Index: libseccomp-2.1.1/include/seccomp.h.in =================================================================== --- libseccomp-2.1.1.orig/include/seccomp.h.in +++ libseccomp-2.1.1/include/seccomp.h.in @@ -122,6 +122,26 @@ struct scmp_arg_cmp { #define SCMP_ARCH_ARM AUDIT_ARCH_ARM /** + * The S390X architecture token + */ +#define SCMP_ARCH_S390X AUDIT_ARCH_S390X + +/** + * The S390 architecture token + */ +#define SCMP_ARCH_S390 AUDIT_ARCH_S390 + +/** + * The PowerPC architecture token + */ +#define SCMP_ARCH_PPC AUDIT_ARCH_PPC + +/** + * The PowerPC64 architecture token + */ +#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64 + +/** * Convert a syscall name into the associated syscall number * @param x the syscall name */ Index: libseccomp-2.1.1/src/arch.c =================================================================== --- libseccomp-2.1.1.orig/src/arch.c +++ libseccomp-2.1.1/src/arch.c @@ -34,6 +34,10 @@ #include "arch-x86_64.h" #include "arch-x32.h" #include "arch-arm.h" +#include "arch-s390x.h" +#include "arch-s390.h" +#include "arch-ppc.h" +#include "arch-ppc64.h" #include "system.h" #if __i386__ @@ -46,6 +50,14 @@ const struct arch_def *arch_def_native = #endif /* __ILP32__ */ #elif __arm__ const struct arch_def *arch_def_native = &arch_def_arm; +#elif __s390__ +const struct arch_def *arch_def_native = &arch_def_s390; +#elif __s390x__ +const struct arch_def *arch_def_native = &arch_def_s390x; +#elif __powerpc64__ +const struct arch_def *arch_def_native = &arch_def_ppc64; +#elif __powerpc__ +const struct arch_def *arch_def_native = &arch_def_ppc; #else #error the arch code needs to know about your machine type #endif /* machine type guess */ @@ -64,6 +76,10 @@ int arch_valid(uint32_t arch) case SCMP_ARCH_X86_64: case SCMP_ARCH_X32: case SCMP_ARCH_ARM: + case SCMP_ARCH_S390: + case SCMP_ARCH_S390X: + case SCMP_ARCH_PPC64: + case SCMP_ARCH_PPC: return 0; } @@ -88,6 +104,14 @@ const struct arch_def *arch_def_lookup(u return &arch_def_x32; case SCMP_ARCH_ARM: return &arch_def_arm; + case SCMP_ARCH_S390: + return &arch_def_s390; + case SCMP_ARCH_S390X: + return &arch_def_s390x; + case SCMP_ARCH_PPC64: + return &arch_def_ppc64; + case SCMP_ARCH_PPC: + return &arch_def_ppc; } return NULL; @@ -112,6 +136,14 @@ int arch_arg_count_max(const struct arch return x32_arg_count_max; case SCMP_ARCH_ARM: return arm_arg_count_max; + case SCMP_ARCH_S390: + return s390_arg_count_max; + case SCMP_ARCH_S390X: + return s390x_arg_count_max; + case SCMP_ARCH_PPC64: + return ppc64_arg_count_max; + case SCMP_ARCH_PPC: + return ppc_arg_count_max; } return -EDOM; @@ -130,6 +162,10 @@ int arch_arg_count_max(const struct arch int arch_arg_offset_lo(const struct arch_def *arch, unsigned int arg) { switch (arch->token) { + case SCMP_ARCH_PPC64: + return ppc64_arg_offset_lo(arg); + case SCMP_ARCH_S390X: + return s390x_arg_offset_lo(arg); case SCMP_ARCH_X86_64: return x86_64_arg_offset_lo(arg); default: @@ -150,6 +186,10 @@ int arch_arg_offset_lo(const struct arch int arch_arg_offset_hi(const struct arch_def *arch, unsigned int arg) { switch (arch->token) { + case SCMP_ARCH_PPC64: + return ppc64_arg_offset_hi(arg); + case SCMP_ARCH_S390X: + return s390x_arg_offset_hi(arg); case SCMP_ARCH_X86_64: return x86_64_arg_offset_hi(arg); default: @@ -178,6 +218,14 @@ int arch_syscall_resolve_name(const stru return x32_syscall_resolve_name(name); case SCMP_ARCH_ARM: return arm_syscall_resolve_name(name); + case SCMP_ARCH_S390: + return s390_syscall_resolve_name(name); + case SCMP_ARCH_S390X: + return s390x_syscall_resolve_name(name); + case SCMP_ARCH_PPC64: + return ppc64_syscall_resolve_name(name); + case SCMP_ARCH_PPC: + return ppc_syscall_resolve_name(name); } return __NR_SCMP_ERROR; @@ -204,6 +252,14 @@ const char *arch_syscall_resolve_num(con return x32_syscall_resolve_num(num); case SCMP_ARCH_ARM: return arm_syscall_resolve_num(num); + case SCMP_ARCH_S390: + return s390_syscall_resolve_num(num); + case SCMP_ARCH_S390X: + return s390x_syscall_resolve_num(num); + case SCMP_ARCH_PPC64: + return ppc64_syscall_resolve_num(num); + case SCMP_ARCH_PPC: + return ppc_syscall_resolve_num(num); } return NULL; Index: libseccomp-2.1.1/src/arch-s390x.c =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-s390x.c @@ -0,0 +1,34 @@ +/** + * Enhanced Seccomp S390X Specific Code + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include + +#include "arch.h" +#include "arch-s390x.h" + +const struct arch_def arch_def_s390x = { + .token = SCMP_ARCH_S390X, + .token_bpf = AUDIT_ARCH_S390X, + .size = ARCH_SIZE_64, + .endian = ARCH_ENDIAN_BIG, +}; Index: libseccomp-2.1.1/src/arch-s390x.h =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-s390x.h @@ -0,0 +1,40 @@ +/** + * Enhanced Seccomp S390X Specific Code + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#ifndef _ARCH_S390X_H +#define _ARCH_S390X_H + +#include + +#include "arch.h" +#include "system.h" + +#define s390x_arg_count_max 6 + +extern const struct arch_def arch_def_s390x; + +#define s390x_arg_offset_lo(x) (arch_arg_offset(x) + 4) +#define s390x_arg_offset_hi(x) (arch_arg_offset(x)) + +int s390x_syscall_resolve_name(const char *name); +const char *s390x_syscall_resolve_num(int num); + +#endif Index: libseccomp-2.1.1/src/arch-s390x-syscalls.c =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-s390x-syscalls.c @@ -0,0 +1,367 @@ +/** + * Enhanced Seccomp s390x Syscall Table + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include + +#include + +#include "arch.h" +#include "arch-s390x.h" + +/* NOTE: based on Linux 3.13 */ + +static const struct arch_syscall_def s390x_syscall_table[] = { \ + { "exit", 1 }, + { "fork", 2 }, + { "read", 3 }, + { "write", 4 }, + { "open", 5 }, + { "close", 6 }, + { "restart_syscall", 7 }, + { "creat", 8 }, + { "link", 9 }, + { "unlink", 10 }, + { "execve", 11 }, + { "chdir", 12 }, + { "mknod", 14 }, + { "chmod", 15 }, + { "lseek", 19 }, + { "getpid", 20 }, + { "mount", 21 }, + { "umount", 22 }, + { "ptrace", 26 }, + { "alarm", 27 }, + { "pause", 29 }, + { "utime", 30 }, + { "access", 33 }, + { "nice", 34 }, + { "sync", 36 }, + { "kill", 37 }, + { "rename", 38 }, + { "mkdir", 39 }, + { "rmdir", 40 }, + { "dup", 41 }, + { "pipe", 42 }, + { "times", 43 }, + { "brk", 45 }, + { "signal", 48 }, + { "acct", 51 }, + { "umount2", 52 }, + { "ioctl", 54 }, + { "fcntl", 55 }, + { "setpgid", 57 }, + { "umask", 60 }, + { "chroot", 61 }, + { "ustat", 62 }, + { "dup2", 63 }, + { "getppid", 64 }, + { "getpgrp", 65 }, + { "setsid", 66 }, + { "sigaction", 67 }, + { "sigsuspend", 72 }, + { "sigpending", 73 }, + { "sethostname", 74 }, + { "setrlimit", 75 }, + { "getrusage", 77 }, + { "gettimeofday", 78 }, + { "settimeofday", 79 }, + { "symlink", 83 }, + { "readlink", 85 }, + { "uselib", 86 }, + { "swapon", 87 }, + { "reboot", 88 }, + { "readdir", 89 }, + { "mmap", 90 }, + { "munmap", 91 }, + { "truncate", 92 }, + { "ftruncate", 93 }, + { "fchmod", 94 }, + { "getpriority", 96 }, + { "setpriority", 97 }, + { "statfs", 99 }, + { "fstatfs", 100 }, + { "socketcall", 102 }, + { "syslog", 103 }, + { "setitimer", 104 }, + { "getitimer", 105 }, + { "stat", 106 }, + { "lstat", 107 }, + { "fstat", 108 }, + { "lookup_dcookie", 110 }, + { "vhangup", 111 }, + { "idle", 112 }, + { "wait4", 114 }, + { "swapoff", 115 }, + { "sysinfo", 116 }, + { "ipc", 117 }, + { "fsync", 118 }, + { "sigreturn", 119 }, + { "clone", 120 }, + { "setdomainname", 121 }, + { "uname", 122 }, + { "adjtimex", 124 }, + { "mprotect", 125 }, + { "sigprocmask", 126 }, + { "create_module", 127 }, + { "init_module", 128 }, + { "delete_module", 129 }, + { "get_kernel_syms", 130 }, + { "quotactl", 131 }, + { "getpgid", 132 }, + { "fchdir", 133 }, + { "bdflush", 134 }, + { "sysfs", 135 }, + { "personality", 136 }, + { "afs_syscall", 137 }, + { "getdents", 141 }, + { "flock", 143 }, + { "msync", 144 }, + { "readv", 145 }, + { "writev", 146 }, + { "getsid", 147 }, + { "fdatasync", 148 }, + { "_sysctl", 149 }, + { "mlock", 150 }, + { "munlock", 151 }, + { "mlockall", 152 }, + { "munlockall", 153 }, + { "sched_setparam", 154 }, + { "sched_getparam", 155 }, + { "sched_setscheduler", 156 }, + { "sched_getscheduler", 157 }, + { "sched_yield", 158 }, + { "sched_get_priority_max", 159 }, + { "sched_get_priority_min", 160 }, + { "sched_rr_get_interval", 161 }, + { "nanosleep", 162 }, + { "mremap", 163 }, + { "query_module", 167 }, + { "poll", 168 }, + { "nfsservctl", 169 }, + { "prctl", 172 }, + { "rt_sigreturn", 173 }, + { "rt_sigaction", 174 }, + { "rt_sigprocmask", 175 }, + { "rt_sigpending", 176 }, + { "rt_sigtimedwait", 177 }, + { "rt_sigqueueinfo", 178 }, + { "rt_sigsuspend", 179 }, + { "pread64", 180 }, + { "pwrite64", 181 }, + { "getcwd", 183 }, + { "capget", 184 }, + { "capset", 185 }, + { "sigaltstack", 186 }, + { "sendfile", 187 }, + { "getpmsg", 188 }, + { "putpmsg", 189 }, + { "vfork", 190 }, + { "pivot_root", 217 }, + { "mincore", 218 }, + { "madvise", 219 }, + { "getdents64", 220 }, + { "readahead", 222 }, + { "setxattr", 224 }, + { "lsetxattr", 225 }, + { "fsetxattr", 226 }, + { "getxattr", 227 }, + { "lgetxattr", 228 }, + { "fgetxattr", 229 }, + { "listxattr", 230 }, + { "llistxattr", 231 }, + { "flistxattr", 232 }, + { "removexattr", 233 }, + { "lremovexattr", 234 }, + { "fremovexattr", 235 }, + { "gettid", 236 }, + { "tkill", 237 }, + { "futex", 238 }, + { "sched_setaffinity", 239 }, + { "sched_getaffinity", 240 }, + { "tgkill", 241 }, + { "io_setup", 243 }, + { "io_destroy", 244 }, + { "io_getevents", 245 }, + { "io_submit", 246 }, + { "io_cancel", 247 }, + { "exit_group", 248 }, + { "epoll_create", 249 }, + { "epoll_ctl", 250 }, + { "epoll_wait", 251 }, + { "set_tid_address", 252 }, + { "fadvise64", 253 }, + { "timer_create", 254 }, + { "timer_settime", 255 }, + { "timer_gettime", 256 }, + { "timer_getoverrun", 257 }, + { "timer_delete", 258 }, + { "clock_settime", 259 }, + { "clock_gettime", 260 }, + { "clock_getres", 261 }, + { "clock_nanosleep", 262 }, + { "statfs64", 265 }, + { "fstatfs64", 266 }, + { "remap_file_pages", 267 }, + { "mq_open", 271 }, + { "mq_unlink", 272 }, + { "mq_timedsend", 273 }, + { "mq_timedreceive", 274 }, + { "mq_notify", 275 }, + { "mq_getsetattr", 276 }, + { "kexec_load", 277 }, + { "add_key", 278 }, + { "request_key", 279 }, + { "keyctl", 280 }, + { "waitid", 281 }, + { "ioprio_set", 282 }, + { "ioprio_get", 283 }, + { "inotify_init", 284 }, + { "inotify_add_watch", 285 }, + { "inotify_rm_watch", 286 }, + { "openat", 288 }, + { "mkdirat", 289 }, + { "mknodat", 290 }, + { "fchownat", 291 }, + { "futimesat", 292 }, + { "unlinkat", 294 }, + { "renameat", 295 }, + { "linkat", 296 }, + { "symlinkat", 297 }, + { "readlinkat", 298 }, + { "fchmodat", 299 }, + { "faccessat", 300 }, + { "pselect6", 301 }, + { "ppoll", 302 }, + { "unshare", 303 }, + { "set_robust_list", 304 }, + { "get_robust_list", 305 }, + { "splice", 306 }, + { "sync_file_range", 307 }, + { "tee", 308 }, + { "vmsplice", 309 }, + { "getcpu", 311 }, + { "epoll_pwait", 312 }, + { "utimes", 313 }, + { "fallocate", 314 }, + { "utimensat", 315 }, + { "signalfd", 316 }, + { "timerfd", 317 }, + { "eventfd", 318 }, + { "timerfd_create", 319 }, + { "timerfd_settime", 320 }, + { "timerfd_gettime", 321 }, + { "signalfd4", 322 }, + { "eventfd2", 323 }, + { "inotify_init1", 324 }, + { "pipe2", 325 }, + { "dup3", 326 }, + { "epoll_create1", 327 }, + { "preadv", 328 }, + { "pwritev", 329 }, + { "rt_tgsigqueueinfo", 330 }, + { "perf_event_open", 331 }, + { "fanotify_init", 332 }, + { "fanotify_mark", 333 }, + { "prlimit64", 334 }, + { "name_to_handle_at", 335 }, + { "open_by_handle_at", 336 }, + { "clock_adjtime", 337 }, + { "syncfs", 338 }, + { "setns", 339 }, + { "process_vm_readv", 340 }, + { "process_vm_writev", 341 }, + { "s390_runtime_instr", 342 }, + { "kcmp", 343 }, + { "finit_module", 344 }, + { "sched_setattr", 345 }, + { "sched_getattr", 346 }, + { "select", 142 }, + { "getrlimit", 191 }, + { "lchown", 198 }, + { "getuid", 199 }, + { "getgid", 200 }, + { "geteuid", 201 }, + { "getegid", 202 }, + { "setreuid", 203 }, + { "setregid", 204 }, + { "getgroups", 205 }, + { "setgroups", 206 }, + { "fchown", 207 }, + { "setresuid", 208 }, + { "getresuid", 209 }, + { "setresgid", 210 }, + { "getresgid", 211 }, + { "chown", 212 }, + { "setuid", 213 }, + { "setgid", 214 }, + { "setfsuid", 215 }, + { "setfsgid", 216 }, + { "newfstatat", 293 }, + + {NULL, __NR_SCMP_ERROR}, +}; + + +/** + * Resolve a syscall name to a number + * @param name the syscall name + * + * Resolve the given syscall name to the syscall number using the syscall table. + * Returns the syscall number on success, including negative pseudo syscall + * numbers; returns __NR_SCMP_ERROR on failure. + * + */ +int s390x_syscall_resolve_name(const char *name) +{ + unsigned int iter; + const struct arch_syscall_def *table = s390x_syscall_table; + + /* XXX - plenty of room for future improvement here */ + for (iter = 0; table[iter].name != NULL; iter++) { + if (strcmp(name, table[iter].name) == 0) + return table[iter].num; + } + + return __NR_SCMP_ERROR; +} + +/** + * Resolve a syscall number to a name + * @param num the syscall number + * + * Resolve the given syscall number to the syscall name using the syscall table. + * Returns a pointer to the syscall name string on success, including pseudo + * syscall names; returns NULL on failure. + * + */ +const char *s390x_syscall_resolve_num(int num) +{ + unsigned int iter; + const struct arch_syscall_def *table = s390x_syscall_table; + + /* XXX - plenty of room for future improvement here */ + for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { + if (num == table[iter].num) + return table[iter].name; + } + + return NULL; +} Index: libseccomp-2.1.1/src/gen_pfc.c =================================================================== --- libseccomp-2.1.1.orig/src/gen_pfc.c +++ libseccomp-2.1.1/src/gen_pfc.c @@ -57,6 +57,14 @@ static const char *_pfc_arch(const struc return "x32"; case SCMP_ARCH_ARM: return "arm"; + case SCMP_ARCH_S390X: + return "s390x"; + case SCMP_ARCH_S390: + return "s390"; + case SCMP_ARCH_PPC: + return "ppc"; + case SCMP_ARCH_PPC64: + return "ppc64"; default: return "UNKNOWN"; } Index: libseccomp-2.1.1/src/Makefile =================================================================== --- libseccomp-2.1.1.orig/src/Makefile +++ libseccomp-2.1.1/src/Makefile @@ -42,6 +42,7 @@ OBJS = \ arch-x86_64.o arch-x86_64-syscalls.o \ arch-x32.o arch-x32-syscalls.o \ arch-arm.o arch-arm-syscalls.o \ + arch-s390x.o arch-s390x-syscalls.o \ hash.o \ gen_pfc.o gen_bpf.o Index: libseccomp-2.1.1/tools/scmp_arch_detect.c =================================================================== --- libseccomp-2.1.1.orig/tools/scmp_arch_detect.c +++ libseccomp-2.1.1/tools/scmp_arch_detect.c @@ -78,6 +78,18 @@ int main(int argc, char *argv[]) case SCMP_ARCH_ARM: printf("arm\n"); break; + case SCMP_ARCH_S390: + printf("s390\n"); + break; + case SCMP_ARCH_S390X: + printf("s390x\n"); + break; + case SCMP_ARCH_PPC: + printf("ppc\n"); + break; + case SCMP_ARCH_PPC64: + printf("ppc64\n"); + break; default: printf("unknown\n"); } Index: libseccomp-2.1.1/tools/scmp_bpf_sim.c =================================================================== --- libseccomp-2.1.1.orig/tools/scmp_bpf_sim.c +++ libseccomp-2.1.1/tools/scmp_bpf_sim.c @@ -239,6 +239,14 @@ int main(int argc, char *argv[]) sys_data.arch = AUDIT_ARCH_X86_64; else