The Zerofox Syndicate

Linux x86_64 syscalls

2024-07-02

The Linux 64-bit syscall conventions

The 64-bit syscall conventions are documented in the Linux source code.

 * 64-bit SYSCALL instruction entry. Up to 6 arguments in registers.
 *
 * This is the only entry point used for 64-bit system calls.  The
 * hardware interface is reasonably well designed and the register to
 * argument mapping Linux uses fits well with the registers that are
 * available when SYSCALL is used.
 *
 * 64-bit SYSCALL saves rip to rcx, clears rflags.RF, then saves rflags to r11,
 * then loads new ss, cs, and rip from previously programmed MSRs.
 * rflags gets masked by a value from another MSR (so CLD and CLAC
 * are not needed). SYSCALL does not save anything on the stack
 * and does not change rsp.
 *
 * Registers on entry:
 * rax  system call number
 * rcx  return address
 * r11  saved rflags (note: r11 is callee-clobbered register in C ABI)
 * rdi  arg0
 * rsi  arg1
 * rdx  arg2
 * r10  arg3 (needs to be moved to rcx to conform to C ABI)
 * r8   arg4
 * r9   arg5
 * (note: r12-r15, rbp, rbx are callee-preserved in C ABI)

Note that r11 and rcx are not restored to their original state. This means that before we perform a syscall we’ll want to save both r11 and rcx to the stack and restore them.

Below is a basic example of a system call in nasm.

; getpid()
getpid:
    push rcx    ; store rcx and r11
    push r11    ; they get clobbered

    mov rax, 39        ; getpid()
    syscall            ; result stored in rax

    pop  r11    ; restore registers
    pop  rcx
    ret

Call table

In order to perform syscalls, you need to know the syscall number and which arguments they take. There doesn’t seem to be a lot of places online that provide this information.

I tried to recreate my own call table by looking up the entries from syscall_64.tbl and cross referencing them with SYSCALL_DEFINE in the source code.

I used the following command line to find the syscall definitions in the source code and extract their arguments.

find ../linux -name *.c | grep -v -E "^\.\./linux/arch/(mips|csky|arc|nds32|microblaze|alpha|sh|nios2|parisc|ia64|openrisc|xtensa|um|hexagon|arm|powerpc|arm64|sparc|s390|riscv|h8300)/" | xargs grep -h -A7 SYSCALL_DEFINE

My method is imperfect and there are a number of syscalls that I could not find the syscall definition for. I’ve marked those with NO ENTRYPOINT. I tried to mimick the methodology of this blogpost.

I feel like the previously mentioned blogpost manged to create a more complete table somehow. Still it was last updated in 2016 and I didn’t find any other places that provided this information online, apart from diving into the Linux source code itself. That is why I am publishing this post. Maybe it will inspire someone else to extract this information and present it in better way.

