Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFE: Sync to Linux 6.12 syscall definitions #435

Closed
wants to merge 3 commits into from
Closed

RFE: Sync to Linux 6.12 syscall definitions #435

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b6f36e6
arch: unify handling of syscall.tbl in arch-syscall-validate
xen0n Aug 20, 2024
3cff0d0
arch: adapt arch-syscall-validate to Linux 6.11
xen0n Aug 20, 2024
d909801
syscalls: Update the syscall table for Linux v6.12-rc5
xen0n Aug 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 47 additions & 4 deletions include/seccomp-syscalls.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -276,10 +276,13 @@
#define __PNR_renameat -10242
#define __PNR_riscv_flush_icache -10243
#define __PNR_memfd_secret -10244
#define __PNR_fstat -10245
#define __PNR_atomic_barrier -10246
#define __PNR_atomic_cmpxchg_32 -10247
#define __PNR_getpagesize -10248
#define __PNR_map_shadow_stack -10245
#define __PNR_fstat -10246
#define __PNR_atomic_barrier -10247
#define __PNR_atomic_cmpxchg_32 -10248
#define __PNR_getpagesize -10249
#define __PNR_riscv_hwprobe -10250
#define __PNR_uretprobe -10251

/*
* libseccomp syscall definitions
Expand Down Expand Up @@ -417,6 +420,8 @@
#define __SNR_cacheflush __PNR_cacheflush
#endif

#define __SNR_cachestat __NR_cachestat

#define __SNR_capget __NR_capget

#define __SNR_capset __NR_capset
Expand Down Expand Up @@ -611,6 +616,8 @@

#define __SNR_fchmodat __NR_fchmodat

#define __SNR_fchmodat2 __NR_fchmodat2

#ifdef __NR_fchown
#define __SNR_fchown __NR_fchown
#else
Expand Down Expand Up @@ -733,14 +740,20 @@

#define __SNR_futex __NR_futex

#define __SNR_futex_requeue __NR_futex_requeue

#ifdef __NR_futex_time64
#define __SNR_futex_time64 __NR_futex_time64
#else
#define __SNR_futex_time64 __PNR_futex_time64
#endif

#define __SNR_futex_wait __NR_futex_wait

#define __SNR_futex_waitv __NR_futex_waitv

#define __SNR_futex_wake __NR_futex_wake

#ifdef __NR_futimesat
#define __SNR_futimesat __NR_futimesat
#else
Expand Down Expand Up @@ -1065,6 +1078,8 @@
#define __SNR_listen __PNR_listen
#endif

#define __SNR_listmount __NR_listmount

#define __SNR_listxattr __NR_listxattr

#define __SNR_llistxattr __NR_llistxattr
Expand All @@ -1083,6 +1098,12 @@

#define __SNR_lsetxattr __NR_lsetxattr

#define __SNR_lsm_get_self_attr __NR_lsm_get_self_attr

#define __SNR_lsm_list_modules __NR_lsm_list_modules

#define __SNR_lsm_set_self_attr __NR_lsm_set_self_attr

#ifdef __NR_lstat
#define __SNR_lstat __NR_lstat
#else
Expand All @@ -1097,6 +1118,12 @@

#define __SNR_madvise __NR_madvise

#ifdef __NR_map_shadow_stack
#define __SNR_map_shadow_stack __NR_map_shadow_stack
#else
#define __SNR_map_shadow_stack __PNR_map_shadow_stack
#endif

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't map_shadow_stack() defined for all the arches?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it is, but in this commit the PNR was allocated anyway and the change is already shipped in v2.5.5. So if we're to consider PNR values as part of the public API we would have to keep __PNR_map_shadow_stack defined, and for stylistic consistency we would have to keep this #ifdef-fery as well.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the reminder @xen0n.

