arch: add support for s390x

This patch adds support for S390x (64-bit) architecture.

Signed-off-by: Jan Willeke <willeke@linux.vnet.ibm.com>
[PM: rewrote the subject line, style fixes]
Signed-off-by: Paul Moore <pmoore@redhat.com>

23 files changed, 640 insertions, 5 deletions

diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index 4cfc17c..ea95781 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -163,6 +163,11 @@ struct scmp_arg_cmp {
 #define SCMP_ARCH_MIPSEL64N32	AUDIT_ARCH_MIPSEL64N32
 
 /**
+ * The S390X architecture token
+ */
+#define SCMP_ARCH_S390X		AUDIT_ARCH_S390X
+
+/**
  * Convert a syscall name into the associated syscall number
  * @param x the syscall name
  */
@@ -1476,6 +1481,31 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
 #define __NR_usr32		__PNR_usr32
 #endif /* __ARM_NR_usr32 */
 
+#define __PNR_get_mempolicy            -10180
+#ifndef __NR_get_mempolicy
+#define __NR_get_mempolicy             __PNR_get_mempolicy
+#endif /* __NR_get_mempolicy */
+
+#define __PNR_move_pages            -10181
+#ifndef __NR_move_pages
+#define __NR_move_pages             __PNR_move_pages
+#endif /* __NR_move_pages */
+
+#define __PNR_mbind            -10182
+#ifndef __NR_mbind
+#define __NR_mbind             __PNR_mbind
+#endif /* __NR_mbind */
+
+#define __PNR_set_mempolicy            -10183
+#ifndef __NR_set_mempolicy
+#define __NR_set_mempolicy             __PNR_set_mempolicy
+#endif /* __NR_set_mempolicy */
+
+#define __PNR_s390_runtime_instr -10184
+#ifndef __NR_s390_runtime_instr
+#define __NR_s390_runtime_instr  __PNR_s390_runtime_instr
+#endif /* __NR_s390_runtime_instr */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/Makefile.am b/src/Makefile.am
index a14cefb..d5835fb 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -30,7 +30,8 @@ SOURCES_ARCH = \
 	arch-aarch64.h arch-aarch64.c arch-aarch64-syscalls.c \
 	arch-mips.h arch-mips.c arch-mips-syscalls.c \
 	arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \
-	arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c
+	arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \
+	arch-s390x.h arch-s390x.c arch-s390x-syscalls.c
 
