W dniu 02.06.2014 22:53, Paul Moore pisze:
> Thank you for (re)posting these patches. I apologize that you haven't seen
> any feedback yet but I'm currently working on incorporating support for the
> different MIPS platforms, as soon as that is finished I'll take a closer look
> at your patch.
>
> Do you have AArch64 hardware that you can use for testing?
Yes, I do have access to such.
I worked on tests part today and went from terrible results to much better ones
(but still not so good).
Changelog
V1 - 28.05.2014
V2 - 03.06.2014
- filled syscalls table
- added new __PNR_ macros for alarm, mmap, open, select, time, utime
V3 - 04.06.2014
- added AArch64 detection into tools/
- added AArch64 detection into tests/{16,23}
Regression Test Summary
tests run: 423
tests skipped: 59
tests passed: 403
tests failed: 20
tests errored: 167
---
include/seccomp.h.in | 42 +++
src/Makefile | 1
src/arch-aarch64-syscalls.c | 470 ++++++++++++++++++++++++++++++++++++++++++
src/arch-aarch64.c | 34 +++
src/arch-aarch64.h | 37 +++
src/arch.c | 3
tests/16-sim-arch_basic.c | 5
tests/23-sim-arch_all_basic.c | 5
tools/scmp_arch_detect.c | 3
tools/scmp_bpf_sim.c | 2
tools/scmp_sys_resolver.c | 3
11 files changed, 605 insertions(+)
--- libseccomp-2.1.1.orig/include/seccomp.h.in
+++ libseccomp-2.1.1/include/seccomp.h.in
@@ -122,6 +122,17 @@ struct scmp_arg_cmp {
#define SCMP_ARCH_ARM AUDIT_ARCH_ARM
/**
+ * The AARCH64 architecture token
+ */
+
+/* AArch64 support for audit is still not in mainline */
+#ifndef AUDIT_ARCH_AARCH64
+#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif
+
+#define SCMP_ARCH_AARCH64 AUDIT_ARCH_AARCH64
+
+/**
* Convert a syscall name into the associated syscall number
* @param x the syscall name
*/
@@ -1157,6 +1168,37 @@ int seccomp_export_bpf(const scmp_filter
#define __NR_sync_file_range __PNR_sync_file_range
#endif /* __NR_sync_file_range */
+#define __PNR_alarm -10101
+#ifndef __NR_alarm
+#define __NR_alarm __PNR_alarm
+#endif /* __NR_alarm */
+
+#define __PNR_mmap -10102
+#ifndef __NR_mmap
+#define __NR_mmap __PNR_mmap
+#endif /* __NR_mmap */
+
+#define __PNR_open -10103
+#ifndef __NR_open
+#define __NR_open __PNR_open
+#endif /* __NR_open */
+
+#define __PNR_select -10104
+#ifndef __NR_select
+#define __NR_select __PNR_select
+#endif /* __NR_select */
+
+#define __PNR_time -10105
+#ifndef __NR_time
+#define __NR_time __PNR_time
+#endif /* __NR_time */
+
+#define __PNR_utime -10106
+#ifndef __NR_utime
+#define __NR_utime __PNR_utime
+#endif /* __NR_utime */
+
+
#ifdef __cplusplus
}
#endif
--- /dev/null
+++ libseccomp-2.1.1/src/arch-aarch64.c
@@ -0,0 +1,34 @@
+/**
+ * Enhanced Seccomp AArch64 Syscall Table
+ *
+ * Copyright (c) 2014 Red Hat <[email protected]>
+ * Author: Marcin Juszkiewicz <[email protected]>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <linux/audit.h>
+
+#include "arch.h"
+#include "arch-aarch64.h"
+
+const struct arch_def arch_def_aarch64 = {
+ .token = SCMP_ARCH_AARCH64,
+ .token_bpf = AUDIT_ARCH_AARCH64,
+ .size = ARCH_SIZE_64,
+ .endian = ARCH_ENDIAN_LITTLE,
+};