In the manpages we "highly recommend" the use of the SCMP_SYS() macro as opposed to directly specifying syscall numbers so it's a bit of a gray area. I think it would be okay for us to modify/remove the PNR syscall values if necessary, but we probably shouldn't do so unless we have a good reason. Considering everything, it looks like you approach of leaving the PNR values as-is is likely the right one. Thanks :)

#ifdef __NR_mbind
#define __SNR_mbind __NR_mbind
#else
Expand Down Expand Up @@ -1219,6 +1246,8 @@

#define __SNR_mremap __NR_mremap

#define __SNR_mseal __NR_mseal

#ifdef __NR_msgctl
#define __SNR_msgctl __NR_msgctl
#else
Expand Down Expand Up @@ -1561,6 +1590,12 @@
#define __SNR_riscv_flush_icache __PNR_riscv_flush_icache
#endif

#ifdef __NR_riscv_hwprobe
#define __SNR_riscv_hwprobe __NR_riscv_hwprobe
#else
#define __SNR_riscv_hwprobe __PNR_riscv_hwprobe
#endif

#ifdef __NR_rmdir
#define __SNR_rmdir __NR_rmdir
#else
Expand Down Expand Up @@ -2051,6 +2086,8 @@
#define __SNR_statfs64 __PNR_statfs64
#endif

#define __SNR_statmount __NR_statmount

#ifdef __NR_statx
#define __SNR_statx __NR_statx
#else
Expand Down Expand Up @@ -2259,6 +2296,12 @@

#define __SNR_unshare __NR_unshare

#ifdef __NR_uretprobe
#define __SNR_uretprobe __NR_uretprobe
#else
#define __SNR_uretprobe __PNR_uretprobe
#endif

#ifdef __NR_uselib
#define __SNR_uselib __NR_uselib
#else
Expand Down
131 changes: 65 additions & 66 deletions src/arch-syscall-validate
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,31 @@ function mangle_lib_syscall() {
sed $sed_filter | sed '/,-[0-9]\+$/d'
}

#
# Dump syscalls matching specified tags from the given syscall.tbl file
#
# Arguments:
# 1 path to the syscall.tbl file to dump
# (rest) tags to match (except "common" which is always included)
#
# Dump the matched syscall table entries to stdout.
#
function dump_from_syscall_tbl() {
local file="$1"
shift

local tag
local tag_regexp='^(common'
for tag in "$@"; do
tag_regexp="${tag_regexp}|${tag}"
done
tag_regexp="${tag_regexp}) "

cat "$file" | grep -v '^#\|^$' | awk '{ print $2,$3,$1 }' | \
grep -E "$tag_regexp" | awk '{ print $2","$3 }' | sort | \
grep -Ev '^(reserved|unused)[0-9]+,'
}

#
# Dump the x86 system syscall table
#
Expand All @@ -171,9 +196,7 @@ function mangle_lib_syscall() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_x86() {
cat $1/arch/x86/entry/syscalls/syscall_32.tbl | \
grep -v "^#" | awk '{ print $3","$1 }' | \
sort
dump_from_syscall_tbl "$1/arch/x86/entry/syscalls/syscall_32.tbl" i386
}

#
Expand All @@ -194,9 +217,7 @@ function dump_lib_x86() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_x86_64() {
cat $1/arch/x86/entry/syscalls/syscall_64.tbl | \
grep -v "^#" | sed '/^$/d' | awk '{ print $2,$3,$1 }' | \
sed '/^x32/d' | awk '{ print $2","$3 }' | sort
dump_from_syscall_tbl "$1/arch/x86/entry/syscalls/syscall_64.tbl" 64
}

#
Expand All @@ -217,9 +238,7 @@ function dump_lib_x86_64() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_x32() {
cat $1/arch/x86/entry/syscalls/syscall_64.tbl | \
grep -v "^#" | sed '/^$/d' | awk '{ print $2,$3,$1 }' | \
sed '/^64/d' | awk '{ print $2","$3 }' | sort
dump_from_syscall_tbl "$1/arch/x86/entry/syscalls/syscall_64.tbl" x32
}