 SOURCES_GEN = \
 	api.c system.h system.c \
diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c
index 27f226c..fa9dce3 100644
--- a/src/arch-aarch64-syscalls.c
+++ b/src/arch-aarch64-syscalls.c
@@ -294,6 +294,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
 	{ "rt_sigsuspend", 133 },
 	{ "rt_sigtimedwait", 137 },
 	{ "rt_tgsigqueueinfo", 240 },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", 125 },
 	{ "sched_get_priority_min", 126 },
 	{ "sched_getaffinity", 123 },
diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
index c478256..2ac2652 100644
--- a/src/arch-arm-syscalls.c
+++ b/src/arch-arm-syscalls.c
@@ -306,6 +306,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
 	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 179) },
 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 177) },
 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 363) },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 159) },
 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 160) },
 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 242) },
diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c
index 7ba77e9..21b9318 100644
--- a/src/arch-mips-syscalls.c
+++ b/src/arch-mips-syscalls.c
@@ -298,6 +298,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
 	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 199) },
 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 197) },
 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 332) },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 163) },
 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 164) },
 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 240) },
diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c
index 6bed000..7ad6afb 100644
--- a/src/arch-mips64-syscalls.c
+++ b/src/arch-mips64-syscalls.c
@@ -298,6 +298,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
 	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 128) },
 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 291) },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 196) },
diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c
index 389784b..e31987e 100644
--- a/src/arch-mips64n32-syscalls.c
+++ b/src/arch-mips64n32-syscalls.c
@@ -298,6 +298,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
 	{ "rt_sigsuspend", (__NR_SYSCALL_BASE + 128) },
 	{ "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
 	{ "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 295) },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
 	{ "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
 	{ "sched_getaffinity", (__NR_SYSCALL_BASE + 196) },
diff --git a/src/arch-s390x-syscalls.c b/src/arch-s390x-syscalls.c
new file mode 100644
index 0000000..0a6f3f8
--- /dev/null
+++ b/src/arch-s390x-syscalls.c
@@ -0,0 +1,485 @@
+/*
+ * Copyright 2015 IBM
+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
+ */
+
+#include <string.h>
+
+#include <seccomp.h>
+
+#include "arch.h"
+#include "arch-s390x.h"
+
+/* NOTE: based on Linux 3.17 */
+const struct arch_syscall_def s390x_syscall_table[] = { \
+	{ "_llseek", __PNR__llseek },
+	{ "_newselect", __PNR__newselect },
+	{ "_sysctl", 149 },
+	{ "accept", __PNR_accept },
+	{ "accept4", __PNR_accept4 },
+	{ "access", 33 },
+	{ "acct", 51 },
+	{ "add_key", 278 },
+	{ "adjtimex", 124 },
+	{ "afs_syscall", 137 },
+	{ "alarm", 27 },
+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
+	{ "arch_prctl", __PNR_arch_prctl },
+	{ "bdflush", 134 },
+	{ "bind", __PNR_bind },
+	{ "bpf", 351 },
+	{ "break", __PNR_break },
+	{ "breakpoint", __PNR_breakpoint },
+	{ "brk", 45 },
+	{ "cachectl", __PNR_cachectl },
+	{ "cacheflush", __PNR_cacheflush },
+	{ "capget", 184 },
+	{ "capset", 185 },
+	{ "chdir", 12 },
+	{ "chmod", 15 },
+	{ "chown", 212 },
+	{ "chown32", __PNR_chown32 },
+	{ "chroot", 61 },
+	{ "clock_adjtime", 337 },
+	{ "clock_getres", 261 },
+	{ "clock_gettime", 260 },
+	{ "clock_nanosleep", 262 },
+	{ "clock_settime", 259 },
+	{ "clone", 120 },
+	{ "close", 6 },
+	{ "connect", __PNR_connect },
+	{ "creat", 8 },
+	{ "create_module", 127 },
+	{ "delete_module", 129 },
+	{ "dup", 41 },
+	{ "dup2", 63 },
+	{ "dup3", 326 },
+	{ "epoll_create", 249 },
+	{ "epoll_create1", 327 },
+	{ "epoll_ctl", 250 },