RAX	entrypoint	RDI	RSI	RDX	R10	R8	R9
0	sys_read	unsigned int fd	char __user * buf	size_t count
1	sys_write	unsigned int fd	const char __user * buf	size_t count
2	sys_open	const char __user * filename	int flags	umode_t mode
3	sys_close	unsigned int fd
4	sys_newstat	const char __user * filename	struct __old_kernel_stat __user * statbuf
5	sys_newfstat	unsigned int fd	struct __old_kernel_stat __user * statbuf
6	sys_newlstat	const char __user * filename	struct __old_kernel_stat __user * statbuf
7	sys_poll	struct pollfd __user * ufds	unsigned int nfds	int timeout_msecs
8	sys_lseek	unsigned int fd	off_t offset	unsigned int whence
9	sys_mmap	unsigned long addr	unsigned long len	unsigned long prot	unsigned long flags	unsigned long fd	unsigned long off
10	sys_mprotect	unsigned long start	size_t len	unsigned long prot
11	sys_munmap	unsigned long addr	size_t len
12	sys_brk	unsigned long brk
512	compat_sys_rt_sigaction	int sig	const struct sigaction __user * act	struct sigaction __user * oact	size_t sigsetsize
14	sys_rt_sigprocmask	int how	sigset_t __user * nset	sigset_t __user * oset	size_t sigsetsize
513	compat_sys_x32_rt_sigreturn
514	compat_sys_ioctl	unsigned int fd	unsigned int cmd	unsigned long arg
17	sys_pread64	unsigned int fd	char __user * buf	size_t count	loff_t pos
18	sys_pwrite64	unsigned int fd	const char __user * buf	size_t count	loff_t pos
515	sys_readv	unsigned long fd	const struct iovec __user * vec	unsigned long vlen
516	sys_writev	unsigned long fd	const struct iovec __user * vec	unsigned long vlen
21	sys_access	const char __user * filename	int mode
22	sys_pipe	int __user * fildes
23	sys_select	int n	fd_set __user * inp	fd_set __user * outp	fd_set __user * exp	struct __kernel_old_timeval __user * tvp
24	sys_sched_yield
25	sys_mremap	unsigned long addr	unsigned long old_len	unsigned long new_len	unsigned long flags	unsigned long new_addr
26	sys_msync	unsigned long start	size_t len	int flags
27	sys_mincore	unsigned long start	size_t len	unsigned char __user * vec
28	sys_madvise	unsigned long start	size_t len_in	int behavior
29	sys_shmget	key_t key	size_t size	int shmflg
30	sys_shmat	int shmid	char __user * shmaddr	int shmflg
31	sys_shmctl	int shmid	int cmd	struct shmid_ds __user * buf
32	sys_dup	unsigned int fildes
33	sys_dup2	unsigned int oldfd	unsigned int newfd
34	sys_pause
35	sys_nanosleep	struct __kernel_timespec __user * rqtp	struct __kernel_timespec __user * rmtp
36	sys_getitimer	int which	struct __kernel_old_itimerval __user * value
37	sys_alarm	unsigned int seconds
38	sys_setitimer	int which	struct __kernel_old_itimerval __user * value	struct __kernel_old_itimerval __user * ovalue
39	sys_getpid
40	sys_sendfile64	int out_fd	int in_fd	off_t __user * offset	size_t count
41	sys_socket	int family	int type	int protocol
42	sys_connect	int fd	struct sockaddr __user * uservaddr	int addrlen
43	sys_accept	int fd	struct sockaddr __user * upeer_sockaddr	int __user * upeer_addrlen
44	sys_sendto	int fd	void __user * buff	size_t len	unsigned int flags	struct sockaddr __user * addr	int addr_len
517	compat_sys_recvfrom	int fd	void __user * ubuf	size_t size	unsigned int flags	struct sockaddr __user * addr	int __user * addr_len
518	compat_sys_sendmsg	int fd	struct user_msghdr __user * msg	unsigned int flags
519	compat_sys_recvmsg	int fd	struct user_msghdr __user * msg	unsigned int flags
48	sys_shutdown	int fd	int how
49	sys_bind	int fd	struct sockaddr __user * umyaddr	int addrlen
50	sys_listen	int fd	int backlog
51	sys_getsockname	int fd	struct sockaddr __user * usockaddr	int __user * usockaddr_len
52	sys_getpeername	int fd	struct sockaddr __user * usockaddr	int __user * usockaddr_len
