Skip to content



tuxcall - handle requests from userspace, typically IOCTL calls


tuxcall is a way for programs running in userspace to make requests to the kernel. It is typically used to control devices and configure hardware. The kernel will check the associated data structures and privileges and then process the request and return a response to the user program. The drawbacks of using tuxcall are that it can be complex and time-consuming to debug and debug when using multiple threads and ioctls.


  • cmd: int[K] - defines the command to be executed.
  • arg: void *[K] - a void pointer to a data structure associated with the command.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)






To trace tuxcall system calls

Example Use Case

A program running in user space is using tuxcall to configure a device. It will pass the relevant data structures and arguments to the kernel via the tuxcall syscall and wait for a response.


One of the major issues with tuxcall is that it can be difficult to debug when errors occur due to the complexity of the system.

  • ioctl - performs io control operations
  • read - read data from a file descriptor

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.