+	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
+	{ "epoll_pwait", 312 },
+	{ "epoll_wait", 251 },
+	{ "epoll_wait_old", __PNR_epoll_wait_old },
+	{ "eventfd", 318 },
+	{ "eventfd2", 323 },
+	{ "execve", 11 },
+	{ "execveat", 354 },
+	{ "exit", 1 },
+	{ "exit_group", 248 },
+	{ "faccessat", 300 },
+	{ "fadvise64", 253 },
+	{ "fadvise64_64", __PNR_fadvise64_64 },
+	{ "fallocate", 314 },
+	{ "fanotify_init", 332 },
+	{ "fanotify_mark", 333 },
+	{ "fchdir", 133 },
+	{ "fchmod", 94 },
+	{ "fchmodat", 299 },
+	{ "fchown", 207 },
+	{ "fchown32", __PNR_fchown32 },
+	{ "fchownat", 291 },
+	{ "fcntl", 55 },
+	{ "fcntl64", __PNR_fcntl64 },
+	{ "fdatasync", 148 },
+	{ "fgetxattr", 229 },
+	{ "finit_module", 344 },
+	{ "flistxattr", 232 },
+	{ "flock", 143 },
+	{ "fork", 2 },
+	{ "fremovexattr", 235 },
+	{ "fsetxattr", 226 },
+	{ "fstat", 108 },
+	{ "fstat64", __PNR_fstat64 },
+	{ "fstatat64", __PNR_fstatat64 },
+	{ "fstatfs", 100 },
+	{ "fstatfs64", 266 },
+	{ "fsync", 118 },
+	{ "ftime", __PNR_ftime },
+	{ "ftruncate", 93 },
+	{ "ftruncate64", __PNR_ftruncate64 },
+	{ "futex", 238 },
+	{ "futimesat", 292 },
+	{ "get_kernel_syms", 130 },
+	{ "get_mempolicy", __PNR_get_mempolicy },
+	{ "get_robust_list" , 305 },
+	{ "get_thread_area", __PNR_get_thread_area },
+	{ "getcpu", 311 },
+	{ "getcwd", 183 },
+	{ "getdents", 141 },
+	{ "getdents64", 220 },
+	{ "getegid", 202 },
+	{ "getegid32", __PNR_getegid32 },
+	{ "geteuid", 201 },
+	{ "geteuid32", __PNR_geteuid32 },
+	{ "getgid", 200 },
+	{ "getgid32", __PNR_getgid32 },
+	{ "getgroups", 205 },
+	{ "getgroups32", __PNR_getgroups32 },
+	{ "getitimer", 105 },
+	{ "getpeername", __PNR_getpeername },
+	{ "getpgid", 132 },
+	{ "getpgrp", 65 },
+	{ "getpid", 20 },
+	{ "getpmsg", 188 },
+	{ "getppid", 64 },
+	{ "getpriority", 96 },
+	{ "getrandom", 349 },
+	{ "getresgid", 211 },
+	{ "getresgid32", __PNR_getresgid32 },
+	{ "getresuid", 209 },
+	{ "getresuid32", __PNR_getresuid32 },
+	{ "getrlimit", 191 },
+	{ "getrusage", 77 },
+	{ "getsid", 147 },
+	{ "getsockname", __PNR_getsockname },
+	{ "getsockopt", __PNR_getsockopt },
+	{ "gettid", 236 },
+	{ "gettimeofday", 78 },
+	{ "getuid", 199 },
+	{ "getuid32", __PNR_getuid32 },
+	{ "getxattr", 227 },
+	{ "gtty", __PNR_gtty },
+	{ "idle", 112 },
+	{ "init_module", 128 },
+	{ "inotify_add_watch" , 285 },
+	{ "inotify_init", 284 },
+	{ "inotify_init1", 324 },
+	{ "inotify_rm_watch" , 286 },
+	{ "io_cancel", 247 },
+	{ "io_destroy", 244 },
+	{ "io_getevents", 245 },
+	{ "io_setup", 243 },
+	{ "io_submit", 246 },
+	{ "ioctl", 54 },
+	{ "ioperm", __PNR_ioperm},
+	{ "iopl", __PNR_iopl },
+	{ "ioprio_get", 283 },
+	{ "ioprio_set", 282 },
+	{ "ipc", 117 },
+	{ "kcmp", 343 },
+	{ "kexec_file_load", __PNR_kexec_file_load },
+	{ "kexec_load", 277 },
+	{ "keyctl", 280 },
+	{ "kill", 37 },
+	{ "lchown", 198 },
+	{ "lchown32", __PNR_lchown32 },
+	{ "lgetxattr", 228 },
+	{ "link", 9 },
+	{ "linkat", 296 },
+	{ "listen", __PNR_listen },
+	{ "listxattr", 230 },
+	{ "llistxattr", 231 },
+	{ "lock", __PNR_lock },
+	{ "lookup_dcookie", 110 },
+	{ "lremovexattr", 234 },
+	{ "lseek", 19 },
+	{ "lsetxattr", 225 },
+	{ "lstat", 107 },
+	{ "lstat64", __PNR_lstat64 },
+	{ "madvise", 219 },
+	{ "mbind", __PNR_mbind },
+	{ "memfd_create", 350 },
+	{ "migrate_pages", __PNR_migrate_pages },
+	{ "mincore", 218 },
+	{ "mkdir", 39 },
+	{ "mkdirat", 289 },
+	{ "mknod", 14 },
+	{ "mknodat", 290 },
+	{ "mlock", 150 },
+	{ "mlockall", 152 },
+	{ "mmap", 90 },
+	{ "mmap2", __PNR_mmap2 },
+	{ "modify_ldt", __PNR_modify_ldt },
+	{ "mount", 21 },
+	{ "move_pages", __PNR_move_pages },
+	{ "mprotect", 125 },
+	{ "mpx", __PNR_mpx },
+	{ "mq_getsetattr", 276 },
+	{ "mq_notify", 275 },
+	{ "mq_open", 271 },
+	{ "mq_timedreceive" , 274 },
+	{ "mq_timedsend", 273 },
+	{ "mq_unlink", 272 },
+	{ "mremap", 163 },
+	{ "msgctl", __PNR_msgctl },
+	{ "msgget", __PNR_msgget },
+	{ "msgrcv", __PNR_msgrcv },
+	{ "msgsnd", __PNR_msgsnd },
+	{ "msync", 144 },
+	{ "munlock", 151 },
+	{ "munlockall", 153 },
+	{ "munmap", 91 },
+	{ "name_to_handle_at", 335 },
+	{ "nanosleep", 162 },
+	{ "newfstatat", 293 },
+	{ "nfsservctl", 169 },
+	{ "nice", 34 },
+	{ "oldfstat", __PNR_oldfstat },
+	{ "oldlstat", __PNR_oldlstat },
+	{ "oldolduname", __PNR_oldolduname },
+	{ "oldstat", __PNR_oldstat },
