11.3 syscall Provider

11.3.1 Probes
11.3.2 Arguments
11.3.3 Stability

The syscall provider makes available a probe at the entry to and return from every system call in the system. Because system calls are the primary interface between user-level applications and the operating system kernel, the syscall provider can offer tremendous insight into application behavior with respect to the system.

11.3.1 Probes

syscall provides a pair of probes for each system call: an entry probe that fires before the system call is entered, and a return probe that fires after the system call has completed but before control has transferred back to user-level. For all syscall probes, the function name is set to be the name of the instrumented system call and the module name is undefined.

Often, the system call names provided by syscall correspond to names in the section 2 manual pages. However, some probes provided by the syscall provider do not directly correspond to any documented system call. The common reasons for this discrepancy are described in the following sections.

11.3.1.1 System Call Anachronisms

In some cases, the name of the system call as provided by the syscall provider may be a reflection of an ancient implementation detail.

11.3.1.2 Subcoded System Calls

Some system calls may be implemented as suboperations of another system call. For example, socketcall() is the common kernel entry point for the socket system calls.

11.3.1.3 New System Calls

Oracle Linux implements at-suffixed system interfaces as individual system calls, for example:

  • faccessat()

  • fchmodat()

  • fchownat()

  • fstatat64()

  • futimensat()

  • linkat()

  • mkdirat()

  • mknodat()

  • name_to_handle_at()

  • newfstatat()

  • open_by_handle_at()

  • openat()

  • readlinkat()

  • renameat()

  • symlinkat()

  • unlinkat()

  • utimensat()

These system calls implement a superset of the functionality of their old non-at-suffixed counterparts. They take an additional first argument that is either an open directory file descriptor, in which case the operation on a relative pathname is taken relative to the specified directory, or is the reserved value AT_FDCWD, in which case the operation takes place relative to the current working directory.

11.3.1.4 Replaced System Calls

In Oracle Linux, the following old system calls have been replaced and are not called by the newer glibc interfaces. The old interfaces remain, but they are reimplemented not as system calls in their own right, but as calls to the new system calls as indicated:

Old Call

New Call

access(p, m)

faccessat(AT_FDCWD, p, m, 0)

chmod(p, m)

fchmodat(AT_FDCWD, p, m, 0)

chown(p, u, g)

fchownat(AT_FDCWD, p, u, g, 0)

creat(p, m)

openat(AT_FDCWD, p, O_WRONLY|O_CREAT|O_TRUNC, m)

fchmod(fd, m)

fchmodat(fd, NULL, m, 0)

fchown(fd, u, g)

fchownat(fd, NULL, u, g, 0)

fstat(fd, s)

fstatat(fd, NULL, s, 0)

lchown(p, u, g)

fchownat(AT_FDCWD, p, u, g, AT_SYMLINK_NOFOLLOW)

link(p1, p2)

linkat(AT_FDCWD, p1, AT_FDCWD, p2, 0)

lstat(p, s)

fstatat(AT_FDCWD, p, s, AT_SYMLINK_NOFOLLOW)

mkdir(p, m)

mkdirat(AT_FDCWD, p, m)

mknod(p, m, d)

mknodat(AT_FDCWD, p, m, d)

open(p, o, m)

openat(AT_FDCWD, p, o, m)

readlink(p, b, s)

readlinkat(AT_FDCWD, p, b, s)

rename(p1, p2)

renameat(AT_FDCWD, p1, AT_FDCWD, p2)

rmdir(p)

unlinkat(AT_FDCWD, p, AT_REMOVEDIR)

stat(p, s)

fstatat(AT_FDCWD, p, s, 0)

symlink(p1, p2)

symlinkat(p1, AT_FDCWD, p2)

unlink(p)

unlinkat(AT_FDCWD, p, 0)

11.3.1.5 Large File System Calls

A 32-bit program that supports large files that exceed two gigabytes in size must be able to process 64-bit file offsets. Because large files require use of large offsets, large files are manipulated through a parallel set of system interfaces. Table 11.2, “syscall Large File Probes” lists some of the syscall probes for the large file system call interfaces.

Table 11.2 syscall Large File Probes

Large File syscall Probe

System Call

getdents64

getdents()

pread64 *

pread()

pwrite64 *

pwrite()


11.3.1.6 Private System Calls

Some system calls are private implementation details of Oracle Linux subsystems that span the user-kernel boundary.

11.3.2 Arguments

For entry probes, the arguments (arg0 .. argn) are the arguments to the system call. For return probes, both arg0 and arg1 contain the return value. A non-zero value in the D variable errno indicates a system call failure.

11.3.3 Stability

The syscall provider uses DTrace's stability mechanism to describe its stabilities as shown in the following table.

Element

Name Stability

Data Stability

Dependency Class

Provider

Evolving

Evolving

Common

Module

Private

Private

Unknown

Function

Unstable

Unstable

ISA

Name

Evolving

Evolving

Common

Arguments

Unstable

Unstable

ISA

For more information about the stability mechanism, refer to Chapter 15, Stability.