53	sys_socketpair	int family	int type	int protocol	int __user * usockvec
541	sys_setsockopt	int fd	int level	int optname	char __user * optval	int optlen
542	sys_getsockopt	int fd	int level	int optname	char __user * optval	int __user * optlen
56	sys_clone	unsigned long clone_flags	unsigned long newsp	int __user * parent_tidptr	int __user * child_tidptr	unsigned long tls
57	sys_fork
58	sys_vfork
520	compat_sys_execve	const char __user * filename	const char __user const __user argv	const char __user const __user envp
60	sys_exit	int error_code
61	sys_wait4	pid_t upid	int __user * stat_addr	int options	struct rusage __user * ru
62	sys_kill	pid_t pid	int sig
63	sys_newuname	struct old_utsname __user * name
64	sys_semget	key_t key	int nsems	int semflg
65	sys_semop	int semid	struct sembuf __user * tsops	unsigned nsops
66	sys_semctl	int semid	int semnum	int cmd	unsigned long arg
67	sys_shmdt	char __user * shmaddr
68	sys_msgget	key_t key	int msgflg
69	sys_msgsnd	int msqid	struct msgbuf __user * msgp	size_t msgsz	int msgflg
70	sys_msgrcv	int msqid	struct msgbuf __user * msgp	size_t msgsz	long msgtyp	int msgflg
71	sys_msgctl	int msqid	int cmd	struct msqid_ds __user * buf
72	sys_fcntl	unsigned int fd	unsigned int cmd	unsigned long arg
73	sys_flock	unsigned int fd	unsigned int cmd
74	sys_fsync	unsigned int fd
75	sys_fdatasync	unsigned int fd
76	sys_truncate	const char __user * path	long length
77	sys_ftruncate	unsigned int fd	unsigned long length
78	sys_getdents	unsigned int fd	struct linux_dirent __user * dirent	unsigned int count
79	sys_getcwd	char __user * buf	unsigned long size
80	sys_chdir	const char __user * filename
81	sys_fchdir	unsigned int fd
82	sys_rename	const char __user * oldname	const char __user * newname
83	sys_mkdir	const char __user * pathname	umode_t mode
84	sys_rmdir	const char __user * pathname
85	sys_creat	const char __user * pathname	umode_t mode
86	sys_link	const char __user * oldname	const char __user * newname
87	sys_unlink	const char __user * pathname
88	sys_symlink	const char __user * oldname	const char __user * newname
89	sys_readlink	const char __user * path	char __user * buf	int bufsiz
90	sys_chmod	const char __user * filename	umode_t mode
91	sys_fchmod	unsigned int fd	umode_t mode
92	sys_chown	const char __user * filename	uid_t user	gid_t group
93	sys_fchown	unsigned int fd	uid_t user	gid_t group
94	sys_lchown	const char __user * filename	uid_t user	gid_t group
95	sys_umask	int mask
96	sys_gettimeofday	struct __kernel_old_timeval __user * tv	struct timezone __user * tz
97	sys_getrlimit	unsigned int resource	struct rlimit __user * rlim
98	sys_getrusage	int who	struct rusage __user * ru
99	sys_sysinfo	struct sysinfo __user * info
100	sys_times	struct tms __user * tbuf
521	compat_sys_ptrace	long request	long pid	unsigned long addr	unsigned long data
102	sys_getuid
103	sys_syslog	int type	char __user * buf	int len
104	sys_getgid
105	sys_setuid	uid_t uid
106	sys_setgid	gid_t gid
107	sys_geteuid
108	sys_getegid
109	sys_setpgid	pid_t pid	pid_t pgid
110	sys_getppid
111	sys_getpgrp
112	sys_setsid
113	sys_setreuid	uid_t ruid	uid_t euid
114	sys_setregid	gid_t rgid	gid_t egid
115	sys_getgroups	int gidsetsize	gid_t __user * grouplist
116	sys_setgroups	int gidsetsize	gid_t __user * grouplist
117	sys_setresuid	uid_t ruid	uid_t euid	uid_t suid
118	sys_getresuid	uid_t __user * ruidp	uid_t __user * euidp	uid_t __user * suidp
119	sys_setresgid	gid_t rgid	gid_t egid	gid_t sgid
120	sys_getresgid	gid_t __user * rgidp	gid_t __user * egidp	gid_t __user * sgidp
121	sys_getpgid	pid_t pid
122	sys_setfsuid	uid_t uid
123	sys_setfsgid	gid_t gid
124	sys_getsid	pid_t pid
125	sys_capget	cap_user_header_t header	cap_user_data_t dataptr