+	{ "olduname", __PNR_olduname },
+	{ "oldwait4", __PNR_oldwait4 },
+	{ "open", 5 },
+	{ "open_by_handle_at", 336 },
+	{ "openat", 288 },
+	{ "pause", 29 },
+	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
+	{ "pciconfig_read", __PNR_pciconfig_read },
+	{ "pciconfig_write", __PNR_pciconfig_write },
+	{ "perf_event_open", 331 },
+	{ "personality", 136 },
+	{ "pipe", 42 },
+	{ "pipe2", 325 },
+	{ "pivot_root", 217 },
+	{ "poll", 168 },
+	{ "ppoll", 302 },
+	{ "prctl", 172 },
+	{ "pread64", 180 },
+	{ "preadv", 328 },
+	{ "prlimit64", 334 },
+	{ "process_vm_readv", 340 },
+	{ "process_vm_writev", 341 },
+	{ "prof", __PNR_prof },
+	{ "profil", __PNR_profil },
+	{ "pselect6", 301 },
+	{ "ptrace", 26 },
+	{ "putpmsg", 189 },
+	{ "pwrite64", 181 },
+	{ "pwritev", 329 },
+	{ "query_module", 167 },
+	{ "quotactl", 131 },
+	{ "read", 3 },
+	{ "readahead", 222 },
+	{ "readdir", 89 },
+	{ "readlink", 85 },
+	{ "readlinkat", 298 },
+	{ "readv", 145 },
+	{ "reboot", 88 },
+	{ "recv", __PNR_recv },
+	{ "recvfrom", __PNR_recvfrom },
+	{ "recvmmsg", __PNR_recvmmsg },
+	{ "recvmsg", __PNR_recvmsg },
+	{ "remap_file_pages", 267 },
+	{ "removexattr", 233 },
+	{ "rename", 38 },
+	{ "renameat", 295 },
+	{ "renameat2", 347 },
+	{ "request_key", 279 },
+	{ "restart_syscall", 7 },
+	{ "rmdir", 40 },
+	{ "rt_sigaction", 174 },
+	{ "rt_sigpending", 176 },
+	{ "rt_sigprocmask", 175 },
+	{ "rt_sigqueueinfo", 178 },
+	{ "rt_sigreturn", 173 },
+	{ "rt_sigsuspend", 179 },
+	{ "rt_sigtimedwait", 177 },
+	{ "rt_tgsigqueueinfo", 330 },
+	{ "s390_runtime_instr", 342 },
+	{ "sched_get_priority_max", 159 },
+	{ "sched_get_priority_min", 160 },
+	{ "sched_getaffinity" , 240 },
+	{ "sched_getattr", 346 },
+	{ "sched_getparam", 155 },
+	{ "sched_getscheduler", 157 },
+	{ "sched_rr_get_interval", 161 },
+	{ "sched_setaffinity" , 239 },
+	{ "sched_setattr", 345 },
+	{ "sched_setparam", 154 },
+	{ "sched_setscheduler", 156 },
+	{ "sched_yield", 158 },
+	{ "seccomp", 348 },
+	{ "security", __PNR_security },
+	{ "select", 142 },
+	{ "semctl", __PNR_semctl },
+	{ "semget", __PNR_semget },
+	{ "semop", __PNR_semop },
+	{ "semtimedop", __PNR_semtimedop },
+	{ "send", __PNR_send },
+	{ "sendfile", 187 },
+	{ "sendfile64", __PNR_sendfile64 },
+	{ "sendmmsg", __PNR_sendmmsg },
+	{ "sendmsg", __PNR_sendmsg },
+	{ "sendto", __PNR_sendto },
+	{ "set_mempolicy", __PNR_set_mempolicy },
+	{ "set_robust_list" , 304 },
+	{ "set_thread_area", __PNR_set_thread_area },
+	{ "set_tid_address", 252 },
+	{ "set_tls", __PNR_set_tls },
+	{ "setdomainname", 121 },
+	{ "setfsgid", 216 },
+	{ "setfsgid32", __PNR_setfsgid32 },
+	{ "setfsuid", 215 },
+	{ "setfsuid32", __PNR_setfsuid32 },
+	{ "setgid", 214 },
+	{ "setgid32", __PNR_setgid32 },
+	{ "setgroups", 206 },
+	{ "setgroups32", __PNR_setgroups32 },
+	{ "sethostname", 74 },
+	{ "setitimer", 104 },
+	{ "setns", 339 },
+	{ "setpgid", 57 },
+	{ "setpriority", 97 },
+	{ "setregid", 204 },
+	{ "setregid32", __PNR_setregid32 },
+	{ "setresgid", 210 },
+	{ "setresgid32", __PNR_setresgid32 },
+	{ "setresuid", 208 },
+	{ "setresuid32", __PNR_setresuid32 },
+	{ "setreuid", 203 },
+	{ "setreuid32", __PNR_setreuid32 },
+	{ "setrlimit", 75 },
+	{ "setsid", 66 },
+	{ "setsockopt", __PNR_setsockopt },
+	{ "settimeofday", 79 },
+	{ "setuid", 213 },
+	{ "setuid32", __PNR_setuid32 },
+	{ "setxattr", 224 },
+	{ "sgetmask", __PNR_sgetmask },
+	{ "shmat", __PNR_shmat },
+	{ "shmctl", __PNR_shmctl },
+	{ "shmdt", __PNR_shmdt },
+	{ "shmget", __PNR_shmget },
+	{ "shutdown", __PNR_shutdown },
+	{ "sigaction", 67 },
+	{ "sigaltstack", 186 },
+	{ "signal", 48 },
+	{ "signalfd", 316 },
+	{ "signalfd4", 322 },
+	{ "sigpending", 73 },
+	{ "sigprocmask", 126 },
+	{ "sigreturn", 119 },
+	{ "sigsuspend", 72 },
+	{ "socket", __PNR_socket },
+	{ "socketcall", 102 },
+	{ "socketpair", __PNR_socketpair },
+	{ "splice", 306 },
+	{ "ssetmask", __PNR_ssetmask },
+	{ "stat", 106 },
+	{ "stat64", __PNR_stat64 },
+	{ "statfs", 99 },
+	{ "statfs64", 265 },
+	{ "stime", __PNR_stime },
+	{ "stty", __PNR_stty },
+	{ "swapoff", 115 },
+	{ "swapon", 87 },
+	{ "symlink", 83 },
+	{ "symlinkat", 297 },
+	{ "sync", 36 },
+	{ "sync_file_range" , 307 },
+	{ "sync_file_range2", __PNR_sync_file_range2 },
+	{ "syncfs", 338 },
+	{ "syscall", __PNR_syscall },
+	{ "sysfs", 135 },
