Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [syscalls]

35 questions
34
votes
5 answers

Where do you find the syscall table for Linux?

I see a lot of people online referencing arch/x86/entry/syscalls/syscall_64.tbl for the syscall table, that works fine. But a lot of others reference /include/uapi/asm-generic/unistd.h which is commonly found in the headers package. How come…
Evan Carroll
  • 28,578
  • 45
  • 164
  • 290
20
votes
1 answer

Why can the kernel not use SSE/AVX registers and instructions?

This post from StackOverflow has this, In some environments there there is a restriction on certain instructions or using certain registers. For example, in the Linux kernel, use of SSE/AVX or FP registers is generally disallowed. Therefore most of…
Evan Carroll
  • 28,578
  • 45
  • 164
  • 290
15
votes
3 answers

Call a Linux syscall from a scripting language

I want to call a Linux syscall (or at least the libc wrapper) directly from a scripting language. I don't care what scripting language - it's just important that it not be compiled (the reason basically has to do with not wanting a compiler in the…
joshlf
  • 345
  • 3
  • 17
12
votes
4 answers

What is the time unit that strace uses when displaying time spent in syscalls?

When using the command strace with the flag -T, I would like to know what is the time unit used to display time spent in syscalls? I assume it should be in seconds, but I am not quite sure and it seems to be omitted from the manual.
user311285
  • 131
  • 1
  • 4
11
votes
2 answers

Why is there no apparent clone or fork in simple bash command and how it's done?

Consider the following (with sh being /bin/dash): $ strace -e trace=process sh -c 'grep "^Pid:" /proc/self/status /proc/$$/status' execve("/bin/sh", ["sh", "-c", "grep \"^Pid:\" /proc/self/status /"...], [/* 47 vars */]) = 0 arch_prctl(ARCH_SET_FS,…
Sergiy Kolodyazhnyy
  • 16,187
  • 11
  • 53
  • 104
7
votes
0 answers

How to compare string values with seccomp?

Some Linux system calls (such as execve, openat) have string type arguments. But the comparison function SCMP_CMP provided by seccomp seems to be comparing two pointers. So how can I limit files that can be opened by a process to a specific dir…
Cyker
  • 4,174
  • 6
  • 34
  • 45
7
votes
1 answer

Why don't Linux utils use a system call to get the current time?

I'm really trying to understand why our guest VMs aren't using the kvm-clock driver "like they're supposed to". They're running RHEL 7.2, glibc-2.17, kern 3.10.0. Programs such as date and perl -e 'print time' get the current time, but do so…
Otheus
  • 5,945
  • 1
  • 22
  • 53
6
votes
2 answers

Is it normal that bash stat() and access() much, before commands?

Running strace on the bash shell that is instructed to run mkdir provided this output which shows lots of stats prior to execve the actual mkdir binary: BASH$> strace -f sh -c "bash -c \"mkdir /tmp\" 2>&1 | nl | grep -e "execve\|stat\|access"…
humanityANDpeace
  • 13,722
  • 13
  • 61
  • 107
6
votes
1 answer

Why do `time` and `strace -c` differ?

To my understanding, time would record the total amount of time spend in syscalls. Then I would expect the cumulative totals for sys time as reported by time and strace -fc to be the same. But they are wildly different (13.5 vs 0.005). What is…
Willem
  • 188
  • 8
5
votes
1 answer

Is there a way to prevent sigkill to reach a process?

I know that a process cannot prevent SIGKILL. But is there an external way to temporarily prevent SIGKILL to reach a (specific) process? (something like dropping packets by firewalls).
gopy
  • 351
  • 3
  • 10
3
votes
1 answer

How can I enumerate unfiltered Linux syscalls?

What's the best way to enumerate all available Linux syscalls? To clarify, I'm asking how to discover which syscalls are being filtered by seccomp while running in a containerized environment.
Mick
  • 131
  • 6
3
votes
3 answers

Performance of calling POSIX-specified functions versus direct Linux kernel calls

In an answer over on Stack Overflow, I provided a code sample to perform some small task referenced in the question. The original question had to do with the fastest-performing technique (so performance criteria are in play, here). Another…
Christopher Schultz
  • 327
  • 1
  • 2
  • 11
2
votes
2 answers

Can one processes have a descriptor that is non-blocking while another process have a descriptor referencing the same file/socket that is blocking?

I am more interested in sockets than regular files, but basically I want to know whether one process can "see" a socket as blocking where another process can see it as non-blocking. I am guessing yes, and that the kernel handles all of this…
Gregg Leventhal
  • 7,480
  • 19
  • 65
  • 100
2
votes
1 answer

Read arbitrary amount of memory with process_vm_readv

For process_vm_readv the linux man page states: [...] (Avoid) spanning memory pages (typically 4KiB) in a single remote iovec element. (Instead, split the remote read into two remote_iov elements and have them merge back into a single write…
HenrikS
  • 123
  • 2
2
votes
1 answer

Run program and intercept and redirect syscalls

I would like to run a program, and when that program attempts to read a specific file, I would like it to read a different file of my choosing instead. Specifically, the program attempts to read a configuration file, and is poorly designed and…
Drew
  • 165
  • 7
1
2 3