126	sys_capset	cap_user_header_t header	const cap_user_data_t data
522	compat_sys_rt_sigpending	sigset_t __user * uset	size_t sigsetsize
523	compat_sys_rt_sigtimedwait_time64	const sigset_t __user * uthese	siginfo_t __user * uinfo	const struct __kernel_timespec __user * uts	size_t sigsetsize
524	compat_sys_rt_sigqueueinfo	pid_t pid	int sig	siginfo_t __user * uinfo
130	sys_rt_sigsuspend	sigset_t __user * unewset	size_t sigsetsize
525	compat_sys_sigaltstack	const stack_t __user * uss	stack_t __user * uoss
132	sys_utime	char __user * filename	struct utimbuf __user * times
133	sys_mknod	const char __user * filename	umode_t mode	unsigned dev
134	uselib	NO ENTRYPOINT
135	sys_personality	unsigned int personality
136	sys_ustat	unsigned dev	struct ustat __user * ubuf
137	sys_statfs	const char __user * pathname	struct statfs __user * buf
138	sys_fstatfs	unsigned int fd	struct statfs __user * buf
139	sys_sysfs	int option	unsigned long arg1	unsigned long arg2
140	sys_getpriority	int which	int who
141	sys_setpriority	int which	int who	int niceval
142	sys_sched_setparam	pid_t pid	struct sched_param __user * param
143	sys_sched_getparam	pid_t pid	struct sched_param __user * param
144	sys_sched_setscheduler	pid_t pid	int policy	struct sched_param __user * param
145	sys_sched_getscheduler	pid_t pid
146	sys_sched_get_priority_max	int policy
147	sys_sched_get_priority_min	int policy
148	sys_sched_rr_get_interval	pid_t pid	struct __kernel_timespec __user * interval
149	sys_mlock	unsigned long start	size_t len
150	sys_munlock	unsigned long start	size_t len
151	sys_mlockall	int flags
152	sys_munlockall
153	sys_vhangup
154	sys_modify_ldt	int func	void __user * ptr	unsigned long bytecount
155	sys_pivot_root	const char __user * new_root	const char __user * put_old
156	sys_ni_syscall	NO ARGS found
157	sys_prctl	int option	unsigned long arg2	unsigned long arg3	unsigned long arg4	unsigned long arg5
158	sys_arch_prctl	int option	unsigned long arg2
159	sys_adjtimex	struct __kernel_timex __user * txc_p
160	sys_setrlimit	unsigned int resource	struct rlimit __user * rlim
161	sys_chroot	const char __user * filename
162	sys_sync
163	sys_acct	const char __user * name
164	sys_settimeofday	struct __kernel_old_timeval __user * tv	struct timezone __user * tz
165	sys_mount	char __user * dev_name	char __user * dir_name	char __user * type	unsigned long flags	void __user * data
166	sys_umount	NO ARGS found
167	sys_swapon	const char __user * specialfile	int swap_flags
168	sys_swapoff	const char __user * specialfile
169	sys_reboot	int magic1	int magic2	unsigned int cmd	void __user * arg
170	sys_sethostname	char __user * name	int len
171	sys_setdomainname	char __user * name	int len
172	sys_iopl	unsigned int level
173	sys_ioperm	unsigned long from	unsigned long num	int turn_on
174	create_module	NO ENTRYPOINT
175	sys_init_module	void __user * umod	unsigned long len	const char __user * uargs
176	sys_delete_module	const char __user * name_user	unsigned int flags
177	get_kernel_syms	NO ENTRYPOINT
178	query_module	NO ENTRYPOINT
179	sys_quotactl	unsigned int cmd	const char __user * special	qid_t id	void __user * addr
180	nfsservctl	NO ENTRYPOINT
181	getpmsg	NO ENTRYPOINT
182	putpmsg	NO ENTRYPOINT
183	afs_syscall	NO ENTRYPOINT
184	tuxcall	NO ENTRYPOINT
185	security	NO ENTRYPOINT
186	sys_gettid
187	sys_readahead	int fd	loff_t offset	size_t count
188	sys_setxattr	const char __user * pathname	const char __user * name	const void __user * value	size_t size	int flags
189	sys_lsetxattr	const char __user * pathname	const char __user * name	const void __user * value	size_t size	int flags
190	sys_fsetxattr	int fd	const char __user * name	const void __user * value	size_t size	int flags