--- /dev/null
+++ libseccomp-2.1.1/src/arch-aarch64.h
@@ -0,0 +1,37 @@
+/**
+ * Enhanced Seccomp AArch64 Syscall Table
+ *
+ * Copyright (c) 2014 Red Hat <[email protected]>
+ * Author: Marcin Juszkiewicz <[email protected]>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _ARCH_AARCH64_H
+#define _ARCH_AARCH64_H
+
+#include <inttypes.h>
+
+#include "arch.h"
+#include "system.h"
+
+#define aarch64_arg_count_max 6
+
+extern const struct arch_def arch_def_aarch64;
+
+int aarch64_syscall_resolve_name(const char *name);
+const char *aarch64_syscall_resolve_num(int num);
+
+#endif
--- /dev/null
+++ libseccomp-2.1.1/src/arch-aarch64-syscalls.c
@@ -0,0 +1,470 @@
+/**
+ * Enhanced Seccomp AArch64 Syscall Table
+ *
+ * Copyright (c) 2014 Red Hat <[email protected]>
+ * Author: Marcin Juszkiewicz <[email protected]>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <string.h>
+
+#include <seccomp.h>
+
+#include "arch.h"
+#include "arch-aarch64.h"
+
+#define __NR_SYSCALL_BASE 0
+
+/* NOTE: based on Linux 3.13.0-rc7 */
+const struct arch_syscall_def aarch64_syscall_table[] = { \
+ { "accept", (__NR_SYSCALL_BASE + 285) },
+ { "accept4", (__NR_SYSCALL_BASE + 366) },
+ { "access", (__NR_SYSCALL_BASE + 33) },
+ { "acct", (__NR_SYSCALL_BASE + 51) },
+ { "add_key", (__NR_SYSCALL_BASE + 309) },
+ { "adjtimex", (__NR_SYSCALL_BASE + 124) },
+ { "afs_syscall", __PNR_afs_syscall },
+ { "alarm", (__PNR_alarm) },
+ { "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) },
+ { "arm_sync_file_range", (__PNR_arm_sync_file_range) },
+ { "arch_prctl", __PNR_arch_prctl },
+ { "bdflush", (__NR_SYSCALL_BASE + 134) },
+ { "bind", (__NR_SYSCALL_BASE + 282) },
+ { "break", __PNR_break },
+ { "brk", (__NR_SYSCALL_BASE + 45) },
+ { "capget", (__NR_SYSCALL_BASE + 184) },
+ { "capset", (__NR_SYSCALL_BASE + 185) },
+ { "chdir", (__NR_SYSCALL_BASE + 12) },
+ { "chmod", (__NR_SYSCALL_BASE + 15) },
+ { "chown", (__NR_SYSCALL_BASE + 182) },
+ { "chown32", (__NR_SYSCALL_BASE + 212) },
+ { "chroot", (__NR_SYSCALL_BASE + 61) },
+ { "clock_adjtime", (__NR_SYSCALL_BASE + 372) },
+ { "clock_getres", (__NR_SYSCALL_BASE + 264) },
+ { "clock_gettime", (__NR_SYSCALL_BASE + 263) },
+ { "clock_nanosleep", (__NR_SYSCALL_BASE + 265) },
+ { "clock_settime", (__NR_SYSCALL_BASE + 262) },
+ { "clone", (__NR_SYSCALL_BASE + 120) },
+ { "close", (__NR_SYSCALL_BASE + 6) },
+ { "connect", (__NR_SYSCALL_BASE + 283) },
+ { "creat", (__NR_SYSCALL_BASE + 8) },
+ { "create_module", __PNR_create_module },
+ { "delete_module", (__NR_SYSCALL_BASE + 129) },
+ { "dup", (__NR_SYSCALL_BASE + 41) },
+ { "dup2", (__NR_SYSCALL_BASE + 63) },
+ { "dup3", (__NR_SYSCALL_BASE + 358) },
+ { "epoll_create", (__NR_SYSCALL_BASE + 250) },
+ { "epoll_create1", (__NR_SYSCALL_BASE + 357) },
+ { "epoll_ctl", (__NR_SYSCALL_BASE + 251) },
+ { "epoll_ctl_old", __PNR_epoll_ctl_old },
+ { "epoll_pwait", (__NR_SYSCALL_BASE + 346) },
+ { "epoll_wait", (__NR_SYSCALL_BASE + 252) },
+ { "epoll_wait_old", __PNR_epoll_wait_old },
+ { "eventfd", (__NR_SYSCALL_BASE + 351) },
+ { "eventfd2", (__NR_SYSCALL_BASE + 356) },