+	{ "sysinfo", 116 },
+	{ "syslog", 103 },
+	{ "sysmips", __PNR_sysmips },
+	{ "tee", 308 },
+	{ "tgkill", 241 },
+	{ "time",  __PNR_time },
+	{ "timer_create", 254 },
+	{ "timer_delete", 258 },
+	{ "timer_getoverrun", 257 },
+	{ "timer_gettime", 256 },
+	{ "timer_settime", 255 },
+	{ "timerfd", 317 },
+	{ "timerfd_create", 319 },
+	{ "timerfd_gettime", 321 },
+	{ "timerfd_settime", 320 },
+	{ "times", 43 },
+	{ "tkill", 237 },
+	{ "truncate", 92 },
+	{ "truncate64", __PNR_truncate64 },
+	{ "tuxcall", __PNR_tuxcall },
+	{ "ugetrlimit", __PNR_ugetrlimit },
+	{ "ulimit", __PNR_ulimit },
+	{ "umask", 60 },
+	{ "umount", 22 },
+	{ "umount2", 52 },
+	{ "uname", 122 },
+	{ "unlink", 10 },
+	{ "unlinkat", 294 },
+	{ "unshare", 303 },
+	{ "uselib", 86 },
+	{ "usr26", __PNR_usr26 },
+	{ "usr32", __PNR_usr32 },
+	{ "ustat", 62 },
+	{ "utime", 30 },
+	{ "utimensat", 315 },
+	{ "utimes", 313 },
+	{ "vfork", 190 },
+	{ "vhangup", 111 },
+	{ "vm86", __PNR_vm86 },
+	{ "vm86old", __PNR_vm86old },
+	{ "vmsplice", 309 },
+	{ "vserver", __PNR_vserver },
+	{ "wait4", 114 },
+	{ "waitid", 281 },
+	{ "waitpid", __PNR_waitpid },
+	{ "write", 4 },
+	{ "writev", 146 },
+	{ NULL, __NR_SCMP_ERROR },
+};
+
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number using the syscall table.
+ * Returns the syscall number on success, including negative pseudo syscall
+ * numbers; returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int s390x_syscall_resolve_name(const char *name)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = s390x_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+	for (iter = 0; table[iter].name != NULL; iter++) {
+		if (strcmp(name, table[iter].name) == 0)
+			return table[iter].num;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
+ * Resolve a syscall number to a name
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name using the syscall table.
+ * Returns a pointer to the syscall name string on success, including pseudo
+ * syscall names; returns NULL on failure.
+ *
+ */
+const char *s390x_syscall_resolve_num(int num)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = s390x_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
+		if (num == table[iter].num)
+			return table[iter].name;
+	}
+
+	return NULL;
+}
+
+/**
+ * Iterate through the syscall table and return the syscall name
+ * @param spot the offset into the syscall table
+ *
+ * Return the syscall name at position @spot or NULL on failure.  This function
+ * should only ever be used internally by libseccomp.
+ *
+ */
+const char *s390x_syscall_iterate_name(unsigned int spot)
+{
+	/* XXX - no safety checks here */
+	return s390x_syscall_table[spot].name;
+}
diff --git a/src/arch-s390x.c b/src/arch-s390x.c
new file mode 100644
index 0000000..23c711c
--- /dev/null
+++ b/src/arch-s390x.c
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2015 IBM
+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <linux/audit.h>
+
+#include "arch.h"
+#include "arch-s390x.h"
+
+const struct arch_def arch_def_s390x = {
+	.token = SCMP_ARCH_S390X,
+	.token_bpf = AUDIT_ARCH_S390X,
+	.size = ARCH_SIZE_64,
+	.endian = ARCH_ENDIAN_BIG,
+};
diff --git a/src/arch-s390x.h b/src/arch-s390x.h
new file mode 100644
index 0000000..054044b
--- /dev/null
+++ b/src/arch-s390x.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2015 IBM
+ * Author: Jan Willeke <willeke@linux.vnet.com.com>
+ */
+
+#ifndef _ARCH_s390x_H
+#define _ARCH_s390x_H
+
+#include <inttypes.h>
+
+#include "arch.h"
+#include "system.h"
+
+#define s390x_arg_count_max		6
+
+extern const struct arch_def arch_def_s390x;
+#define s390x_arg_offset(x)		(offsetof(struct seccomp_data, args[x]))
+
+#define s390x_arg_offset_lo(x)		(s390x_arg_offset(x) + 4)
+#define s390x_arg_offset_hi(x)		(s390x_arg_offset(x))
+
+int s390x_syscall_resolve_name(const char *name);
+const char *s390x_syscall_resolve_num(int num);
+const char *s390x_syscall_iterate_name(unsigned int spot);
+const char *s390x_syscall_iterate_name(unsigned int spot);
+#endif
diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c
index a074c9d..4d0e67d 100644
--- a/src/arch-syscall-check.c
+++ b/src/arch-syscall-check.c
@@ -33,6 +33,7 @@
 #include "arch-mips.h"
 #include "arch-mips64.h"
 #include "arch-mips64n32.h"
+#include "arch-s390x.h"
 