191	sys_getxattr	const char __user * pathname	const char __user * name	void __user * value	size_t size
192	sys_lgetxattr	const char __user * pathname	const char __user * name	void __user * value	size_t size
193	sys_fgetxattr	int fd	const char __user * name	void __user * value	size_t size
194	sys_listxattr	const char __user * pathname	char __user * list	size_t size
195	sys_llistxattr	const char __user * pathname	char __user * list	size_t size
196	sys_flistxattr	int fd	char __user * list	size_t size
197	sys_removexattr	const char __user * pathname	const char __user * name
198	sys_lremovexattr	const char __user * pathname	const char __user * name
199	sys_fremovexattr	int fd	const char __user * name
200	sys_tkill	pid_t pid	int sig
201	sys_time	__kernel_old_time_t __user * tloc
202	sys_futex	u32 __user * uaddr	int op	u32 val	const struct __kernel_timespec __user * utime	u32 __user * uaddr2	u32 val3
203	sys_sched_setaffinity	pid_t pid	unsigned int len	unsigned long __user * user_mask_ptr
204	sys_sched_getaffinity	pid_t pid	unsigned int len	unsigned long __user * user_mask_ptr
205	set_thread_area	NO ENTRYPOINT
543	compat_sys_io_setup	unsigned nr_events	aio_context_t __user * ctxp
207	sys_io_destroy	aio_context_t ctx
208	sys_io_getevents	aio_context_t ctx_id	long min_nr	long nr	struct io_event __user * events	struct __kernel_timespec __user * timeout
544	compat_sys_io_submit	aio_context_t ctx_id	long nr	struct iocb __user * __user * iocbpp
210	sys_io_cancel	aio_context_t ctx_id	struct iocb __user * iocb	struct io_event __user * result
211	get_thread_area	NO ENTRYPOINT
212	sys_lookup_dcookie	NO ARGS found
213	sys_epoll_create	int size
214	epoll_ctl_old	NO ENTRYPOINT
215	epoll_wait_old	NO ENTRYPOINT
216	sys_remap_file_pages	unsigned long start	unsigned long size	unsigned long prot	unsigned long pgoff	unsigned long flags
217	sys_getdents64	unsigned int fd	struct linux_dirent64 __user * dirent	unsigned int count
218	sys_set_tid_address	int __user * tidptr
219	sys_restart_syscall
220	sys_semtimedop	int semid	struct sembuf __user * tsops	unsigned int nsops	const struct __kernel_timespec __user * timeout
221	sys_fadvise64	int fd	loff_t offset	size_t len	int advice
526	compat_sys_timer_create	const clockid_t which_clock	struct sigevent __user * timer_event_spec	timer_t __user * created_timer_id
223	sys_timer_settime	timer_t timer_id	int flags	const struct __kernel_itimerspec __user * new_setting	struct __kernel_itimerspec __user * old_setting
224	sys_timer_gettime	timer_t timer_id	struct __kernel_itimerspec __user * setting
225	sys_timer_getoverrun	timer_t timer_id
226	sys_timer_delete	timer_t timer_id
227	sys_clock_settime	const clockid_t which_clock	const struct __kernel_timespec __user * tp
228	sys_clock_gettime	const clockid_t which_clock	struct __kernel_timespec __user * tp
229	sys_clock_getres	const clockid_t which_clock	struct __kernel_timespec __user * tp
230	sys_clock_nanosleep	const clockid_t which_clock	int flags	const struct __kernel_timespec __user * rqtp	struct __kernel_timespec __user * rmtp
231	sys_exit_group	int error_code
232	sys_epoll_wait	int epfd	struct epoll_event __user * events	int maxevents	int timeout
233	sys_epoll_ctl	int epfd	int op	int fd	struct epoll_event __user * event
234	sys_tgkill	pid_t tgid	pid_t pid	int sig
235	sys_utimes	char __user * filename	struct __kernel_old_timeval __user * utimes
236	vserver	NO ENTRYPOINT
237	sys_mbind	unsigned long start	unsigned long len	unsigned long mode	const unsigned long __user * nmask	unsigned long maxnode	unsigned int flags
238	sys_set_mempolicy	int mode	const unsigned long __user * nmask	unsigned long maxnode