+ { "execve", (__NR_SYSCALL_BASE + 11) },
+ { "exit", (__NR_SYSCALL_BASE + 1) },
+ { "exit_group", (__NR_SYSCALL_BASE + 248) },
+ { "faccessat", (__NR_SYSCALL_BASE + 334) },
+ { "fadvise64", __PNR_fadvise64 },
+ { "fadvise64_64", __PNR_fadvise64_64 },
+ { "fallocate", (__NR_SYSCALL_BASE + 352) },
+ { "fanotify_init", (__NR_SYSCALL_BASE + 367) },
+ { "fanotify_mark", (__NR_SYSCALL_BASE + 368) },
+ { "fchdir", (__NR_SYSCALL_BASE + 133) },
+ { "fchmod", (__NR_SYSCALL_BASE + 94) },
+ { "fchmodat", (__NR_SYSCALL_BASE + 333) },
+ { "fchown", (__NR_SYSCALL_BASE + 95) },
+ { "fchown32", (__NR_SYSCALL_BASE + 207) },
+ { "fchownat", (__NR_SYSCALL_BASE + 325) },
+ { "fcntl", (__NR_SYSCALL_BASE + 55) },
+ { "fcntl64", (__NR_SYSCALL_BASE + 221) },
+ { "fdatasync", (__NR_SYSCALL_BASE + 148) },
+ { "fgetxattr", (__NR_SYSCALL_BASE + 231) },
+ { "finit_module", (__NR_SYSCALL_BASE + 379) },
+ { "flistxattr", (__NR_SYSCALL_BASE + 234) },
+ { "flock", (__NR_SYSCALL_BASE + 143) },
+ { "fork", (__NR_SYSCALL_BASE + 2) },
+ { "fremovexattr", (__NR_SYSCALL_BASE + 237) },
+ { "fsetxattr", (__NR_SYSCALL_BASE + 228) },
+ { "fstat", (__NR_SYSCALL_BASE + 108) },
+ { "fstat64", (__NR_SYSCALL_BASE + 197) },
+ { "fstatat64", (__NR_SYSCALL_BASE + 327) },
+ { "fstatfs", (__NR_SYSCALL_BASE + 100) },
+ { "fstatfs64", (__NR_SYSCALL_BASE + 267) },
+ { "fsync", (__NR_SYSCALL_BASE + 118) },
+ { "ftime", __PNR_ftime },
+ { "ftruncate", (__NR_SYSCALL_BASE + 93) },
+ { "ftruncate64", (__NR_SYSCALL_BASE + 194) },
+ { "futex", (__NR_SYSCALL_BASE + 240) },
+ { "futimesat", (__NR_SYSCALL_BASE + 326) },
+ { "get_kernel_syms", __PNR_get_kernel_syms },
+ { "get_thread_area", __PNR_get_thread_area },
+ { "getcpu", (__NR_SYSCALL_BASE + 345) },
+ { "getcwd", (__NR_SYSCALL_BASE + 183) },
+ { "getdents", (__NR_SYSCALL_BASE + 141) },
+ { "getdents64", (__NR_SYSCALL_BASE + 217) },
+ { "getegid", (__NR_SYSCALL_BASE + 50) },
+ { "getegid32", (__NR_SYSCALL_BASE + 202) },
+ { "geteuid", (__NR_SYSCALL_BASE + 49) },
+ { "geteuid32", (__NR_SYSCALL_BASE + 201) },
+ { "getgid", (__NR_SYSCALL_BASE + 47) },
+ { "getgid32", (__NR_SYSCALL_BASE + 200) },
+ { "getgroups", (__NR_SYSCALL_BASE + 80) },
+ { "getgroups32", (__NR_SYSCALL_BASE + 205) },
+ { "getitimer", (__NR_SYSCALL_BASE + 105) },
+ { "get_mempolicy", (__NR_SYSCALL_BASE + 320) },
+ { "getpeername", (__NR_SYSCALL_BASE + 287) },
+ { "getpgid", (__NR_SYSCALL_BASE + 132) },
+ { "getpgrp", (__NR_SYSCALL_BASE + 65) },
+ { "getpid", (__NR_SYSCALL_BASE + 20) },
+ { "getpmsg", __PNR_getpmsg },
+ { "getppid", (__NR_SYSCALL_BASE + 64) },
+ { "getpriority", (__NR_SYSCALL_BASE + 96) },
+ { "getresgid", (__NR_SYSCALL_BASE + 171) },
+ { "getresgid32", (__NR_SYSCALL_BASE + 211) },
+ { "getresuid", (__NR_SYSCALL_BASE + 165) },
+ { "getresuid32", (__NR_SYSCALL_BASE + 209) },
+ { "get_robust_list", (__NR_SYSCALL_BASE + 339) },
+ { "getrusage", (__NR_SYSCALL_BASE + 77) },
+ { "getsid", (__NR_SYSCALL_BASE + 147) },
+ { "getsockname", (__NR_SYSCALL_BASE + 286) },
+ { "getsockopt", (__NR_SYSCALL_BASE + 295) },
