This is an old revision of the document!
This page lists a few important crumbs for modifying the Linux kernel.
There are three major steps to adding a system call to the Linux kernel:
Every system call must have an associated system call number which corresponds to its position in the system call table. This table is transformed / imported into the source as part of the build process. The correct table varies by architecture, but is in the following format/location in the source tree:
/arch/<archname>/entry/syscalls/syscall_<variant>.tbl
For example, in the x64 version of Linux, <archname> is x86
and <variant> is 64
.
The table has four columns: <call_number> <abi> <call_name> <entry_point>
This example uses the “common” ABI and appends the x64 prefix (__x64_sys_) for the system call entry point:
435 common sample_syscall __x64_sys_sample_syscall
The kernel has no “safety” checks like user-space programs; registers can easily (and often are) corrupted. Instead, we should tell the compiler to limit the function to the CPU stack only and avoid dependence on registers. This can do done using the asmlinkage flag in GCC (the compiler we use). This is done as part of the system call's prototype (which is used in C to declare a function which is defined elsewhere). If you explore the kernel, you'll find some examples like this:
asmlinkage int sys_sample_syscall(int sample_param);
Finally, we need to add the system call functions. Like the asmlinkage flag, this can be