 /**
  * compare the syscall values
@@ -67,6 +68,7 @@ int main(int argc, char *argv[])
 	int i_mips = 0;
 	int i_mips64 = 0;
 	int i_mips64n32 = 0;
+	int i_s390x = 0;
 	const char *sys_name;
 	char str_miss[256];
 
@@ -93,6 +95,8 @@ int main(int argc, char *argv[])
 			      mips64_syscall_iterate_name(i_mips64));
 		syscall_check(str_miss, sys_name, "mips64n32",
 			      mips64n32_syscall_iterate_name(i_mips64n32));
+		syscall_check(str_miss, sys_name, "s390x",
+			      s390x_syscall_iterate_name(i_s390x));
 
 		/* output the results */
 		printf("%s: ", sys_name);
@@ -119,9 +123,12 @@ int main(int argc, char *argv[])
 			i_mips64n32 = -1;
 		if (!aarch64_syscall_iterate_name(++i_aarch64))
 			i_aarch64 = -1;
+		if (!s390x_syscall_iterate_name(++i_s390x))
+			i_s390x = -1;
 	} while (i_x86_64 >= 0 && i_x32 >= 0 &&
 		 i_arm >= 0 && i_aarch64 >= 0 &&
-		 i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0);
+		 i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
+		 i_s390x >= 0);
 
