Why System Calls Aren’t Just Ordinary Function Calls: A Deep Dive
System calls differ from regular function calls by using the CPU’s privileged syscall instruction, indirect indexing via registers, and a mode switch from user to kernel space, allowing the OS to control which kernel functions applications can invoke, while ordinary calls use direct addresses and stay in user mode.
Hello everyone, I’m Xiao Feng, and today we’ll discuss the difference between system calls and ordinary function calls.
In normal code, functions can call each other directly. For example:
void funcB() {
}
void funcA() {
funcB();
}If funcB resides in the Linux kernel and funcA is user‑space code, funcA could call funcB only if the kernel exposes that function.
The operating system cannot rely on software alone to restrict which kernel functions an application may invoke; the restriction is enforced by hardware, specifically the CPU.
Ordinary function calls use the call instruction, which contains the absolute address of the target function, e.g.: call 0x400410 The CPU jumps directly to that address and continues execution in user mode.
When a program needs to invoke a kernel service, it must use the syscall instruction (on x86_64). Instead of an absolute address, the system call number is placed in the rax register, and the CPU dispatches to the corresponding kernel routine.
Thus the OS limits applications to a predefined set of services identified by numbers, not by arbitrary addresses.
If a call instruction accidentally targets a kernel address, the CPU detects the illegal access, raises an exception, and typically terminates the process.
The key differences are:
Direct vs indirect invocation : call jumps straight to the function address; syscall performs an indexed, indirect call.
Mode switch : call runs in user mode, which cannot execute privileged instructions; syscall switches the CPU to kernel mode, granting full privileges.
Ordinary function calls use the process’s user‑space stack. When a system call occurs, the CPU switches to a separate kernel stack allocated for the process.
Below are diagrams illustrating the user‑space stack layout and the kernel‑space stack layout during a system call.
In summary, ordinary function calls are direct jumps within user mode, while system calls are indirect, privileged transitions to kernel mode that the CPU enforces, providing the operating system with control over which kernel services applications can use.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
IT Services Circle
Delivering cutting-edge internet insights and practical learning resources. We're a passionate and principled IT media platform.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.