if (strcmp(optarg, "arm") == 0) sys_data.arch = AUDIT_ARCH_ARM; + else if (strcmp(optarg, "s390") == 0) + sys_data.arch = AUDIT_ARCH_S390; + else if (strcmp(optarg, "s390x") == 0) + sys_data.arch = AUDIT_ARCH_S390X; + else if (strcmp(optarg, "ppc") == 0) + sys_data.arch = AUDIT_ARCH_PPC; + else if (strcmp(optarg, "ppc64") == 0) + sys_data.arch = AUDIT_ARCH_PPC64; else exit_fault(EINVAL); break; Index: libseccomp-2.1.1/src/Makefile.am =================================================================== --- libseccomp-2.1.1.orig/src/Makefile.am +++ libseccomp-2.1.1/src/Makefile.am @@ -9,8 +9,13 @@ lib_LTLIBRARIES = libseccomp.la libseccomp_la_SOURCES = api.c arch.c arch-x86.c arch-x86-syscalls.c \ arch-x86_64.c arch-x86_64-syscalls.c arch-x32.c arch-x32-syscalls.c \ - arch-arm.c arch-arm-syscalls.c db.c hash.c gen_pfc.c gen_bpf.c \ + arch-arm.c arch-arm-syscalls.c \ + arch-s390.c arch-s390-syscalls.c \ + arch-s390x.c arch-s390x-syscalls.c \ + arch-ppc.c arch-ppc-syscalls.c \ + arch-ppc64.c arch-ppc64-syscalls.c \ + db.c hash.c gen_pfc.c gen_bpf.c \ \ - arch-arm.h arch-x32.h arch-x86.h arch-x86_64.h arch.h \ + arch-arm.h arch-ppc.h arch-ppc64.h arch-s390x.h arch-x32.h arch-x86.h arch-x86_64.h arch.h \ db.h gen_bpf.h gen_pfc.h hash.h system.h libseccomp_la_LDFLAGS = -version-number 2:1:0 Index: libseccomp-2.1.1/src/arch-s390.c =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-s390.c @@ -0,0 +1,34 @@ +/** + * Enhanced Seccomp S390 Specific Code + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include + +#include "arch.h" +#include "arch-s390.h" + +const struct arch_def arch_def_s390 = { + .token = SCMP_ARCH_S390, + .token_bpf = AUDIT_ARCH_S390, + .size = ARCH_SIZE_32, + .endian = ARCH_ENDIAN_BIG, +}; Index: libseccomp-2.1.1/src/arch-s390.h =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-s390.h @@ -0,0 +1,37 @@ +/** + * Enhanced Seccomp S390 Specific Code + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#ifndef _ARCH_S390_H +#define _ARCH_S390_H + +#include + +#include "arch.h" +#include "system.h" + +#define s390_arg_count_max 6 + +extern const struct arch_def arch_def_s390; + +int s390_syscall_resolve_name(const char *name); +const char *s390_syscall_resolve_num(int num); + +#endif Index: libseccomp-2.1.1/src/arch-s390-syscalls.c =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-s390-syscalls.c @@ -0,0 +1,400 @@ +/** + * Enhanced Seccomp s390 Syscall Table + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include + +#include + +#include "arch.h" +#include "arch-s390.h" + +/* NOTE: based on Linux 3.13 */ + +static const struct arch_syscall_def s390_syscall_table[] = { \ + { "exit", 1 }, + { "fork", 2 }, + { "read", 3 }, + { "write", 4 }, + { "open", 5 }, + { "close", 6 }, + { "restart_syscall", 7 }, + { "creat", 8 }, + { "link", 9 }, + { "unlink", 10 }, + { "execve", 11 }, + { "chdir", 12 }, + { "mknod", 14 }, + { "chmod", 15 }, + { "lseek", 19 }, + { "getpid", 20 }, + { "mount", 21 }, + { "umount", 22 }, + { "ptrace", 26 }, + { "alarm", 27 }, + { "pause", 29 }, + { "utime", 30 }, + { "access", 33 }, + { "nice", 34 }, + { "sync", 36 }, + { "kill", 37 }, + { "rename", 38 }, + { "mkdir", 39 }, + { "rmdir", 40 }, + { "dup", 41 }, + { "pipe", 42 }, + { "times", 43 }, + { "brk", 45 }, + { "signal", 48 }, + { "acct", 51 }, + { "umount2", 52 }, + { "ioctl", 54 }, + { "fcntl", 55 }, + { "setpgid", 57 }, + { "umask", 60 }, + { "chroot", 61 }, + { "ustat", 62 }, + { "dup2", 63 }, + { "getppid", 64 }, + { "getpgrp", 65 }, + { "setsid", 66 }, + { "sigaction", 67 }, + { "sigsuspend", 72 }, + { "sigpending", 73 }, + { "sethostname", 74 }, + { "setrlimit", 75 }, + { "getrusage", 77 }, + { "gettimeofday", 78 }, + { "settimeofday", 79 }, + { "symlink", 83 }, + { "readlink", 85 }, + { "uselib", 86 }, + { "swapon", 87 }, + { "reboot", 88 }, + { "readdir", 89 }, + { "mmap", 