239	sys_get_mempolicy	int __user * policy	unsigned long __user * nmask	unsigned long maxnode	unsigned long addr	unsigned long flags
240	sys_mq_open	const char __user * u_name	int oflag	umode_t mode	struct mq_attr __user * u_attr
241	sys_mq_unlink	const char __user * u_name
242	sys_mq_timedsend	mqd_t mqdes	const char __user * u_msg_ptr	size_t msg_len	unsigned int msg_prio	const struct __kernel_timespec __user * u_abs_timeout
243	sys_mq_timedreceive	mqd_t mqdes	char __user * u_msg_ptr	size_t msg_len	unsigned int __user * u_msg_prio	const struct __kernel_timespec __user * u_abs_timeout
527	compat_sys_mq_notify	mqd_t mqdes	const struct sigevent __user * u_notification
245	sys_mq_getsetattr	mqd_t mqdes	const struct mq_attr __user * u_mqstat	struct mq_attr __user * u_omqstat
528	compat_sys_kexec_load	unsigned long entry	unsigned long nr_segments	struct kexec_segment __user * segments	unsigned long flags
529	compat_sys_waitid	int which	pid_t upid	struct siginfo __user * infop	int options	struct rusage __user * ru
248	sys_add_key	const char __user * _type	const char __user * _description	const void __user * _payload	size_t plen	key_serial_t ringid
249	sys_request_key	const char __user * _type	const char __user * _description	const char __user * _callout_info	key_serial_t destringid
250	sys_keyctl	int option	unsigned long arg2	unsigned long arg3	unsigned long arg4	unsigned long arg5
251	sys_ioprio_set	int which	int who	int ioprio
252	sys_ioprio_get	int which	int who
253	sys_inotify_init
254	sys_inotify_add_watch	int fd	const char __user * pathname	u32 mask
255	sys_inotify_rm_watch	int fd	__s32 wd
256	sys_migrate_pages	pid_t pid	unsigned long maxnode	const unsigned long __user * old_nodes	const unsigned long __user * new_nodes
257	sys_openat	int dfd	const char __user * filename	int flags	umode_t mode
258	sys_mkdirat	int dfd	const char __user * pathname	umode_t mode
259	sys_mknodat	int dfd	const char __user * filename	umode_t mode	unsigned int dev
260	sys_fchownat	int dfd	const char __user * filename	uid_t user	gid_t group	int flag
261	sys_futimesat	int dfd	const char __user * filename	struct __kernel_old_timeval __user * utimes
262	sys_newfstatat	int dfd	const char __user * filename	struct stat __user * statbuf	int flag
263	sys_unlinkat	int dfd	const char __user * pathname	int flag
264	sys_renameat	int olddfd	const char __user * oldname	int newdfd	const char __user * newname
265	sys_linkat	int olddfd	const char __user * oldname	int newdfd	const char __user * newname	int flags
266	sys_symlinkat	const char __user * oldname	int newdfd	const char __user * newname
267	sys_readlinkat	int dfd	const char __user * pathname	char __user * buf	int bufsiz
268	sys_fchmodat	int dfd	const char __user * filename	umode_t mode
269	sys_faccessat	int dfd	const char __user * filename	int mode
270	sys_pselect6	int n	fd_set __user * inp	fd_set __user * outp	fd_set __user * exp	struct __kernel_timespec __user * tsp	void __user * sig
271	sys_ppoll	struct pollfd __user * ufds	unsigned int nfds	struct __kernel_timespec __user * tsp	const sigset_t __user * sigmask	size_t sigsetsize
272	sys_unshare	unsigned long unshare_flags
530	compat_sys_set_robust_list	struct robust_list_head __user * head	size_t len
531	compat_sys_get_robust_list	int pid	struct robust_list_head __user * __user * head_ptr	size_t __user * len_ptr
275	sys_splice	int fd_in	loff_t __user * off_in	int fd_out	loff_t __user * off_out	size_t len	unsigned int flags
276	sys_tee	int fdin	int fdout	size_t len	unsigned int flags
277	sys_sync_file_range	int fd	loff_t offset	loff_t nbytes	unsigned int flags
532	sys_vmsplice	int fd	const struct iovec __user * uiov	unsigned long nr_segs	unsigned int flags