 	/* check for any leftovers */
 	sys_name = x86_syscall_iterate_name(i_x86 + 1);
@@ -164,6 +171,11 @@ int main(int argc, char *argv[])
 		       mips64n32_syscall_iterate_name(i_mips64n32));
 		return 1;
 	}
+	if (i_s390x >= 0) {
+		printf("%s: ERROR, s390x has additional syscalls\n",
+		       mips64n32_syscall_iterate_name(i_s390x));
+		return 1;
+	}
 
 	/* if we made it here, all is good */
 	return 0;
diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c
index 4f53070..833bfdd 100644
--- a/src/arch-syscall-dump.c
+++ b/src/arch-syscall-dump.c
@@ -38,6 +38,7 @@
 #include "arch-mips64.h"
 #include "arch-mips64n32.h"
 #include "arch-aarch64.h"
+#include "arch-s390x.h"
 
 /**
  * Print the usage information to stderr and exit
@@ -112,6 +113,9 @@ int main(int argc, char *argv[])
 		case SCMP_ARCH_AARCH64:
 			sys_name = aarch64_syscall_iterate_name(iter);
 			break;
+		case SCMP_ARCH_S390X:
+			sys_name = s390x_syscall_iterate_name(iter);
+			break;
 		default:
 			/* invalid arch */
 			exit_usage(argv[0]);
diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
index 7cf7b8b..69849bd 100755
--- a/src/arch-syscall-validate
+++ b/src/arch-syscall-validate
@@ -319,6 +319,28 @@ function dump_lib_mips64n32() {
 }
 
 #
+# Dump the s390x library syscall table
+#
+#  Dump the library's syscall table to stdout.
+#
+function dump_lib_s390x() {
+	$LIB_SYS_DUMP -a s390x | grep -v - | sort
+}
+
+#
+# Dump the s390x system syscall table
+#
+# Arguments:
+#     1    path to the kernel source
+#
+#  Dump the architecture's syscall table to stdout.
+#
+function dump_sys_s390x() {
+	gcc -dM -E $1/arch/s390/include/uapi/asm/unistd.h | grep __NR | \
+	    sed 's/#define __NR_//g' | sed 's/ /\t/g' | sort
+}
+
+#
 # Dump the system syscall table
 #
 # Arguments:
@@ -353,6 +375,9 @@ function dump_sys() {
 	mips64n32)
 		dump_sys_mips64n32 "$2"
 		;;
+	s390x)
+		dump_sys_s390x "$2"
+		;;
 	*)
 		echo ""
 		;;
@@ -393,6 +418,9 @@ function dump_lib() {
 	mips64n32)
 		dump_lib_mips64n32
 		;;
+	s390x)
+		dump_lib_s390x "$2"
+		;;
 	*)
 		echo ""
 		;;
@@ -439,7 +467,7 @@ shift $(($OPTIND - 1))
 
 # defaults
 if [[ $opt_arches == "" ]]; then
-	opt_arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32"
+	opt_arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 s390x"
 fi
 
 # sanity checks
diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c
index dc4af60..3478a3a 100644
--- a/src/arch-x32-syscalls.c
+++ b/src/arch-x32-syscalls.c
@@ -294,6 +294,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
 	{ "rt_sigsuspend", (X32_SYSCALL_BIT + 130) },
 	{ "rt_sigtimedwait", (X32_SYSCALL_BIT + 523) },
 	{ "rt_tgsigqueueinfo", (X32_SYSCALL_BIT + 536) },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", (X32_SYSCALL_BIT + 146) },
 	{ "sched_get_priority_min", (X32_SYSCALL_BIT + 147) },
 	{ "sched_getaffinity", (X32_SYSCALL_BIT + 204) },
diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c
index 1669289..b5c7028 100644
--- a/src/arch-x86-syscalls.c
+++ b/src/arch-x86-syscalls.c
@@ -294,6 +294,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
 	{ "rt_sigsuspend", 179 },
 	{ "rt_sigtimedwait", 177 },
 	{ "rt_tgsigqueueinfo", 335 },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", 159 },
 	{ "sched_get_priority_min", 160 },
 	{ "sched_getaffinity", 242 },
diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c
index 96ca210..d3cff14 100644
--- a/src/arch-x86_64-syscalls.c
+++ b/src/arch-x86_64-syscalls.c
@@ -294,6 +294,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
 	{ "rt_sigsuspend", 130 },
 	{ "rt_sigtimedwait", 128 },
 	{ "rt_tgsigqueueinfo", 297 },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
 	{ "sched_get_priority_max", 146 },
 	{ "sched_get_priority_min", 147 },
 	{ "sched_getaffinity", 204 },
diff --git a/src/arch.c b/src/arch.c
index 9681115..7083e95 100644
--- a/src/arch.c
+++ b/src/arch.c
@@ -38,6 +38,7 @@
 #include "arch-mips.h"
 #include "arch-mips64.h"
 #include "arch-mips64n32.h"
+#include "arch-s390x.h"
 #include "system.h"
 
