From d49008ca26d7c9fad93d166969caf1c91338b455 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Thu, 2 Feb 2017 19:22:42 -0500 Subject: all: update the syscall validation code/scripts for January 2017 A variety of updates to reflect changes in the Linux Kernel and the library itself with the goal of making sure the syscall checking scripts continue to work. Signed-off-by: Paul Moore (imported from commit 486c16401ea59657750987b19641d4b8fcc972e2) --- src/arch-aarch64-syscalls.c | 10 ++--- src/arch-aarch64.h | 3 +- src/arch-arm-syscalls.c | 10 ++--- src/arch-arm.h | 2 +- src/arch-mips-syscalls.c | 10 ++--- src/arch-mips.h | 2 +- src/arch-mips64-syscalls.c | 10 ++--- src/arch-mips64.h | 2 +- src/arch-mips64n32-syscalls.c | 10 ++--- src/arch-mips64n32.h | 2 +- src/arch-ppc-syscalls.c | 10 ++--- src/arch-ppc.h | 2 +- src/arch-ppc64-syscalls.c | 10 ++--- src/arch-ppc64.h | 2 +- src/arch-s390-syscalls.c | 11 ++--- src/arch-s390.h | 2 +- src/arch-s390x-syscalls.c | 10 ++--- src/arch-s390x.h | 2 +- src/arch-syscall-check.c | 97 ++++++++++++++++++++----------------------- src/arch-syscall-dump.c | 36 ++++++++-------- src/arch-syscall-validate | 27 +++++------- src/arch-x32-syscalls.c | 10 ++--- src/arch-x32.h | 2 +- src/arch-x86-syscalls.c | 10 ++--- src/arch-x86.h | 2 +- src/arch-x86_64-syscalls.c | 10 ++--- src/arch-x86_64.h | 2 +- src/arch.h | 15 +------ 28 files changed, 147 insertions(+), 174 deletions(-) diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c index 6c04ad5..84f5d60 100644 --- a/src/arch-aarch64-syscalls.c +++ b/src/arch-aarch64-syscalls.c @@ -507,15 +507,15 @@ const char *aarch64_syscall_resolve_num(int num) /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *aarch64_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *aarch64_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return aarch64_syscall_table[spot].name; + return &aarch64_syscall_table[spot]; } diff --git a/src/arch-aarch64.h b/src/arch-aarch64.h index ddfb111..cde11cf 100644 --- a/src/arch-aarch64.h +++ b/src/arch-aarch64.h @@ -32,5 +32,6 @@ extern const struct arch_def arch_def_aarch64; int aarch64_syscall_resolve_name(const char *name); const char *aarch64_syscall_resolve_num(int num); -const char *aarch64_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *aarch64_syscall_iterate(unsigned int spot); + #endif diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c index e7e2d31..6f40caa 100644 --- a/src/arch-arm-syscalls.c +++ b/src/arch-arm-syscalls.c @@ -518,15 +518,15 @@ const char *arm_syscall_resolve_num(int num) } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *arm_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *arm_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return arm_syscall_table[spot].name; + return &arm_syscall_table[spot]; } diff --git a/src/arch-arm.h b/src/arch-arm.h index 22466e6..9f675d8 100644 --- a/src/arch-arm.h +++ b/src/arch-arm.h @@ -32,6 +32,6 @@ extern const struct arch_def arch_def_arm; int arm_syscall_resolve_name(const char *name); const char *arm_syscall_resolve_num(int num); -const char *arm_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *arm_syscall_iterate(unsigned int spot); #endif diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c index dada5a9..e53f565 100644 --- a/src/arch-mips-syscalls.c +++ b/src/arch-mips-syscalls.c @@ -510,15 +510,15 @@ const char *mips_syscall_resolve_num(int num) } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *mips_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *mips_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return mips_syscall_table[spot].name; + return &mips_syscall_table[spot]; } diff --git a/src/arch-mips.h b/src/arch-mips.h index cce1a17..51f86ce 100644 --- a/src/arch-mips.h +++ b/src/arch-mips.h @@ -34,6 +34,6 @@ extern const struct arch_def arch_def_mipsel; int mips_syscall_resolve_name(const char *name); const char *mips_syscall_resolve_num(int num); -const char *mips_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *mips_syscall_iterate(unsigned int spot); #endif diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c index bbf8906..248acaf 100644 --- a/src/arch-mips64-syscalls.c +++ b/src/arch-mips64-syscalls.c @@ -510,15 +510,15 @@ const char *mips64_syscall_resolve_num(int num) } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *mips64_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *mips64_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return mips64_syscall_table[spot].name; + return &mips64_syscall_table[spot]; } diff --git a/src/arch-mips64.h b/src/arch-mips64.h index 47a6a5a..7f231ce 100644 --- a/src/arch-mips64.h +++ b/src/arch-mips64.h @@ -34,6 +34,6 @@ extern const struct arch_def arch_def_mipsel64; int mips64_syscall_resolve_name(const char *name); const char *mips64_syscall_resolve_num(int num); -const char *mips64_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *mips64_syscall_iterate(unsigned int spot); #endif \ No newline at end of file diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c index 3484882..1525f8b 100644 --- a/src/arch-mips64n32-syscalls.c +++ b/src/arch-mips64n32-syscalls.c @@ -510,15 +510,15 @@ const char *mips64n32_syscall_resolve_num(int num) } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *mips64n32_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *mips64n32_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return mips64n32_syscall_table[spot].name; + return &mips64n32_syscall_table[spot]; } diff --git a/src/arch-mips64n32.h b/src/arch-mips64n32.h index db676cf..fd7e542 100644 --- a/src/arch-mips64n32.h +++ b/src/arch-mips64n32.h @@ -34,6 +34,6 @@ extern const struct arch_def arch_def_mipsel64n32; int mips64n32_syscall_resolve_name(const char *name); const char *mips64n32_syscall_resolve_num(int num); -const char *mips64n32_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *mips64n32_syscall_iterate(unsigned int spot); #endif diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c index 26b4ff1..85570bd 100644 --- a/src/arch-ppc-syscalls.c +++ b/src/arch-ppc-syscalls.c @@ -507,15 +507,15 @@ const char *ppc_syscall_resolve_num(int num) } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *ppc_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *ppc_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return ppc_syscall_table[spot].name; + return &ppc_syscall_table[spot]; } diff --git a/src/arch-ppc.h b/src/arch-ppc.h index 627a168..0b5ffa5 100644 --- a/src/arch-ppc.h +++ b/src/arch-ppc.h @@ -33,6 +33,6 @@ extern const struct arch_def arch_def_ppc; int ppc_syscall_resolve_name(const char *name); const char *ppc_syscall_resolve_num(int num); -const char *ppc_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *ppc_syscall_iterate(unsigned int spot); #endif diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c index 3ebd086..47cb56c 100644 --- a/src/arch-ppc64-syscalls.c +++ b/src/arch-ppc64-syscalls.c @@ -507,15 +507,15 @@ const char *ppc64_syscall_resolve_num(int num) } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *ppc64_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *ppc64_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return ppc64_syscall_table[spot].name; + return &ppc64_syscall_table[spot]; } diff --git a/src/arch-ppc64.h b/src/arch-ppc64.h index 60efb17..beb24f7 100644 --- a/src/arch-ppc64.h +++ b/src/arch-ppc64.h @@ -34,6 +34,6 @@ extern const struct arch_def arch_def_ppc64le; int ppc64_syscall_resolve_name(const char *name); const char *ppc64_syscall_resolve_num(int num); -const char *ppc64_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *ppc64_syscall_iterate(unsigned int spot); #endif diff --git a/src/arch-s390-syscalls.c b/src/arch-s390-syscalls.c index 84253a6..959b42f 100644 --- a/src/arch-s390-syscalls.c +++ b/src/arch-s390-syscalls.c @@ -572,16 +572,17 @@ const char *s390_syscall_resolve_num(int num) return NULL; } + /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *s390_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *s390_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return s390_syscall_table[spot].name; + return &s390_syscall_table[spot]; } diff --git a/src/arch-s390.h b/src/arch-s390.h index 899c952..3d41f5f 100644 --- a/src/arch-s390.h +++ b/src/arch-s390.h @@ -20,7 +20,7 @@ extern const struct arch_def arch_def_s390; int s390_syscall_resolve_name(const char *name); const char *s390_syscall_resolve_num(int num); -const char *s390_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *s390_syscall_iterate(unsigned int spot); int s390_syscall_rewrite(int *syscall); diff --git a/src/arch-s390x-syscalls.c b/src/arch-s390x-syscalls.c index cc9763d..f6a2759 100644 --- a/src/arch-s390x-syscalls.c +++ b/src/arch-s390x-syscalls.c @@ -574,15 +574,15 @@ const char *s390x_syscall_resolve_num(int num) } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *s390x_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *s390x_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return s390x_syscall_table[spot].name; + return &s390x_syscall_table[spot]; } diff --git a/src/arch-s390x.h b/src/arch-s390x.h index 2857d7f..37bed67 100644 --- a/src/arch-s390x.h +++ b/src/arch-s390x.h @@ -23,7 +23,7 @@ extern const struct arch_def arch_def_s390x; int s390x_syscall_resolve_name(const char *name); const char *s390x_syscall_resolve_num(int num); -const char *s390x_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *s390x_syscall_iterate(unsigned int spot); int s390x_syscall_rewrite(int *syscall); diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c index 71ec0b5..35a8687 100644 --- a/src/arch-syscall-check.c +++ b/src/arch-syscall-check.c @@ -49,9 +49,9 @@ * */ void syscall_check(char *str_miss, const char *syscall, - const char *arch_name, const char *arch_sys) + const char *arch_name, const struct arch_syscall_def *sys) { - if (strcmp(syscall, arch_sys)) { + if (strcmp(syscall, sys->name)) { if (str_miss[0] != '\0') strcat(str_miss, ","); strcat(str_miss, arch_name); @@ -75,40 +75,42 @@ int main(int argc, char *argv[]) int i_ppc64 = 0; int i_s390 = 0; int i_s390x = 0; - const char *sys_name; char str_miss[256]; + const char *sys_name; + const struct arch_syscall_def *sys; do { str_miss[0] = '\0'; - sys_name = x86_syscall_iterate_name(i_x86); - if (sys_name == NULL) { + sys = x86_syscall_iterate(i_x86); + if (sys == NULL || sys->name == NULL) { printf("FAULT\n"); return 1; } + sys_name = sys->name; /* check each arch using x86 as the reference */ syscall_check(str_miss, sys_name, "x86_64", - x86_64_syscall_iterate_name(i_x86_64)); + x86_64_syscall_iterate(i_x86_64)); syscall_check(str_miss, sys_name, "x32", - x32_syscall_iterate_name(i_x32)); + x32_syscall_iterate(i_x32)); syscall_check(str_miss, sys_name, "arm", - arm_syscall_iterate_name(i_arm)); + arm_syscall_iterate(i_arm)); syscall_check(str_miss, sys_name, "aarch64", - aarch64_syscall_iterate_name(i_aarch64)); + aarch64_syscall_iterate(i_aarch64)); syscall_check(str_miss, sys_name, "mips", - mips_syscall_iterate_name(i_mips)); + mips_syscall_iterate(i_mips)); syscall_check(str_miss, sys_name, "mips64", - mips64_syscall_iterate_name(i_mips64)); + mips64_syscall_iterate(i_mips64)); syscall_check(str_miss, sys_name, "mips64n32", - mips64n32_syscall_iterate_name(i_mips64n32)); + mips64n32_syscall_iterate(i_mips64n32)); syscall_check(str_miss, sys_name, "ppc", - ppc_syscall_iterate_name(i_ppc)); + ppc_syscall_iterate(i_ppc)); syscall_check(str_miss, sys_name, "ppc64", - ppc64_syscall_iterate_name(i_ppc64)); + ppc64_syscall_iterate(i_ppc64)); syscall_check(str_miss, sys_name, "s390", - s390_syscall_iterate_name(i_s390)); + s390_syscall_iterate(i_s390)); syscall_check(str_miss, sys_name, "s390x", - s390x_syscall_iterate_name(i_s390x)); + s390x_syscall_iterate(i_s390x)); /* output the results */ printf("%s: ", sys_name); @@ -119,29 +121,29 @@ int main(int argc, char *argv[]) printf("OK\n"); /* next */ - if (x86_syscall_iterate_name(i_x86 + 1)) + if (x86_syscall_iterate(i_x86 + 1)) i_x86++; - if (!x86_64_syscall_iterate_name(++i_x86_64)) + if (!x86_64_syscall_iterate(++i_x86_64)->name) i_x86_64 = -1; - if (!x32_syscall_iterate_name(++i_x32)) + if (!x32_syscall_iterate(++i_x32)->name) i_x32 = -1; - if (!arm_syscall_iterate_name(++i_arm)) + if (!arm_syscall_iterate(++i_arm)->name) i_arm = -1; - if (!aarch64_syscall_iterate_name(++i_aarch64)) + if (!aarch64_syscall_iterate(++i_aarch64)->name) i_aarch64 = -1; - if (!mips_syscall_iterate_name(++i_mips)) + if (!mips_syscall_iterate(++i_mips)->name) i_mips = -1; - if (!mips64_syscall_iterate_name(++i_mips64)) + if (!mips64_syscall_iterate(++i_mips64)->name) i_mips64 = -1; - if (!mips64n32_syscall_iterate_name(++i_mips64n32)) + if (!mips64n32_syscall_iterate(++i_mips64n32)->name) i_mips64n32 = -1; - if (!ppc_syscall_iterate_name(++i_ppc)) + if (!ppc_syscall_iterate(++i_ppc)) i_ppc = -1; - if (!ppc64_syscall_iterate_name(++i_ppc64)) + if (!ppc64_syscall_iterate(++i_ppc64)->name) i_ppc64 = -1; - if (!s390_syscall_iterate_name(++i_s390)) + if (!s390_syscall_iterate(++i_s390)->name) i_s390 = -1; - if (!s390x_syscall_iterate_name(++i_s390x)) + if (!s390x_syscall_iterate(++i_s390x)->name) i_s390x = -1; } while (i_x86_64 >= 0 && i_x32 >= 0 && i_arm >= 0 && i_aarch64 >= 0 && @@ -150,63 +152,52 @@ int main(int argc, char *argv[]) i_s390 >= 0 && i_s390x >= 0); /* check for any leftovers */ - sys_name = x86_syscall_iterate_name(i_x86 + 1); - if (sys_name) { - printf("%s: ERROR, x86 has additional syscalls\n", sys_name); + sys = x86_syscall_iterate(i_x86 + 1); + if (sys->name) { + printf("ERROR, x86 has additional syscalls\n"); return 1; } if (i_x86_64 >= 0) { - printf("%s: ERROR, x86_64 has additional syscalls\n", - x86_64_syscall_iterate_name(i_x86_64)); + printf("ERROR, x86_64 has