Using System Calls with Kernel Extensions

A restricted set of system calls can be used by kernel extensions.

A kernel process can use a larger set of system calls than a user process in kernel mode. System Calls Available to Kernel Extensions specifies which system calls can be used by either type of process. User-mode processes in kernel mode can only use system calls that have all parameters passed by value. Kernel routines running under user-mode processes cannot directly use a system call having parameters passed by reference.

The second restriction is imposed because, when they access a caller's data, system calls with parameters passed by reference access storage across a protection domain. The cross-domain memory services performing these cross-memory operations support kernel processes as if they, too, accessed storage across a protection domain. However, these services have no way to determine that the caller is in the same protection domain when the caller is a user-mode process in kernel mode. For more information on cross-domain memory services, see Cross-Memory Kernel Services.

Note: System calls must not be used by kernel extensions executing in the interrupt handler environment.

System calls available to kernel extensions are listed in /usr/lib/kernex.imp, along with other kernel services.