533	sys_move_pages	pid_t pid	unsigned long nr_pages	const void __user * __user * pages	const int __user * nodes	int __user * status	int flags
280	sys_utimensat	int dfd	const char __user * filename	struct __kernel_timespec __user * utimes	int flags
281	sys_epoll_pwait	int epfd	struct epoll_event __user * events	int maxevents	int timeout	const sigset_t __user * sigmask	size_t sigsetsize
282	sys_signalfd	int ufd	sigset_t __user * user_mask	size_t sizemask
283	sys_timerfd_create	int clockid	int flags
284	sys_eventfd	unsigned int count
285	sys_fallocate	int fd	int mode	loff_t offset	loff_t len
286	sys_timerfd_settime	int ufd	int flags	const struct __kernel_itimerspec __user * utmr	struct __kernel_itimerspec __user * otmr
287	sys_timerfd_gettime	int ufd	struct __kernel_itimerspec __user * otmr
288	sys_accept4	int fd	struct sockaddr __user * upeer_sockaddr	int __user * upeer_addrlen	int flags
289	sys_signalfd4	int ufd	sigset_t __user * user_mask	size_t sizemask	int flags
290	sys_eventfd2	unsigned int count	int flags
291	sys_epoll_create1	int flags
292	sys_dup3	unsigned int oldfd	unsigned int newfd	int flags
293	sys_pipe2	int __user * fildes	int flags
294	sys_inotify_init1	int flags
534	compat_sys_preadv64	unsigned long fd	const struct iovec __user * vec	unsigned long vlen	unsigned long pos_l	unsigned long pos_h
535	compat_sys_pwritev64	unsigned long fd	const struct iovec __user * vec	unsigned long vlen	unsigned long pos_l	unsigned long pos_h
536	compat_sys_rt_tgsigqueueinfo	pid_t tgid	pid_t pid	int sig	siginfo_t __user * uinfo
298	sys_perf_event_open	struct perf_event_attr __user * attr_uptr	pid_t pid	int cpu	int group_fd	unsigned long flags
537	compat_sys_recvmmsg_time64	int fd	struct mmsghdr __user * mmsg	unsigned int vlen	unsigned int flags	struct __kernel_timespec __user * timeout
300	sys_fanotify_init	unsigned int flags	unsigned int event_f_flags
301	sys_fanotify_mark	int fanotify_fd	unsigned int flags	__u64 mask	int dfd	const char __user * pathname
302	sys_prlimit64	pid_t pid	unsigned int resource	const struct rlimit64 __user * new_rlim	struct rlimit64 __user * old_rlim
303	sys_name_to_handle_at	int dfd	const char __user * name	struct file_handle __user * handle	int __user * mnt_id	int flag
304	sys_open_by_handle_at	int mountdirfd	struct file_handle __user * handle	int flags
305	sys_clock_adjtime	const clockid_t which_clock	struct __kernel_timex __user * utx
306	sys_syncfs	int fd
538	compat_sys_sendmmsg	int fd	struct mmsghdr __user * mmsg	unsigned int vlen	unsigned int flags
308	sys_setns	int fd	int flags
309	sys_getcpu	unsigned __user * cpup	unsigned __user * nodep	struct getcpu_cache __user * unused
539	sys_process_vm_readv	pid_t pid	const struct iovec __user * lvec	unsigned long liovcnt	const struct iovec __user * rvec	unsigned long riovcnt	unsigned long flags
540	sys_process_vm_writev	pid_t pid	const struct iovec __user * lvec	unsigned long liovcnt	const struct iovec __user * rvec	unsigned long riovcnt	unsigned long flags
312	sys_kcmp	pid_t pid1	pid_t pid2	int type	unsigned long idx1	unsigned long idx2
313	sys_finit_module	int fd	const char __user * uargs	int flags
314	sys_sched_setattr	pid_t pid	struct sched_attr __user * uattr	unsigned int flags
315	sys_sched_getattr	pid_t pid	struct sched_attr __user * uattr	unsigned int usize	unsigned int flags
316	sys_renameat2	int olddfd	const char __user * oldname	int newdfd	const char __user * newname	unsigned int flags
317	sys_seccomp	unsigned int op	unsigned int flags	void __user * uargs
318	sys_getrandom	char __user * buf	size_t count	unsigned int flags
319	sys_memfd_create	const char __user * uname	unsigned int flags
320	sys_kexec_file_load	int kernel_fd	int initrd_fd	unsigned long cmdline_len	const char __user * cmdline_ptr	unsigned long flags