#
Expand All @@ -240,14 +259,12 @@ function dump_lib_x32() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_arm() {
cat $1/arch/arm/tools/syscall.tbl | grep -v "^#" | \
sed -n "/[0-9]\+[ \t]\+\(common\|eabi\)/p" | \
awk '{ print $3","$1 }' | sort | (cat -; \
(cat $1/arch/arm/include/uapi/asm/unistd.h | \
grep "^#define __ARM_NR_" | \
grep -v "^#define __ARM_NR_BASE" | \
sed 's/#define __ARM_NR_\([a-z0-9_]*\)[ \t]\+(__ARM_NR_BASE+\(.*\))/\1 983040 + \2/' | \
awk '{ print $1","$2+$4 }')) | sort
dump_from_syscall_tbl "$1/arch/arm/tools/syscall.tbl" eabi | (cat -; \
(cat $1/arch/arm/include/uapi/asm/unistd.h | \
grep "^#define __ARM_NR_" | \
grep -v "^#define __ARM_NR_BASE" | \
sed 's/#define __ARM_NR_\([a-z0-9_]*\)[ \t]\+(__ARM_NR_BASE+\(.*\))/\1 983040 + \2/' | \
awk '{ print $1","$2+$4 }')) | sort
}

#
Expand All @@ -270,6 +287,13 @@ function dump_lib_arm() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_aarch64() {
local syscall_tbl_file="$1/arch/arm64/tools/syscall_64.tbl"
if [[ -e $syscall_tbl_file ]]; then
dump_from_syscall_tbl "$syscall_tbl_file" \
64 renameat rlimit memfd_secret
return
fi

local sed_filter=""

sed_filter+='s/__NR3264_statfs/43/;'
Expand Down Expand Up @@ -315,6 +339,11 @@ function dump_lib_aarch64() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_loongarch64() {
if [[ -e $1/arch/loongarch/kernel/Makefile.syscalls ]]; then
dump_from_syscall_tbl "$1/scripts/syscall.tbl" 64
return
fi

local sed_filter=""

sed_filter+='s/__NR3264_fadvise64/223/;'
Expand Down Expand Up @@ -356,11 +385,7 @@ function dump_lib_loongarch64() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_m68k() {
cat $1/arch/m68k/kernel/syscalls/syscall.tbl | \
grep -v "^#" | \
sed -n "/[0-9]\+[ \t]\+\(common\)/p" | \
awk '{ print $3","$1 }' | \
sort
dump_from_syscall_tbl "$1/arch/m68k/kernel/syscalls/syscall.tbl"
}

#
Expand All @@ -381,11 +406,7 @@ function dump_lib_m68k() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_mips() {
cat $1/arch/mips/kernel/syscalls/syscall_o32.tbl | \
grep -v "^#" | \
sed -e '/[ \t]\+reserved[0-9]\+[ \t]\+/d;' | \
sed -e '/[ \t]\+unused[0-9]\+[ \t]\+/d;' | \
awk '{ print $3","$1 }' | sort
dump_from_syscall_tbl "$1/arch/mips/kernel/syscalls/syscall_o32.tbl" o32
}

#
Expand All @@ -406,11 +427,7 @@ function dump_lib_mips() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_mips64() {
cat $1/arch/mips/kernel/syscalls/syscall_n64.tbl | \
grep -v "^#" | \
sed -e '/[ \t]\+reserved[0-9]\+[ \t]\+/d;' | \
sed -e '/[ \t]\+unused[0-9]\+[ \t]\+/d;' | \
awk '{ print $3","$1 }' | sort
dump_from_syscall_tbl "$1/arch/mips/kernel/syscalls/syscall_n64.tbl" n64
}

#
Expand All @@ -431,11 +448,7 @@ function dump_lib_mips64() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_mips64n32() {
cat $1/arch/mips/kernel/syscalls/syscall_n32.tbl | \
grep -v "^#" | \
sed -e '/[ \t]\+reserved[0-9]\+[ \t]\+/d;' | \
sed -e '/[ \t]\+unused[0-9]\+[ \t]\+/d;' | \
awk '{ print $3","$1 }' | sort
dump_from_syscall_tbl "$1/arch/mips/kernel/syscalls/syscall_n32.tbl" n32
}

