Also known as: syscall
A system call (syscall) is the controlled interface by which user-space programs request services from the kernel. Because user programs run at a lower privilege level than the kernel, they cannot touch hardware or memory outside their own process directly. Instead they make system calls, which trap into the kernel, perform the requested action on the program's behalf, and return. Reading a file, creating a process, sending a packet, mapping memory—all go through syscalls.
Linux has around 400 system calls on modern x86_64, including classics like open, read, write, close, fork, execve, mmap, brk, ioctl, poll, and newer ones like io_uring_setup, pidfd_open, and bpf. Programs rarely invoke syscalls directly; they call wrappers in the C library (libc), which handle the register-level conventions of trapping into the kernel.
You can observe a program's syscalls with strace, which is one of the most useful debugging tools on Linux:
strace -e openat ls /
strace -c curl https://example.com
The system-call boundary is the contract between kernel and userland. Linux famously tries to never break this contract: Torvalds repeatedly insists that "we do not break userspace," meaning that programs compiled against an old kernel should continue to work on a new one. This stability is why Linux has survived thirty years of change without fragmenting its user base.
Related terms: Kernel, User Space, Kernel Space
Discussed in:
- Chapter 3: The Linux Kernel — System Calls
Also defined in: Textbook of Linux