 #define default_arg_count_max		6
@@ -74,6 +75,8 @@ const struct arch_def *arch_def_native = &arch_def_mips64n32;
 #elif __MIPSEL__
 const struct arch_def *arch_def_native = &arch_def_mipsel64n32;
 #endif /* _MIPS_SIM_NABI32 */
+#elif __s390x__
+const struct arch_def *arch_def_native = &arch_def_s390x;
 #else
 #error the arch code needs to know about your machine type
 #endif /* machine type guess */
@@ -122,6 +125,8 @@ const struct arch_def *arch_def_lookup(uint32_t token)
 		return &arch_def_mips64n32;
 	case SCMP_ARCH_MIPSEL64N32:
 		return &arch_def_mipsel64n32;
+	case SCMP_ARCH_S390X:
+		return &arch_def_s390x;
 	}
 
 	return NULL;
@@ -158,6 +163,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
 		return &arch_def_mips64n32;
 	else if (strcmp(arch_name, "mipsel64n32") == 0)
 		return &arch_def_mipsel64n32;
+	else if (strcmp(arch_name, "s390x") == 0)
+		return &arch_def_s390x;
 
 	return NULL;
 }
@@ -276,6 +283,8 @@ int arch_syscall_resolve_name(const struct arch_def *arch, const char *name)
 	case SCMP_ARCH_MIPS64N32:
 	case SCMP_ARCH_MIPSEL64N32:
 		return mips64n32_syscall_resolve_name(name);
+	case SCMP_ARCH_S390X:
+		return s390x_syscall_resolve_name(name);
 	}
 
 	return __NR_SCMP_ERROR;
@@ -313,6 +322,8 @@ const char *arch_syscall_resolve_num(const struct arch_def *arch, int num)
 	case SCMP_ARCH_MIPS64N32:
 	case SCMP_ARCH_MIPSEL64N32:
 		return mips64n32_syscall_resolve_num(num);
+	case SCMP_ARCH_S390X:
+		return s390x_syscall_resolve_num(num);
 	}
 
 	return NULL;
diff --git a/src/gen_pfc.c b/src/gen_pfc.c
index 4f2ee4f..5fc2cc7 100644
--- a/src/gen_pfc.c
+++ b/src/gen_pfc.c
@@ -71,6 +71,8 @@ static const char *_pfc_arch(const struct arch_def *arch)
 		return "mips64n32";
 	case SCMP_ARCH_MIPSEL64N32:
 		return "mipsel64n32";
+	case SCMP_ARCH_S390X:
+		return "s390x";
 	default:
 		return "UNKNOWN";
 	}
diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c
index a951b3c..0dcd78d 100644
--- a/tests/26-sim-arch_all_be_basic.c
+++ b/tests/26-sim-arch_all_be_basic.c
@@ -52,6 +52,9 @@ int main(int argc, char *argv[])
 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
 	if (rc != 0)
 		goto out;
+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("s390x"));
+	if (rc != 0)
+		goto out;
 
 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
diff --git a/tests/regression b/tests/regression
index 428bdf2..ccc029b 100755
--- a/tests/regression
+++ b/tests/regression
@@ -22,7 +22,7 @@
 #
 
 GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32"
-GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32"
+GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32 s390x"
 
 GLBL_SYS_ARCH="../tools/scmp_arch_detect"
 GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
@@ -667,7 +667,7 @@ function run_test_live() {
 
 	# setup the arch specific return values
 	case "$arch" in
-	x86|x86_64|x32|arm|aarch64)
+	x86|x86_64|x32|arm|aarch64|s390x)
 		rc_kill=159
 		rc_allow=160
 		rc_trap=161
diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
index 5a87252..1382190 100644
--- a/tools/scmp_arch_detect.c
+++ b/tools/scmp_arch_detect.c
@@ -99,6 +99,9 @@ int main(int argc, char *argv[])
 		case SCMP_ARCH_MIPSEL64N32:
 			printf("mipsel64n32\n");
 			break;
+		case SCMP_ARCH_S390X:
+			printf("s390x\n");
+			break;
 		default:
 			printf("unknown\n");
 		}
diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
index bb3a2e7..b32c880 100644
--- a/tools/scmp_bpf_sim.c
+++ b/tools/scmp_bpf_sim.c
@@ -249,6 +249,8 @@ int main(int argc, char *argv[])
 				arch = AUDIT_ARCH_MIPS64N32;
 			else if (strcmp(optarg, "mipsel64n32") == 0)
 				arch = AUDIT_ARCH_MIPSEL64N32;
+			else if (strcmp(optarg, "s390x") == 0)
+				arch = AUDIT_ARCH_S390X;
 			else
 				exit_fault(EINVAL);
 			break;
diff --git a/tools/util.c b/tools/util.c
index 9b58bbb..edafbd9 100644
--- a/tools/util.c
+++ b/tools/util.c
@@ -62,6 +62,8 @@
 #elif __MIPSEL__
 #define ARCH_NATIVE		AUDIT_ARCH_MIPSEL64N32
 #endif /* _MIPS_SIM_NABI32 */
+#elif __s390x__
+#define ARCH_NATIVE		AUDIT_ARCH_S390X
 #else
 #error the simulator code needs to know about your machine type
 #endif