Syscall ABI
This page documents the system call interface between userspace and the kernel.
Calling Convention
x86_64
Syscall instruction: syscall.
| Register | Direction | Content |
|---|---|---|
|
in |
Syscall number (0-30). |
|
in |
Argument 1 (capability address or operand). |
|
in |
Argument 2 (message info or operand). |
|
in/out |
Argument 3 / return value 2. |
|
in |
Argument 4 (replaces |
|
in |
Argument 5. |
|
in |
Argument 6. |
|
out |
Error code (0 = success). |
|
out |
Return value (badge, bits, result). |
Entry point: syscall.S swaps to the kernel GS base and saves the caller’s user RSP on the per-thread kernel stack.
The per-CPU %gs:16 slot is shared state overwritten by other threads' syscalls and is not used for RSP preservation.
After executing the fastpath attempt or dispatching to syscall_handle_rust(), the stub restores the user RSP from the per-thread kernel stack before sysretq.
The assembly stub checks the syscall number and dispatches Call (2) and ReplyRecv (3) to the IPC fastpath before falling through to syscall_handle_rust().
Syscall Table
| # | Name | Description |
|---|---|---|
0 |
|
Blocking send to endpoint. |
1 |
|
Blocking receive from endpoint. |
2 |
|
Send + receive (client RPC). Has fastpath. |
3 |
|
Reply to caller + wait for next. Has fastpath. |
4 |
|
DEPRECATED. Slot retired; kernel returns |
5 |
|
Signal notification (atomic OR). |
6 |
|
Wait on notification (blocks if no bits pending). |
7 |
|
Non-blocking poll notification. |
8 |
|
Yield CPU to next ready thread. |
9 |
|
Capability invocation (CNode/Untyped/TCB/VSpace/IRQ/IoPort/MO operations). |
10 |
|
Write character to serial. |
11 |
|
Dump CPU/scheduler state to serial. |
12 |
|
Read monotonic clock (nanoseconds). |
13 |
|
Sleep for duration (nanoseconds). |
14 |
|
Write string to serial. |
15 |
|
Write buffer to serial. |
16 |
|
Enable/disable kernel console. |
17 |
|
Set CNode resolution depths for invoke. |
18 |
|
Userspace futex (wait/wake/requeue). |
19 |
|
Get random bytes (RDRAND on x86_64). |
20 |
|
ACPI system shutdown. |
21 |
|
Blocking send with timeout. |
22 |
|
Blocking receive with timeout. |
23 |
|
Receive from any registered endpoint. |
24 |
|
Reply + receive from any endpoint. |
25 |
|
RecvAny with timeout. |
26 |
|
ReplyRecvAny with timeout. |
27 |
|
Return from notification dispatcher. |
28 |
|
Terminate the calling thread and release its kernel-owned state. |
29 |
|
Read kernel-wide static info (uptime, online CPU count, tick frequency, version). |
30 |
|
Sample global memory accounting (total / free / used frame counts and allocator watermarks). |
Message Info Encoding
The msg_info word (passed in rsi on x86_64, x1 on aarch64) packs three fields:
Bits 6:0 — length (0-127 message registers) Bits 11:7 — extra_caps (0-4 capabilities to transfer) Bits 51:12 — label (40-bit operation identifier)
MR0-MR3 are passed in registers. MR4-MR19 overflow into the IPC buffer.
Error Codes
SyscallError variants returned in rax (x86_64) or x0 (aarch64):
| Value | Name | Meaning |
|---|---|---|
0 |
|
Success. |
1 |
|
Capability address does not resolve to a valid capability. |
2 |
|
Operation not supported for this object type, or the object is in an incompatible state. |
3 |
|
Capability lacks the required right for the operation. |
4 |
|
Argument value out of range or semantically invalid. |
5 |
|
Untyped memory exhausted, no free frames, or kernel pool saturated. |
6 |
|
Named resource or slot is empty / absent. |
7 |
|
Object is in use by another operation and the caller did not request blocking. |
8 |
|
Target identity already assigned (bound notification, mapping, etc.). |
9 |
|
Non-blocking variant could not proceed without blocking. |
10 |
|
User pointer is unmapped, non-canonical, or lacks the required permissions. |
11 |
|
Requested index, count, or derivation depth exceeds a kernel limit. |
12 |
|
Operation aborted because the caller or target was torn down. |
13 |
|
Kernel asks userspace to retry (e.g. interrupted notification dispatcher). |
14 |
|
Requested lock or donation chain would violate the global ordering. |
15 |
|
Operation interrupted by a signal or notification. |
0x10 |
|
Operation in progress. |
0x11 |
|
Object or buffer too large. |
0x12 |
|
Operation not supported. |
0x13 |
|
Target is read-only. |
0x14 |
|
Not a directory. |
0x15 |
|
Is a directory. |
0x16 |
|
Symbolic link loop detected. |
0x17 |
|
I/O error. |
0x18 |
|
Destination CNode slot is not empty. |
0x19 |
|
VSpace range already has a mapping installed. |
0x1A |
|
TCB is already bound to a notification / scheduling context. |
Invoke Dispatch
Syscall 9 (Invoke) resolves a capability and dispatches based on the message label.
See Capability Invocations for the complete label table.
The invoke path:
-
Resolve the capability address through the caller’s CSpace.
-
Check that the capability has the required rights for the operation.
-
Dispatch to the object-type-specific handler based on
msg_info.label. -
Return the result to userspace.
Related Pages
-
Capability Invocations — invoke labels by object type
-
IPC Fastpath — assembly fastpath for Call and ReplyRecv
-
Endpoints — IPC operation semantics
-
Capabilities — rights and address resolution