This is an old revision of the document!
Modifying the Linux Kernel
This page lists a few important crumbs for modifying the Linux kernel.
Adding a System Call
There are three major steps to adding a system call to the Linux kernel:
- Adding a new entry to the system call table for the appropriate architecture
- Marking the function so that its parameters do not reside in registers (only in the CPU stack)
- Adding the system call functions themselves
1. Adding an Entry to the System Call Table
Every system call must have an associated system call number which corresponds to its position in the system call table. This table is transformed / imported into the source as part of the build process. The correct table varies by architecture, but is in the following format/location in the source tree:
/arch/<archname>/entry/syscalls/syscall_<variant>.tbl
For example, in the x64 version of Linux, <archname> is x86 and <variant> is 64.
The table has four columns: <call_number> <abi> <call_name> <entry_point>
- When the syscall machine instruction executes, it loads a unique call number to identify the function.
- The ABI (application binary interface) for ABI-specific calls. Most calls use “common” (32- and 64-bit).
- A unique call name is the programmer-readable version of the system call used to define it later.
- Finally, the entry point is the assembly signature for the call (which uses the arch-specific prefix).
This example uses the “common” ABI and appends the x64 prefix (__x64_sys_) for the system call entry point:
435 common sample_syscall __x64_sys_sample_syscall
2. Marking System Call Function as Stack-Only
The kernel has no “safety” checks like user-space programs; registers can easily (and often are) corrupted. Instead, we should tell the compiler to limit the function to the CPU stack only and avoid dependence on registers. This can do done using the asmlinkage flag in GCC (the compiler we use):
In include/linux/syscalls.h:
asmlinkage int sys_sample_syscall(int sample_param);
