timer ID

Returns zero on success.

union sigval {
    int     sival_int;
    void   *sival_ptr;
};

struct sigevent {
    int          sigev_notify; /* method of notification */
    int          sigev_signo;  /* notification signal */
    union sigval sigev_value;  /* data to pass with notification */
    void       (*sigev_notify_function) (union sigval); /* Function used for thread notification */
    void        *sigev_notify_attributes; /* attributes for notification thread */
    pid_t        sigev_notify_thread_id;  /* id of thread to signal */
};

clockid

• CLOCK_REALTIME – settable system wide real time clock
• CLOCK_MONOTONIC – nonsettable monotonicly increasing clock measuring time from unspecified point in past
• CLOCK_PROCESS_CPUTIME_ID – clock measuring CPU time consumed by the calling process and its threads
• CLOCK_THREAD_CPUTIME_ID – clock measuring CPU time consumed by calling thread

timer_settime

Arm or disarm POSIX per-process timer.

• timerid – id of timer
• flags – specify TIMER_ABSTIME to process new_value->it_value as an absolute value
• new_value – pointer to itimerspec structure defining new initial and new interval for timer
• old_value – pointer to structure to receive previous timer details

struct itimerspec {
    struct timespec it_interval;  /* interval */
    struct timespec it_value;     /* expiration */
};

Returns zero on success.

timer_gettime

Returns time until next expiration from POSIX per-process timer.

• timerid – id of timer
• curr_value – pointer to itimerspec structure where current timer values are returned

Returns zero on success.

timer_getoverrun

Get overrun count on a POSIX per-process timer.

• timerid – id of timer

Returns overrun count of specified timer.

timer_delete

Delete POSIX per-process timer.

• timerid – id of timer

Returns zero on success.

clock_settime

Set specified clock.

• clk_id – clock id
• tp – pointer to timespec structure with clock detais

Returns zero on success.

clock_gettime

Get time from specified clock.

• clk_id – clock id
• tp – pointer to timespec structure returned with clock detais

Returns zero on success.

clock_getres

Obtain resolution of specified clock.

• clk_id – clock id
• res – pointer to timespec structure returned with detais

Returns zero on success.

clock_nanosleep

High-resolution sleep with specifiable clock.

• clock_id – type of clock to use
• flags – specify TIMER_ABSTIME to process request is interpreted as an absolute value
• remain – pointer to timespec structure to receive remaining time on sleep

Returns zero after sleep interval.

exit_group

Exit all threads in a process.

• status – status code to return

Does not return.

epoll_wait

Wait for I/O event on epoll file descriptor.

• epfd – epoll file descriptor
• events – pointer to epoll_event structure with events available to calling process
• maxevents – maximum number of events, must e greater than zero
• timeout – timeout in milliseconds

typedef union epoll_data {
    void    *ptr;
    int      fd;
    uint32_t u32;
    uint64_t u64;
} epoll_data_t;

struct epoll_event {
    uint32_t     events;    /* epoll events */
    epoll_data_t data;      /* user data variable */
};

Returns number of file descriptors ready for requested I/O or zero if timeout occured before any were available.

epoll_ctl

Control interface for epoll file descriptor.

• epfd – epoll file descriptor
• op – operation flag
• fd – file descirptor for target file
• event – pointer to epoll_event structure with event, purpose altered by op

Returns zero on success.

op

• EPOLL_CTL_ADD – add fd to interest list
• EPOLL_CTL_MOD – change settings associated with fd in interest list to new settings specified in event
• EPOLL_CTL_DEL – remove target file descriptor fd from interest list, with event argument ignored

tgkill

Send signal to a thread.

• tgid – thread group id
• tid – thread id
• sig – signal to send

Returns zero on success.

utimes

Change file last access and modification times.

• filename – pointer to string with file in question
• times – array of timeval structure where times[0] specifies new access time where times[1] specifies new modification time

Returns zero on success.

mbind

Set NUMA memory policy on a memory range.

• addr – pointer to starting memory address
• len – length of memory segment
• mode – NUMA mode
• nodemask – pointer to mask defining nodes that mode applies to
• maxnode – max number of bits for nodemask
• flags – set MPOL_F_STATIC_NODES to specify physical nodes, MPOL_F_RELATIVE_NODES to specify node ids relative to set allowed by threads current cpuset

Returns zero on success.

mode

• MPOL_DEFAULT – remove any nondefault policy and restore default behavior
• MPOL_BIND – specify policy restricting memory allocation to node specified in nodemask
• MPOL_INTERLEAVE – specify page allocations be interleaved across set of nodes specified in nodemask
• MPOL_PREFERRED – set preferred node for allocation
• MPOL_LOCAL – mode specifies "local allocation" – memory is allocated on the node of the CPU that triggers allocation

set_mempolicy

Set default NUMA memory policy for thread and its offspring.

• mode – NUMA mode
• nodemask – pointer to mask defining node that mode applies to
• maxnode – max number of bits for nodemask

Return zero on success.

get_mempolicy

Get NUMA memory policy for thread and its offspring.

• mode – NUMA mode
• nodemask – pointer to mask defining node that mode applies to
• maxnode – max number of bits for nodemask
• addr – pointer to memory region
• flags – defines behavior of call

Return zero on success.

flags

• MPOL_F_NODE or 0 (zero preferred) – get information about calling thread’s default policy and store in nodemask buffer
• MPOL_F_MEMS_ALLOWED – mode argument is ignored and subsequent calls return set of nodes thread is allowed to specify is returned in nodemask
• MPOL_F_ADDR – get information about policy for addr

mq_open

Creates a new or open existing POSIX message queue.

• name – pointer to string with name of queue
• oflag – define operation of call
• mode – permissions to place on queue
• attr – pointer to mq_attr structure to define parameters of queue

struct mq_attr {
    long mq_flags;       /* flags (not used for mq_open) */
    long mq_maxmsg;      /* max messages on queue */
    long mq_msgsize;     /* max message size in bytes */
    long mq_curmsgs;     /* messages currently in queue (not used for mq_open) */
};

oflag

• O_RDONLY – open queue to only receive messages
• O_WRONLY – open queue to send messages
• O_RDWR – open queue for both send and receive
• O_CLOEXEC – set close-on-exec flag for message queue descriptor
• O_CREAT – create message queue if it doesn’t exist
• O_EXCL – if O_CREAT specified and queue already exists, fail with EEXIST
• O_NONBLOCK – open queue in nonblocking mode