90 }, + { "munmap", 91 }, + { "truncate", 92 }, + { "ftruncate", 93 }, + { "fchmod", 94 }, + { "getpriority", 96 }, + { "setpriority", 97 }, + { "statfs", 99 }, + { "fstatfs", 100 }, + { "socketcall", 102 }, + { "syslog", 103 }, + { "setitimer", 104 }, + { "getitimer", 105 }, + { "stat", 106 }, + { "lstat", 107 }, + { "fstat", 108 }, + { "lookup_dcookie", 110 }, + { "vhangup", 111 }, + { "idle", 112 }, + { "wait4", 114 }, + { "swapoff", 115 }, + { "sysinfo", 116 }, + { "ipc", 117 }, + { "fsync", 118 }, + { "sigreturn", 119 }, + { "clone", 120 }, + { "setdomainname", 121 }, + { "uname", 122 }, + { "adjtimex", 124 }, + { "mprotect", 125 }, + { "sigprocmask", 126 }, + { "create_module", 127 }, + { "init_module", 128 }, + { "delete_module", 129 }, + { "get_kernel_syms", 130 }, + { "quotactl", 131 }, + { "getpgid", 132 }, + { "fchdir", 133 }, + { "bdflush", 134 }, + { "sysfs", 135 }, + { "personality", 136 }, + { "afs_syscall", 137 }, + { "getdents", 141 }, + { "flock", 143 }, + { "msync", 144 }, + { "readv", 145 }, + { "writev", 146 }, + { "getsid", 147 }, + { "fdatasync", 148 }, + { "_sysctl", 149 }, + { "mlock", 150 }, + { "munlock", 151 }, + { "mlockall", 152 }, + { "munlockall", 153 }, + { "sched_setparam", 154 }, + { "sched_getparam", 155 }, + { "sched_setscheduler", 156 }, + { "sched_getscheduler", 157 }, + { "sched_yield", 158 }, + { "sched_get_priority_max", 159 }, + { "sched_get_priority_min", 160 }, + { "sched_rr_get_interval", 161 }, + { "nanosleep", 162 }, + { "mremap", 163 }, + { "query_module", 167 }, + { "poll", 168 }, + { "nfsservctl", 169 }, + { "prctl", 172 }, + { "rt_sigreturn", 173 }, + { "rt_sigaction", 174 }, + { "rt_sigprocmask", 175 }, + { "rt_sigpending", 176 }, + { "rt_sigtimedwait", 177 }, + { "rt_sigqueueinfo", 178 }, + { "rt_sigsuspend", 179 }, + { "pread64", 180 }, + { "pwrite64", 181 }, + { "getcwd", 183 }, + { "capget", 184 }, + { "capset", 185 }, + { "sigaltstack", 186 }, + { "sendfile", 187 }, + { "getpmsg", 188 }, + { "putpmsg", 189 }, + { "vfork", 190 }, + { "pivot_root", 217 }, + { "mincore", 218 }, + { "madvise", 219 }, + { "getdents64", 220 }, + { "readahead", 222 }, + { "setxattr", 224 }, + { "lsetxattr", 225 }, + { "fsetxattr", 226 }, + { "getxattr", 227 }, + { "lgetxattr", 228 }, + { "fgetxattr", 229 }, + { "listxattr", 230 }, + { "llistxattr", 231 }, + { "flistxattr", 232 }, + { "removexattr", 233 }, + { "lremovexattr", 234 }, + { "fremovexattr", 235 }, + { "gettid", 236 }, + { "tkill", 237 }, + { "futex", 238 }, + { "sched_setaffinity", 239 }, + { "sched_getaffinity", 240 }, + { "tgkill", 241 }, + { "io_setup", 243 }, + { "io_destroy", 244 }, + { "io_getevents", 245 }, + { "io_submit", 246 }, + { "io_cancel", 247 }, + { "exit_group", 248 }, + { "epoll_create", 249 }, + { "epoll_ctl", 250 }, + { "epoll_wait", 251 }, + { "set_tid_address", 252 }, + { "fadvise64", 253 }, + { "timer_create", 254 }, + { "timer_settime", 255 }, + { "timer_gettime", 256 }, + { "timer_getoverrun", 257 }, + { "timer_delete", 258 }, + { "clock_settime", 259 }, + { "clock_gettime", 260 }, + { "clock_getres", 261 }, + { "clock_nanosleep", 262 }, + { "statfs64", 265 }, + { "fstatfs64", 266 }, + { "remap_file_pages", 267 }, + { "mq_open", 271 }, + { "mq_unlink", 272 }, + { "mq_timedsend", 273 }, + { "mq_timedreceive", 274 }, + { "mq_notify", 275 }, + { "mq_getsetattr", 276 }, + { "kexec_load", 277 }, + { "add_key", 278 }, + { "request_key", 279 }, + { "keyctl", 280 }, + { "waitid", 281 }, + { "ioprio_set", 282 }, + { "ioprio_get", 283 }, + { "inotify_init", 284 }, + { "inotify_add_watch", 285 }, + { "inotify_rm_watch", 286 }, + { "openat", 288 }, + { "mkdirat", 289 }, + { "mknodat", 290 }, + { "fchownat", 291 }, + { "futimesat", 292 }, + { "unlinkat", 294 }, + { "renameat", 295 }, + { "linkat", 296 }, + { "symlinkat", 297 }, + { "readlinkat", 298 }, + { "fchmodat", 