+ { "gettid", (__NR_SYSCALL_BASE + 224) },
+ { "gettimeofday", (__NR_SYSCALL_BASE + 78) },
+ { "getuid", (__NR_SYSCALL_BASE + 24) },
+ { "getuid32", (__NR_SYSCALL_BASE + 199) },
+ { "getxattr", (__NR_SYSCALL_BASE + 229) },
+ { "gtty", __PNR_gtty },
+ { "idle", __PNR_idle },
+ { "init_module", (__NR_SYSCALL_BASE + 128) },
+ { "inotify_add_watch", (__NR_SYSCALL_BASE + 317) },
+ { "inotify_init", (__NR_SYSCALL_BASE + 316) },
+ { "inotify_init1", (__NR_SYSCALL_BASE + 360) },
+ { "inotify_rm_watch", (__NR_SYSCALL_BASE + 318) },
+ { "io_cancel", (__NR_SYSCALL_BASE + 247) },
+ { "io_destroy", (__NR_SYSCALL_BASE + 244) },
+ { "io_getevents", (__NR_SYSCALL_BASE + 245) },
+ { "io_setup", (__NR_SYSCALL_BASE + 243) },
+ { "io_submit", (__NR_SYSCALL_BASE + 246) },
+ { "ioctl", (__NR_SYSCALL_BASE + 54) },
+ { "ioperm", __PNR_ioperm },
+ { "iopl", __PNR_iopl },
+ { "ioprio_get", (__NR_SYSCALL_BASE + 315) },
+ { "ioprio_set", (__NR_SYSCALL_BASE + 314) },
+ { "ipc", (__NR_SYSCALL_BASE + 117) },
+ { "kcmp", __PNR_kcmp },
+ { "kexec_load", (__NR_SYSCALL_BASE + 347) },
+ { "keyctl", (__NR_SYSCALL_BASE + 311) },
+ { "kill", (__NR_SYSCALL_BASE + 37) },
+ { "lchown", (__NR_SYSCALL_BASE + 16) },
+ { "lchown32", (__NR_SYSCALL_BASE + 198) },
+ { "lgetxattr", (__NR_SYSCALL_BASE + 230) },
+ { "link", (__NR_SYSCALL_BASE + 9) },
+ { "linkat", (__NR_SYSCALL_BASE + 330) },
+ { "listen", (__NR_SYSCALL_BASE + 284) },
+ { "listxattr", (__NR_SYSCALL_BASE + 232) },
+ { "llistxattr", (__NR_SYSCALL_BASE + 233) },
+ { "_llseek", (__NR_SYSCALL_BASE + 140) },
+ { "lock", __PNR_lock },
+ { "lookup_dcookie", (__NR_SYSCALL_BASE + 249) },
+ { "lremovexattr", (__NR_SYSCALL_BASE + 236) },
+ { "lseek", (__NR_SYSCALL_BASE + 19) },
+ { "lsetxattr", (__NR_SYSCALL_BASE + 227) },
+ { "lstat", (__NR_SYSCALL_BASE + 107) },
+ { "lstat64", (__NR_SYSCALL_BASE + 196) },
+ { "madvise", (__NR_SYSCALL_BASE + 220) },
+ { "mbind", (__NR_SYSCALL_BASE + 319) },
+ { "migrate_pages", __PNR_migrate_pages },
+ { "mincore", (__NR_SYSCALL_BASE + 219) },
+ { "mkdir", (__NR_SYSCALL_BASE + 39) },
+ { "mkdirat", (__NR_SYSCALL_BASE + 323) },
+ { "mknod", (__NR_SYSCALL_BASE + 14) },
+ { "mknodat", (__NR_SYSCALL_BASE + 324) },
+ { "mlock", (__NR_SYSCALL_BASE + 150) },
+ { "mlockall", (__NR_SYSCALL_BASE + 152) },
+ { "mmap", (__PNR_mmap) },
+ { "mmap2", (__NR_SYSCALL_BASE + 192) },
+ { "modify_ldt", __PNR_modify_ldt },
+ { "mount", (__NR_SYSCALL_BASE + 21) },
+ { "move_pages", (__NR_SYSCALL_BASE + 344) },
+ { "mprotect", (__NR_SYSCALL_BASE + 125) },
+ { "mpx", __PNR_mpx },
+ { "mq_getsetattr", (__NR_SYSCALL_BASE + 279) },
+ { "mq_notify", (__NR_SYSCALL_BASE + 278) },
+ { "mq_open", (__NR_SYSCALL_BASE + 274) },
+ { "mq_timedreceive", (__NR_SYSCALL_BASE + 277) },
+ { "mq_timedsend", (__NR_SYSCALL_BASE + 276) },
+ { "mq_unlink", (__NR_SYSCALL_BASE + 275) },
+ { "mremap", (__NR_SYSCALL_BASE + 163) },
+ { "msgctl", (__NR_SYSCALL_BASE + 304) },
+ { "msgget", (__NR_SYSCALL_BASE + 303) },
+ { "msgrcv", (__NR_SYSCALL_BASE + 302) },
+ { "msgsnd", (__NR_SYSCALL_BASE + 301) },
+ { "msync", (__NR_SYSCALL_BASE + 144) },