321	sys_bpf	int cmd	union bpf_attr __user * uattr	unsigned int size
545	compat_sys_execveat	int fd	const char __user * filename	const char __user const __user argv	const char __user const __user envp	int flags
323	sys_userfaultfd	int flags
324	sys_membarrier	int cmd	unsigned int flags	int cpu_id
325	sys_mlock2	unsigned long start	size_t len	int flags
326	sys_copy_file_range	int fd_in	loff_t __user * off_in	int fd_out	loff_t __user * off_out	size_t len	unsigned int flags
546	compat_sys_preadv64v2	unsigned long fd	const struct iovec __user * vec	unsigned long vlen	unsigned long pos_l	unsigned long pos_h	rwf_t flags
547	compat_sys_pwritev64v2	unsigned long fd	const struct iovec __user * vec	unsigned long vlen	unsigned long pos_l	unsigned long pos_h	rwf_t flags
329	sys_pkey_mprotect	unsigned long start	size_t len	unsigned long prot	int pkey
330	sys_pkey_alloc	unsigned long flags	unsigned long init_val
331	sys_pkey_free	int pkey
332	sys_statx	int dfd	const char __user * filename	unsigned flags	unsigned int mask	struct statx __user * buffer
333	sys_io_pgetevents	aio_context_t ctx_id	long min_nr	long nr	struct io_event __user * events	struct __kernel_timespec __user * timeout	const struct __aio_sigset __user * usig
334	sys_rseq	struct rseq __user * rseq	u32 rseq_len	int flags	u32 sig
424	sys_pidfd_send_signal	int pidfd	int sig	siginfo_t __user * info	unsigned int flags
425	sys_io_uring_setup	u32 entries	struct io_uring_params __user * params
426	sys_io_uring_enter	unsigned int fd	u32 to_submit	u32 min_complete	u32 flags	const void __user * argp	size_t argsz
427	sys_io_uring_register	unsigned int fd	unsigned int opcode	void __user * arg	unsigned int nr_args
428	sys_open_tree	int dfd	const char __user * filename	unsigned flags
429	sys_move_mount	int from_dfd	const char __user * from_pathname	int to_dfd	const char __user * to_pathname	unsigned int flags
430	sys_fsopen	const char __user * _fs_name	unsigned int flags
431	sys_fsconfig	int fd	unsigned int cmd	const char __user * _key	const void __user * _value	int aux
432	sys_fsmount	int fs_fd	unsigned int flags	unsigned int attr_flags
433	sys_fspick	int dfd	const char __user * path	unsigned int flags
434	sys_pidfd_open	pid_t pid	unsigned int flags
435	sys_clone3	struct clone_args __user * uargs	size_t size
436	sys_close_range	unsigned int fd	unsigned int max_fd	unsigned int flags
437	sys_openat2	int dfd	const char __user * filename	struct open_how __user * how	size_t usize
438	sys_pidfd_getfd	int pidfd	int fd	unsigned int flags
439	sys_faccessat2	int dfd	const char __user * filename	int mode	int flags
440	sys_process_madvise	int pidfd	const struct iovec __user * vec	size_t vlen	int behavior	unsigned int flags
441	sys_epoll_pwait2	int epfd	struct epoll_event __user * events	int maxevents	const struct __kernel_timespec __user * timeout	const sigset_t __user * sigmask	size_t sigsetsize
442	sys_mount_setattr	int dfd	const char __user * path	unsigned int flags	struct mount_attr __user * uattr	size_t usize
443	sys_quotactl_fd	unsigned int fd	unsigned int cmd	qid_t id	void __user * addr
444	sys_landlock_create_ruleset	const struct landlock_ruleset_attr __user *const attr	const size_t size	const __u32 flags
445	sys_landlock_add_rule	const int ruleset_fd	const enum landlock_rule_type rule_type	const void __user *const rule_attr	const __u32 flags
446	sys_landlock_restrict_self	const int ruleset_fd	const __u32 flags
447	sys_memfd_secret	unsigned int flags
448	sys_process_mrelease	int pidfd	unsigned int flags

Another in-depth explanation I came across: https://packagecloud.io/blog/the-definitive-guide-to-linux-system-calls/

Tags: linux asm