additional syscalls\n"); return 1; } if (i_x32 >= 0) { - printf("%s: ERROR, x32 has additional syscalls\n", - x32_syscall_iterate_name(i_x32)); + printf("ERROR, x32 has additional syscalls\n"); return 1; } if (i_arm >= 0) { - printf("%s: ERROR, arm has additional syscalls\n", - arm_syscall_iterate_name(i_arm)); + printf("ERROR, arm has additional syscalls\n"); return 1; } if (i_aarch64 >= 0) { - printf("%s: ERROR, aarch64 has additional syscalls\n", - aarch64_syscall_iterate_name(i_aarch64)); + printf("ERROR, aarch64 has additional syscalls\n"); return 1; } if (i_mips >= 0) { - printf("%s: ERROR, mips has additional syscalls\n", - mips_syscall_iterate_name(i_mips)); + printf("ERROR, mips has additional syscalls\n"); return 1; } if (i_mips64 >= 0) { - printf("%s: ERROR, mips64 has additional syscalls\n", - mips64_syscall_iterate_name(i_mips64)); + printf("ERROR, mips64 has additional syscalls\n"); return 1; } if (i_mips64n32 >= 0) { - printf("%s: ERROR, mips64n32 has additional syscalls\n", - mips64n32_syscall_iterate_name(i_mips64n32)); + printf("ERROR, mips64n32 has additional syscalls\n"); return 1; } if (i_ppc >= 0) { - printf("%s: ERROR, ppc has additional syscalls\n", - ppc_syscall_iterate_name(i_ppc)); + printf("ERROR, ppc has additional syscalls\n"); } if (i_ppc64 >= 0) { - printf("%s: ERROR, ppc64 has additional syscalls\n", - ppc64_syscall_iterate_name(i_ppc64)); + printf("ERROR, ppc64 has additional syscalls\n"); return 1; } if (i_s390 >= 0) { - printf("%s: ERROR, s390 has additional syscalls\n", - s390_syscall_iterate_name(i_s390)); + printf("ERROR, s390 has additional syscalls\n"); return 1; } if (i_s390x >= 0) { - printf("%s: ERROR, s390x has additional syscalls\n", - s390x_syscall_iterate_name(i_s390x)); + printf("ERROR, s390x has additional syscalls\n"); return 1; } diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c index 636fd9a..2747dcf 100644 --- a/src/arch-syscall-dump.c +++ b/src/arch-syscall-dump.c @@ -65,8 +65,7 @@ int main(int argc, char *argv[]) const struct arch_def *arch = arch_def_native; int offset = 0; int iter; - int sys_num; - const char *sys_name; + const struct arch_syscall_def *sys; /* parse the command line */ while ((opt = getopt(argc, argv, "a:o:h")) > 0) { @@ -90,61 +89,62 @@ int main(int argc, char *argv[]) do { switch (arch->token) { case SCMP_ARCH_X86: - sys_name = x86_syscall_iterate_name(iter); + sys = x86_syscall_iterate(iter); break; case SCMP_ARCH_X86_64: - sys_name = x86_64_syscall_iterate_name(iter); + sys = x86_64_syscall_iterate(iter); break; case SCMP_ARCH_X32: - sys_name = x32_syscall_iterate_name(iter); + sys = x32_syscall_iterate(iter); break; case SCMP_ARCH_ARM: - sys_name = arm_syscall_iterate_name(iter); + sys = arm_syscall_iterate(iter); break; case SCMP_ARCH_AARCH64: - sys_name = aarch64_syscall_iterate_name(iter); + sys = aarch64_syscall_iterate(iter); break; case SCMP_ARCH_MIPS: case SCMP_ARCH_MIPSEL: - sys_name = mips_syscall_iterate_name(iter); + sys = mips_syscall_iterate(iter); break; case SCMP_ARCH_MIPS64: case SCMP_ARCH_MIPSEL64: - sys_name = mips64_syscall_iterate_name(iter); + sys = mips64_syscall_iterate(iter); break; case SCMP_ARCH_MIPS64N32: case SCMP_ARCH_MIPSEL64N32: - sys_name = mips64n32_syscall_iterate_name(iter); + sys = mips64n32_syscall_iterate(iter); break; case SCMP_ARCH_PPC: - sys_name = ppc_syscall_iterate_name(iter); + sys = ppc_syscall_iterate(iter); break; case SCMP_ARCH_PPC64: case