+ { "munlock", (__NR_SYSCALL_BASE + 151) },
+ { "munlockall", (__NR_SYSCALL_BASE + 153) },
+ { "munmap", (__NR_SYSCALL_BASE + 91) },
+ { "name_to_handle_at", (__NR_SYSCALL_BASE + 370) },
+ { "nanosleep", (__NR_SYSCALL_BASE + 162) },
+ { "_newselect", (__NR_SYSCALL_BASE + 142) },
+ { "newfstatat", __PNR_newfstatat },
+ { "nfsservctl", (__NR_SYSCALL_BASE + 169) },
+ { "nice", (__NR_SYSCALL_BASE + 34) },
+ { "oldfstat", __PNR_oldfstat },
+ { "oldlstat", __PNR_oldlstat },
+ { "oldolduname", __PNR_oldolduname },
+ { "oldstat", __PNR_oldstat },
+ { "olduname", __PNR_olduname },
+ { "open", (__PNR_open) },
+ { "openat", (__NR_SYSCALL_BASE + 322) },
+ { "open_by_handle_at", (__NR_SYSCALL_BASE + 371) },
+ { "pause", (__NR_SYSCALL_BASE + 29) },
+ { "pciconfig_iobase", (__NR_SYSCALL_BASE + 271) },
+ { "pciconfig_read", (__NR_SYSCALL_BASE + 272) },
+ { "pciconfig_write", (__NR_SYSCALL_BASE + 273) },
+ { "perf_event_open", (__NR_SYSCALL_BASE + 364) },
+ { "personality", (__NR_SYSCALL_BASE + 136) },
+ { "pipe", (__NR_SYSCALL_BASE + 42) },
+ { "pipe2", (__NR_SYSCALL_BASE + 359) },
+ { "pivot_root", (__NR_SYSCALL_BASE + 218) },
+ { "poll", (__NR_SYSCALL_BASE + 168) },
+ { "ppoll", (__NR_SYSCALL_BASE + 336) },
+ { "prctl", (__NR_SYSCALL_BASE + 172) },
+ { "pread64", (__NR_SYSCALL_BASE + 180) },
+ { "preadv", (__NR_SYSCALL_BASE + 361) },
+ { "prlimit64", (__NR_SYSCALL_BASE + 369) },
+ { "process_vm_readv", (__NR_SYSCALL_BASE + 376) },
+ { "process_vm_writev", (__NR_SYSCALL_BASE + 377) },
+ { "prof", __PNR_prof },
+ { "profil", __PNR_profil },
+ { "pselect6", (__NR_SYSCALL_BASE + 335) },
+ { "ptrace", (__NR_SYSCALL_BASE + 26) },
+ { "putpmsg", __PNR_putpmsg },
+ { "pwrite64", (__NR_SYSCALL_BASE + 181) },
+ { "pwritev", (__NR_SYSCALL_BASE + 362) },
+ { "query_module", __PNR_query_module },
+ { "quotactl", (__NR_SYSCALL_BASE + 131) },
+ { "read", (__NR_SYSCALL_BASE + 3) },
+ { "readahead", (__NR_SYSCALL_BASE + 225) },
+ { "readdir", (__PNR_readdir) },
+ { "readlink", (__NR_SYSCALL_BASE + 85) },
+ { "readlinkat", (__NR_SYSCALL_BASE + 332) },
+ { "readv", (__NR_SYSCALL_BASE + 145) },
+ { "reboot", (__NR_SYSCALL_BASE + 88) },
+ { "recv", (__NR_SYSCALL_BASE + 291) },
+ { "recvfrom", (__NR_SYSCALL_BASE + 292) },
+ { "recvmmsg", (__NR_SYSCALL_BASE + 365) },
+ { "recvmsg", (__NR_SYSCALL_BASE + 297) },
+ { "remap_file_pages", (__NR_SYSCALL_BASE + 253) },
+ { "removexattr", (__NR_SYSCALL_BASE + 235) },
+ { "rename", (__NR_SYSCALL_BASE + 38) },
+ { "renameat", (__NR_SYSCALL_BASE + 329) },
+ { "request_key", (__NR_SYSCALL_BASE + 310) },
+ { "restart_syscall", (__NR_SYSCALL_BASE + 0) },
+ { "rmdir", (__NR_SYSCALL_BASE + 40) },
+ { "rt_sigaction", (__NR_SYSCALL_BASE + 174) },
+ { "rt_sigpending", (__NR_SYSCALL_BASE + 176) },
+ { "rt_sigprocmask", (__NR_SYSCALL_BASE + 175) },
+ { "rt_sigqueueinfo", (__NR_SYSCALL_BASE + 178) },
+ { "rt_sigreturn", (__NR_SYSCALL_BASE + 173) },
+ { "rt_sigsuspend", (__NR_SYSCALL_BASE + 179) },
+ { "rt_sigtimedwait", (__NR_SYSCALL_BASE + 177) },
+ { "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 363) },