#
Expand All @@ -456,11 +469,7 @@ function dump_lib_mips64n32() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_parisc() {
cat $1/arch/parisc/kernel/syscalls/syscall.tbl | \
grep -v "^#" | \
sed -n "/[0-9]\+[ \t]\+\(common\|32\)/p" | \
awk '{ print $3","$1 }' | \
sort
dump_from_syscall_tbl "$1/arch/parisc/kernel/syscalls/syscall.tbl" 32
}

#
Expand All @@ -481,11 +490,7 @@ function dump_lib_parisc() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_parisc64() {
cat $1/arch/parisc/kernel/syscalls/syscall.tbl | \
grep -v "^#" | \
sed -n "/[0-9]\+[ \t]\+\(common\|64\)/p" | \
awk '{ print $3","$1 }' | \
sort
dump_from_syscall_tbl "$1/arch/parisc/kernel/syscalls/syscall.tbl" 64
}

#
Expand All @@ -506,9 +511,8 @@ function dump_lib_parisc64() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_ppc() {
cat $1/arch/powerpc/kernel/syscalls/syscall.tbl | grep -v "^#" | \
sed -ne "/[0-9]\+[ \t]\+\(common\|nospu\|32\)/p" | \
awk '{ print $3","$1 }' | sort
dump_from_syscall_tbl "$1/arch/powerpc/kernel/syscalls/syscall.tbl" \
nospu 32
}

#
Expand All @@ -529,9 +533,8 @@ function dump_lib_ppc() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_ppc64() {
cat $1/arch/powerpc/kernel/syscalls/syscall.tbl | grep -v "^#" | \
sed -ne "/[0-9]\+[ \t]\+\(common\|nospu\|64\)/p" | \
awk '{ print $3","$1 }' | sort
dump_from_syscall_tbl "$1/arch/powerpc/kernel/syscalls/syscall.tbl" \
nospu 64
}

#
Expand All @@ -552,6 +555,12 @@ function dump_lib_ppc64() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_riscv64() {
if [[ -e $1/arch/riscv/kernel/Makefile.syscalls ]]; then
dump_from_syscall_tbl "$1/scripts/syscall.tbl" \
64 riscv rlimit memfd_secret
return
fi

local sed_filter=""

sed_filter+='s/__NR3264_fadvise64/223/;'
Expand Down Expand Up @@ -595,10 +604,7 @@ function dump_lib_riscv64() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_s390() {
cat $1/arch/s390/kernel/syscalls/syscall.tbl | grep -v "^#" | \
sed -ne "/[0-9]\+[ \t]\+\(common\|32\)/p" | \
awk '{ print $3","$1 }' | \
sort
dump_from_syscall_tbl "$1/arch/s390/kernel/syscalls/syscall.tbl" 32
}

#
Expand All @@ -619,10 +625,7 @@ function dump_lib_s390() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_s390x() {
cat $1/arch/s390/kernel/syscalls/syscall.tbl | grep -v "^#" | \
sed -ne "/[0-9]\+[ \t]\+\(common\|64\)/p" | \
awk '{ print $3","$1 }' | \
sort
dump_from_syscall_tbl "$1/arch/s390/kernel/syscalls/syscall.tbl" 64
}

#
Expand All @@ -643,11 +646,7 @@ function dump_lib_s390x() {
# Dump the architecture's syscall table to stdout.
#
function dump_sys_sh() {
cat $1/arch/sh/kernel/syscalls/syscall.tbl | \
grep -v "^#" | \
sed -n "/[0-9]\+[ \t]\+\(common\)/p" | \
awk '{ print $3","$1 }' | \
sort
dump_from_syscall_tbl "$1/arch/sh/kernel/syscalls/syscall.tbl"
}

#
Expand Down
Loading
Loading