SCMP_ARCH_PPC64LE: - sys_name = ppc64_syscall_iterate_name(iter); + sys = ppc64_syscall_iterate(iter); break; case SCMP_ARCH_S390: - sys_name = s390_syscall_iterate_name(iter); + sys = s390_syscall_iterate(iter); break; case SCMP_ARCH_S390X: - sys_name = s390x_syscall_iterate_name(iter); + sys = s390x_syscall_iterate(iter); break; default: /* invalid arch */ exit_usage(argv[0]); } - if (sys_name != NULL) { - sys_num = arch_syscall_resolve_name(arch, sys_name); + if (sys->name != NULL) { + int sys_num = sys->num; + if (offset > 0 && sys_num > 0) sys_num -= offset; /* output the results */ - printf("%s\t%d\n", sys_name, sys_num); + printf("%s\t%d\n", sys->name, sys_num); /* next */ iter++; } - } while (sys_name != NULL); + } while (sys->name != NULL); return 0; } diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate index 17f63fe..97c3378 100755 --- a/src/arch-syscall-validate +++ b/src/arch-syscall-validate @@ -166,22 +166,13 @@ function dump_lib_x32() { # Dump the architecture's syscall table to stdout. # function dump_sys_arm() { - # NOTE: arm_sync_file_range() and sync_file_range2() share values - gcc -E -dM -D__ARM_EABI__ $1/arch/arm/include/uapi/asm/unistd.h | \ - grep "^#define __\(ARM_\)*NR_" | \ - grep -v "^#define __NR_OABI_SYSCALL_BASE" | \ - grep -v "^#define __NR_SYSCALL_BASE" | \ - grep -v "^#define __ARM_NR_BASE" | \ - sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_SYSCALL_BASE[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/;s/#define[ \t]\+__ARM_NR_\([^ \t]\+\)[ \t]\+(__ARM_NR_BASE[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t983040 + \2/' | \ - while read line; do \ - if echo "$line" | grep -q "+"; then \ - echo "$line" | awk '{ print $1"\t"$2+$4 }'; \ - else \ - echo "$line"; \ - fi; \ - done | \ - sed -e '/#define __NR_sync_file_range2[ \t]\+__NR_arm_sync_file_range/d' | \ - sort + cat $1/arch/arm/tools/syscall.tbl | grep -v "^#" | \ + sed -ne "/[0-9]\+[ \t]\+\(common\|eabi\)/p" | \ + awk '{ print $3"\t"$1 }' | sort | (cat -; \ + (cat $1/arch/arm/include/uapi/asm/unistd.h | \ + grep "^#define __ARM_NR_" | grep -v "^#define __ARM_NR_BASE" | \ + sed -e 's/#define __ARM_NR_\([a-z0-9_]*\)[ \t]\+(__ARM_NR_BASE+\(.*\))/\1 983040 + \2/' | \ + awk '{ print $1"\t"$2+$4 }')) | sort } # @@ -203,7 +194,9 @@ function dump_lib_arm() { # Dump the architecture's syscall table to stdout. # function dump_sys_aarch64() { - gcc -E -dM -I$1/include/uapi -D__BITS_PER_LONG=64 $1/include/uapi/asm-generic/unistd.h | \ + gcc -E -dM -I$1/include/uapi \ + -D__BITS_PER_LONG=64 -D__ARCH_WANT_RENAMEAT \ + $1/include/uapi/asm-generic/unistd.h | \ grep "^#define __NR_" | \ sed -e '/__NR_syscalls/d' | \ sed -e '/__NR_arch_specific_syscall/d' | \ diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c index 5b9970b..64e180a 100644 --- a/src/arch-x32-syscalls.c +++ b/src/arch-x32-syscalls.c @@ -506,15 +506,15 @@ const char *x32_syscall_resolve_num(int num) } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *x32_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *x32_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return x32_syscall_table[spot].name; + return &x32_syscall_table[spot]; } diff --git a/src/arch-x32.h b/src/arch-x32.h index 13d9aab..d166c3c 100644 --- a/src/arch-x32.h +++ b/src/arch-x32.h @@ -34,6 +34,6 @@ extern const struct arch_def arch_def_x32; int x32_syscall_resolve_name(const char *name); const char *x32_syscall_resolve_num(int num); -const char *x32_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *x32_syscall_iterate(unsigned int spot); #endif diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c index 00684ac..5443095 100644 --- a/src/arch-x86-syscalls.c +++ b/src/arch-x86-syscalls.c @@ -590,15 +590,15 @@ const char *x86_syscall_resolve_num(int num) } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *x86_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *x86_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return x86_syscall_table[spot].name; + return &x86_syscall_table[spot]; } diff --git a/src/arch-x86.h b/src/arch-x86.h index 89635b2..f8d7b4e 100644 --- a/src/arch-x86.h +++ b/src/arch-x86.h @@ -33,7 +33,7 @@ extern const struct arch_def arch_def_x86; int x86_syscall_resolve_name(const char *name); const char *x86_syscall_resolve_num(int num); -const char *x86_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *x86_syscall_iterate(unsigned int spot); int x86_syscall_rewrite(int *syscall); diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c index 655cf5f..6c389b8 100644 --- a/src/arch-x86_64-syscalls.c +++ b/src/arch-x86_64-syscalls.c @@ -506,16 +506,16 @@ const char *x86_64_syscall_resolve_num(int num) } /** - * Iterate through the syscall table and return the syscall name + * Iterate through the syscall table and return the syscall mapping * @param spot the offset into the syscall table * - * Return the syscall name at position @spot or NULL on failure. This function - * should only ever be used internally by libseccomp. + * Return the syscall mapping at position @spot or NULL on failure. This + * function should only ever be used internally by libseccomp. * */ -const char *x86_64_syscall_iterate_name(unsigned int spot) +const struct arch_syscall_def *x86_64_syscall_iterate(unsigned int spot) { /* XXX - no safety checks here */ - return x86_64_syscall_table[spot].name; + return &x86_64_syscall_table[spot]; } diff --git a/src/arch-x86_64.h b/src/arch-x86_64.h index dc09c63..c770d75 100644 --- a/src/arch-x86_64.h +++ b/src/arch-x86_64.h @@ -32,6 +32,6 @@ extern const struct arch_def arch_def_x86_64; int x86_64_syscall_resolve_name(const char *name); const char *x86_64_syscall_resolve_num(int num); -const char *x86_64_syscall_iterate_name(unsigned int spot); +const struct arch_syscall_def *x86_64_syscall_iterate(unsigned int spot); #endif diff --git a/src/arch.h b/src/arch.h index 7f15cf5..8077e8b 100644 --- a/src/arch.h +++ b/src/arch.h @@ -60,20 +60,7 @@ struct arch_def { /* arch_def for the current architecture */ extern const struct arch_def *arch_def_native; -/* NOTE: Syscall mappings can be found by running the following commands - * on the specific architecture's include file: - * # gcc -E -dM | grep '__NR_' - * where in many cases is /usr/include/asm/unistd.h, however, - * depending on the architecture you may need to use a different header. - * Further, you can automatically format this list for use as a struct - * initializer with the following command: - * # gcc -E -dM | grep '__NR_' | \ - * sed -e 's/#define[ \t]\+__NR_//' | sort | \ - * sed -e 's/\([^ \t]\+\)\([ \t]\+\)\([0-9]\+\)/\t{ \"\1\", \3 },/' - * Finally, when creating a table/array of this structure, the final - * sentinel entry should be "{ NULL, __NR_SCMP_ERROR }"; see the existing - * tables as an example. - */ +/* syscall name/num mapping */ struct arch_syscall_def { const char *name; unsigned int num; -- cgit v1.2.1