+ { "sched_getaffinity", (__NR_SYSCALL_BASE + 242) },
+ { "sched_getparam", (__NR_SYSCALL_BASE + 155) },
+ { "sched_get_priority_max", (__NR_SYSCALL_BASE + 159) },
+ { "sched_get_priority_min", (__NR_SYSCALL_BASE + 160) },
+ { "sched_getscheduler", (__NR_SYSCALL_BASE + 157) },
+ { "sched_rr_get_interval", (__NR_SYSCALL_BASE + 161) },
+ { "sched_setaffinity", (__NR_SYSCALL_BASE + 241) },
+ { "sched_setparam", (__NR_SYSCALL_BASE + 154) },
+ { "sched_setscheduler", (__NR_SYSCALL_BASE + 156) },
+ { "sched_yield", (__NR_SYSCALL_BASE + 158) },
+ { "security", __PNR_security },
+ { "select", (__PNR_select) },
+ { "semctl", (__NR_SYSCALL_BASE + 300) },
+ { "semget", (__NR_SYSCALL_BASE + 299) },
+ { "semop", (__NR_SYSCALL_BASE + 298) },
+ { "semtimedop", (__NR_SYSCALL_BASE + 312) },
+ { "send", (__NR_SYSCALL_BASE + 289) },
+ { "sendfile", (__NR_SYSCALL_BASE + 187) },
+ { "sendfile64", (__NR_SYSCALL_BASE + 239) },
+ { "sendmmsg", (__NR_SYSCALL_BASE + 374) },
+ { "sendmsg", (__NR_SYSCALL_BASE + 296) },
+ { "sendto", (__NR_SYSCALL_BASE + 290) },
+ { "setdomainname", (__NR_SYSCALL_BASE + 121) },
+ { "setfsgid", (__NR_SYSCALL_BASE + 139) },
+ { "setfsgid32", (__NR_SYSCALL_BASE + 216) },
+ { "setfsuid", (__NR_SYSCALL_BASE + 138) },
+ { "setfsuid32", (__NR_SYSCALL_BASE + 215) },
+ { "setgid", (__NR_SYSCALL_BASE + 46) },
+ { "setgid32", (__NR_SYSCALL_BASE + 214) },
+ { "setgroups", (__NR_SYSCALL_BASE + 81) },
+ { "setgroups32", (__NR_SYSCALL_BASE + 206) },
+ { "sethostname", (__NR_SYSCALL_BASE + 74) },
+ { "setitimer", (__NR_SYSCALL_BASE + 104) },
+ { "set_mempolicy", (__NR_SYSCALL_BASE + 321) },
+ { "setns", (__NR_SYSCALL_BASE + 375) },
+ { "setpgid", (__NR_SYSCALL_BASE + 57) },
+ { "setpriority", (__NR_SYSCALL_BASE + 97) },
+ { "setregid", (__NR_SYSCALL_BASE + 71) },
+ { "setregid32", (__NR_SYSCALL_BASE + 204) },
+ { "setresgid", (__NR_SYSCALL_BASE + 170) },
+ { "setresgid32", (__NR_SYSCALL_BASE + 210) },
+ { "setresuid", (__NR_SYSCALL_BASE + 164) },
+ { "setresuid32", (__NR_SYSCALL_BASE + 208) },
+ { "setreuid", (__NR_SYSCALL_BASE + 70) },
+ { "setreuid32", (__NR_SYSCALL_BASE + 203) },
+ { "setrlimit", (__NR_SYSCALL_BASE + 75) },
+ { "set_robust_list", (__NR_SYSCALL_BASE + 338) },
+ { "setsid", (__NR_SYSCALL_BASE + 66) },
+ { "setsockopt", (__NR_SYSCALL_BASE + 294) },
+ { "set_thread_area", __PNR_set_thread_area },
+ { "set_tid_address", (__NR_SYSCALL_BASE + 256) },
+ { "settimeofday", (__NR_SYSCALL_BASE + 79) },
+ { "setuid", (__NR_SYSCALL_BASE + 23) },
+ { "setuid32", (__NR_SYSCALL_BASE + 213) },
+ { "setxattr", (__NR_SYSCALL_BASE + 226) },
+ { "sgetmask", __PNR_sgetmask },
+ { "shmat", (__NR_SYSCALL_BASE + 305) },
+ { "shmctl", (__NR_SYSCALL_BASE + 308) },
+ { "shmdt", (__NR_SYSCALL_BASE + 306) },
+ { "shmget", (__NR_SYSCALL_BASE + 307) },
+ { "shutdown", (__NR_SYSCALL_BASE + 293) },
+ { "sigaction", (__NR_SYSCALL_BASE + 67) },
+ { "sigaltstack", (__NR_SYSCALL_BASE + 186) },
+ { "signal", __PNR_signal },
+ { "signalfd", (__NR_SYSCALL_BASE + 349) },
+ { "signalfd4", (__NR_SYSCALL_BASE + 355) },
+ { "sigpending", (__NR_SYSCALL_BASE + 73) },
+ { "sigprocmask", (__NR_SYSCALL_BASE + 126) },
+ { "sigreturn", (__NR_SYSCALL_BASE + 119) },
+ { "sigsuspend", (__NR_SYSCALL_BASE + 72) },
+ { "socket", (__NR_SYSCALL_BASE + 281) },
+ { "socketcall", (__PNR_socketcall) },
+ { "socketpair", (__NR_SYSCALL_BASE + 288) },
+ { "splice", (__NR_SYSCALL_BASE + 340) },
+ { "ssetmask", __PNR_ssetmask },
+ { "stat", (__NR_SYSCALL_BASE + 106) },
+ { "stat64", (__NR_SYSCALL_BASE + 195) },
+ { "statfs", (__NR_SYSCALL_BASE + 99) },
+ { "statfs64", (__NR_SYSCALL_BASE + 266) },
+ { "stime", (__PNR_stime) },
+ { "stty", __PNR_stty },
+ { "swapoff", (__NR_SYSCALL_BASE + 115) },
+ { "swapon", (__NR_SYSCALL_BASE + 87) },
+ { "symlink", (__NR_SYSCALL_BASE + 83) },
+ { "symlinkat", (__NR_SYSCALL_BASE + 331) },
+ { "sync", (__NR_SYSCALL_BASE + 36) },
+ { "sync_file_range", __PNR_sync_file_range },
+ { "sync_file_range2", (__NR_SYSCALL_BASE + 341) },
+ { "syncfs", (__NR_SYSCALL_BASE + 373) },
+ { "syscall", (__PNR_syscall) },
+ { "_sysctl", (__NR_SYSCALL_BASE + 149) },
+ { "sysfs", (__NR_SYSCALL_BASE + 135) },
+ { "sysinfo", (__NR_SYSCALL_BASE + 116) },
+ { "syslog", (__NR_SYSCALL_BASE + 103) },
+ { "tee", (__NR_SYSCALL_BASE + 342) },
+ { "tgkill", (__NR_SYSCALL_BASE + 268) },
+ { "time", (__PNR_time) },
+ { "timer_create", (__NR_SYSCALL_BASE + 257) },
+ { "timer_delete", (__NR_SYSCALL_BASE + 261) },
+ { "timerfd_create", (__NR_SYSCALL_BASE + 350) },
+ { "timerfd_gettime", (__NR_SYSCALL_BASE + 354) },
+ { "timerfd_settime", (__NR_SYSCALL_BASE + 353) },
+ { "timer_getoverrun", (__NR_SYSCALL_BASE + 260) },
+ { "timer_gettime", (__NR_SYSCALL_BASE + 259) },
+ { "timer_settime", (__NR_SYSCALL_BASE + 258) },
+ { "times", (__NR_SYSCALL_BASE + 43) },
+ { "tkill", (__NR_SYSCALL_BASE + 238) },
+ { "truncate", (__NR_SYSCALL_BASE + 92) },
+ { "truncate64", (__NR_SYSCALL_BASE + 193) },
+ { "tuxcall", __PNR_tuxcall },
+ { "ugetrlimit", (__NR_SYSCALL_BASE + 191) }, /* SuS compliant
getrlimit */
+ { "ulimit", __PNR_ulimit },
+ { "umask", (__NR_SYSCALL_BASE + 60) },
+ { "umount", (__PNR_umount) },
+ { "umount2", (__NR_SYSCALL_BASE + 52) },
+ { "uname", (__NR_SYSCALL_BASE + 122) },
+ { "unlink", (__NR_SYSCALL_BASE + 10) },
+ { "unlinkat", (__NR_SYSCALL_BASE + 328) },
+ { "unshare", (__NR_SYSCALL_BASE + 337) },
+ { "uselib", (__NR_SYSCALL_BASE + 86) },
+ { "ustat", (__NR_SYSCALL_BASE + 62) },
+ { "utime", (__PNR_utime) },
+ { "utimensat", (__NR_SYSCALL_BASE + 348) },
+ { "utimes", (__NR_SYSCALL_BASE + 269) },
+ { "vfork", (__NR_SYSCALL_BASE + 190) },
+ { "vhangup", (__NR_SYSCALL_BASE + 111) },
+ { "vm86", __PNR_vm86 },
+ { "vm86old", __PNR_vm86old },
+ { "vmsplice", (__NR_SYSCALL_BASE + 343) },
+ { "vserver", (__NR_SYSCALL_BASE + 313) },
+ { "wait4", (__NR_SYSCALL_BASE + 114) },
+ { "waitid", (__NR_SYSCALL_BASE + 280) },
+ { "waitpid", __PNR_waitpid },
+ { "write", (__NR_SYSCALL_BASE + 4) },
+ { "writev", (__NR_SYSCALL_BASE + 146) },
+ { NULL, __NR_SCMP_ERROR },
+};
+
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number using the syscall
table.
+ * Returns the syscall number on success, including negative pseudo syscall
+ * numbers; returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int aarch64_syscall_resolve_name(const char *name)
+{
+ unsigned int iter;
+ const struct arch_syscall_def *table = aarch64_syscall_table;
+
+ /* XXX - plenty of room for future improvement here */
+ for (iter = 0; table[iter].name != NULL; iter++) {
+ if (strcmp(name, table[iter].name) == 0)
+ return table[iter].num;
+ }
+
+ return __NR_SCMP_ERROR;
+}
+
+/**
+ * Resolve a syscall number to a name
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name using the syscall
table.
+ * Returns a pointer to the syscall name string on success, including pseudo
+ * syscall names; returns NULL on failure.
+ *
+ */
+const char *aarch64_syscall_resolve_num(int num)
+{
+ unsigned int iter;
+ const struct arch_syscall_def *table = aarch64_syscall_table;
+
+ /* XXX - plenty of room for future improvement here */
+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
+ if (num == table[iter].num)
+ return table[iter].name;
+ }
+
+ return NULL;
+}
+
--- libseccomp-2.1.1.orig/src/arch.c
+++ libseccomp-2.1.1/src/arch.c
@@ -34,6 +34,7 @@
#include "arch-x86_64.h"
#include "arch-x32.h"
#include "arch-arm.h"
+#include "arch-aarch64.h"
#include "system.h"
#if __i386__
@@ -46,6 +47,8 @@ const struct arch_def *arch_def_native =
#endif /* __ILP32__ */
#elif __arm__
const struct arch_def *arch_def_native = &arch_def_arm;
+#elif __aarch64__
+const struct arch_def *arch_def_native = &arch_def_aarch64;
#else
#error the arch code needs to know about your machine type
#endif /* machine type guess */
--- libseccomp-2.1.1.orig/src/Makefile
+++ libseccomp-2.1.1/src/Makefile
@@ -42,6 +42,7 @@ OBJS = \
arch-x86_64.o arch-x86_64-syscalls.o \
arch-x32.o arch-x32-syscalls.o \
arch-arm.o arch-arm-syscalls.o \
+ arch-aarch64.o arch-aarch64-syscalls.o \
hash.o \
gen_pfc.o gen_bpf.o
--- libseccomp-2.1.1.orig/tests/16-sim-arch_basic.c
+++ libseccomp-2.1.1/tests/16-sim-arch_basic.c
@@ -60,6 +60,11 @@ int main(int argc, char *argv[])
if (rc != 0)
goto out;
}
+ if (seccomp_arch_exist(ctx, SCMP_ARCH_AARCH64)) {
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_AARCH64);
+ if (rc != 0)
+ goto out;
+ }
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
--- libseccomp-2.1.1.orig/tests/23-sim-arch_all_basic.c
+++ libseccomp-2.1.1/tests/23-sim-arch_all_basic.c
@@ -59,6 +59,11 @@ int main(int argc, char *argv[])
if (rc != 0)
goto out;
}
+ if (seccomp_arch_exist(ctx, SCMP_ARCH_AARCH64)) {
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_AARCH64);
+ if (rc != 0)
+ goto out;
+ }
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
--- libseccomp-2.1.1.orig/tools/scmp_arch_detect.c
+++ libseccomp-2.1.1/tools/scmp_arch_detect.c
@@ -78,6 +78,9 @@ int main(int argc, char *argv[])
case SCMP_ARCH_ARM:
printf("arm\n");
break;
+ case SCMP_ARCH_AARCH64:
+ printf("aarch64\n");
+ break;
default:
printf("unknown\n");
}
--- libseccomp-2.1.1.orig/tools/scmp_bpf_sim.c
+++ libseccomp-2.1.1/tools/scmp_bpf_sim.c
@@ -239,6 +239,8 @@ int main(int argc, char *argv[])
sys_data.arch = AUDIT_ARCH_X86_64;
else if (strcmp(optarg, "arm") == 0)
sys_data.arch = AUDIT_ARCH_ARM;
+ else if (strcmp(optarg, "aarch64") == 0)
+ sys_data.arch = AUDIT_ARCH_AARCH64;
else
exit_fault(EINVAL);
break;
--- libseccomp-2.1.1.orig/tools/scmp_sys_resolver.c
+++ libseccomp-2.1.1/tools/scmp_sys_resolver.c
@@ -31,6 +31,7 @@
#include "../src/arch-x86_64.h"
#include "../src/arch-x32.h"
#include "../src/arch-arm.h"
+#include "../src/arch-aarch64.h"
/**
* Print the usage information to stderr and exit
@@ -70,6 +71,8 @@ int main(int argc, char *argv[])
arch = &arch_def_x32;
else if (strcmp(optarg, "arm") == 0)
arch = &arch_def_arm;
+ else if (strcmp(optarg, "aarch64") == 0)
+ arch = &arch_def_aarch64;
else
exit_usage(argv[0]);
break;
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
libseccomp-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