299 }, + { "faccessat", 300 }, + { "pselect6", 301 }, + { "ppoll", 302 }, + { "unshare", 303 }, + { "set_robust_list", 304 }, + { "get_robust_list", 305 }, + { "splice", 306 }, + { "sync_file_range", 307 }, + { "tee", 308 }, + { "vmsplice", 309 }, + { "getcpu", 311 }, + { "epoll_pwait", 312 }, + { "utimes", 313 }, + { "fallocate", 314 }, + { "utimensat", 315 }, + { "signalfd", 316 }, + { "timerfd", 317 }, + { "eventfd", 318 }, + { "timerfd_create", 319 }, + { "timerfd_settime", 320 }, + { "timerfd_gettime", 321 }, + { "signalfd4", 322 }, + { "eventfd2", 323 }, + { "inotify_init1", 324 }, + { "pipe2", 325 }, + { "dup3", 326 }, + { "epoll_create1", 327 }, + { "preadv", 328 }, + { "pwritev", 328 }, + { "rt_tgsigqueueinfo", 330 }, + { "perf_event_open", 331 }, + { "fanotify_init", 332 }, + { "fanotify_mark", 333 }, + { "prlimit64", 334 }, + { "name_to_handle_at", 335 }, + { "open_by_handle_at", 336 }, + { "clock_adjtime", 337 }, + { "syncfs", 338 }, + { "setns", 339 }, + { "process_vm_readv", 340 }, + { "process_vm_writev", 341 }, + { "s390_runtime_instr", 342 }, + { "kcmp", 343 }, + { "finit_module", 344 }, + { "sched_setattr", 345 }, + { "sched_getattr", 346 }, + { "time", 13 }, + { "lchown", 16 }, + { "setuid", 23 }, + { "getuid", 24 }, + { "stime", 25 }, + { "setgid", 46 }, + { "getgid", 47 }, + { "geteuid", 49 }, + { "getegid", 50 }, + { "setreuid", 70 }, + { "setregid", 71 }, + { "getrlimit", 76 }, + { "getgroups", 80 }, + { "setgroups", 81 }, + { "fchown", 95 }, + { "ioperm", 101 }, + { "setfsuid", 138 }, + { "setfsgid", 139 }, + { "_llseek", 140 }, + { "_newselect", 142 }, + { "setresuid", 164 }, + { "getresuid", 165 }, + { "setresgid", 170 }, + { "getresgid", 171 }, + { "chown", 182 }, + { "ugetrlimit", 191 }, + { "mmap2", 192 }, + { "truncate64", 193 }, + { "ftruncate64", 194 }, + { "stat64", 195 }, + { "lstat64", 196 }, + { "fstat64", 197 }, + { "lchown32", 198 }, + { "getuid32", 199 }, + { "getgid32", 200 }, + { "geteuid32", 201 }, + { "getegid32", 202 }, + { "setreuid32", 203 }, + { "setregid32", 204 }, + { "getgroups32", 205 }, + { "setgroups32", 206 }, + { "fchown32", 207 }, + { "setresuid32", 208 }, + { "getresuid32", 209 }, + { "setresgid32", 210 }, + { "getresgid32", 211 }, + { "chown32", 212 }, + { "setuid32", 213 }, + { "setgid32", 214 }, + { "setfsuid32", 215 }, + { "setfsgid32", 216 }, + { "fcntl64", 221 }, + { "sendfile64", 223 }, + { "fadvise64_64", 264 }, + { "fstatat64", 293 }, + + {NULL, __NR_SCMP_ERROR}, +}; + + +/** + * Resolve a syscall name to a number + * @param name the syscall name + * + * Resolve the given syscall name to the syscall number using the syscall table. + * Returns the syscall number on success, including negative pseudo syscall + * numbers; returns __NR_SCMP_ERROR on failure. + * + */ +int s390_syscall_resolve_name(const char *name) +{ + unsigned int iter; + const struct arch_syscall_def *table = s390_syscall_table; + + /* XXX - plenty of room for future improvement here */ + for (iter = 0; table[iter].name != NULL; iter++) { + if (strcmp(name, table[iter].name) == 0) + return table[iter].num; + } + + return __NR_SCMP_ERROR; +} + +/** + * Resolve a syscall number to a name + * @param num the syscall number + * + * Resolve the given syscall number to the syscall name using the syscall table. + * Returns a pointer to the syscall name string on success, including pseudo + * syscall names; returns NULL on failure. + * + */ +const char *s390_syscall_resolve_num(int num) +{ + unsigned int iter; + const struct arch_syscall_def *table = s390_syscall_table; + + /* XXX - plenty of room for future improvement here */ + for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { + if (num == table[iter].num) + return table[iter].name; + } + + return NULL; +} Index: libseccomp-2.1.1/src/arch-ppc64.c =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-ppc64.c @@ -0,0 +1,38 @@ +/** + * Enhanced Seccomp PowerPC64 Specific Code + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include + +#include "arch.h" +#include "arch-ppc64.h" + +const struct arch_def arch_def_ppc64 = { + .token = SCMP_ARCH_PPC64, + .token_bpf = AUDIT_ARCH_PPC64, + .size = ARCH_SIZE_64, +#ifdef __LITTLE_ENDIAN__ + .endian = ARCH_ENDIAN_LITTLE, +#else + .endian = ARCH_ENDIAN_BIG, +#endif +}; Index: libseccomp-2.1.1/src/arch-ppc64.h =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-ppc64.h @@ -0,0 +1,45 @@ +/** + * Enhanced Seccomp PowerPC64 Specific Code + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#ifndef _ARCH_PPC64_H +#define _ARCH_PPC64_H + +#include + +#include "arch.h" +#include "system.h" + +#define ppc64_arg_count_max 6 + +extern const struct arch_def arch_def_ppc64; + +#ifdef __LITTLE_ENDIAN__ +#define ppc64_arg_offset_lo(x) (arch_arg_offset(x)) +#define ppc64_arg_offset_hi(x) (arch_arg_offset(x) + 4) +#else +#define ppc64_arg_offset_lo(x) (arch_arg_offset(x) + 4) +#define ppc64_arg_offset_hi(x) (arch_arg_offset(x)) +#endif + +int ppc64_syscall_resolve_name(const char *name); +const char *ppc64_syscall_resolve_num(int num); + +#endif Index: libseccomp-2.1.1/src/arch-ppc64-syscalls.c =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-ppc64-syscalls.c @@ -0,0 +1,427 @@ +/** + * Enhanced Seccomp PowerPC64 Syscall Table + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include + +#include + +#include "arch.h" +#include "arch-ppc64.h" + +/* NOTE: based on Linux 3.13 */ + +static const struct arch_syscall_def ppc64_syscall_table[] = { \ + { "restart_syscall", 0 }, + { "exit", 1 }, + { "fork", 2 }, + { "read", 3 }, + { "write", 4 }, + { "open", 5 }, + { "close", 6 }, + { "waitpid", 7 }, + { "creat", 8 }, + { "link", 9 }, + { "unlink", 10 }, + { "execve", 11 }, + { "chdir", 12 }, + { "time", 13 }, + { "mknod", 14 }, + { "chmod", 15 }, + { "lchown", 16 }, + { "break", 17 }, + { "oldstat", 18 }, + { "lseek", 19 }, + { "getpid", 20 }, + { "mount", 21 }, + { "umount", 22 }, + { "setuid", 23 }, + { "getuid", 24 }, + { "stime", 25 }, + { "ptrace", 26 }, + { "alarm", 27 }, + { "oldfstat", 28 }, + { "pause", 29 }, + { "utime", 30 }, + { "stty", 31 }, + { "gtty", 32 }, + { "access", 33 }, + { "nice", 34 }, + { "ftime", 35 }, + { "sync", 36 }, + { "kill", 37 }, + { "rename", 38 }, + { "mkdir", 39 }, + { "rmdir", 40 }, + { "dup", 41 }, + { "pipe", 42 }, + { "times", 43 }, + { "prof", 44 }, + { "brk", 45 }, + { "setgid", 46 }, + { "getgid", 47 }, + { "signal", 48 }, + { "geteuid", 49 }, + { "getegid", 50 }, + { "acct", 51 }, + { "umount2", 52 }, + { "lock", 53 }, + { "ioctl", 54 }, + { "fcntl", 55 }, + { "mpx", 56 }, + { "setpgid", 57 }, + { "ulimit", 58 }, + { "oldolduname", 59 }, + { "umask", 60 }, + { "chroot", 61 }, + { "ustat", 62 }, + { "dup2", 63 }, + { "getppid", 64 }, + { "getpgrp", 65 }, + { "setsid", 66 }, + { "sigaction", 67 }, + { "sgetmask", 68 }, + { "ssetmask", 69 }, + { "setreuid", 70 }, + { "setregid", 71 }, + { "sigsuspend", 72 }, + { "sigpending", 73 }, + { "sethostname", 74 }, + { "setrlimit", 75 }, + { "getrlimit", 76 }, + { "getrusage", 77 }, + { "gettimeofday", 78 }, + { "settimeofday", 79 }, + { "getgroups", 80 }, + { "setgroups", 81 }, + { "select", 82 }, + { "symlink", 83 }, + { "oldlstat", 84 }, + { "readlink", 85 }, + { "uselib", 86 }, + { "swapon", 87 }, + { "reboot", 88 }, + { "readdir", 89 }, + { "mmap", 90 }, + { "munmap", 91 }, + { "truncate", 92 }, + { "ftruncate", 93 }, + { "fchmod", 94 }, + { "fchown", 95 }, + { "getpriority", 96 }, + { "setpriority", 97 }, + { "profil", 98 }, + { "statfs", 99 }, + { "fstatfs", 100 }, + { "ioperm", 101 }, + { "socketcall", 102 }, + { "syslog", 103 }, + { "setitimer", 104 }, + { "getitimer", 105 }, + { "stat", 106 }, + { "lstat", 107 }, + { "fstat", 108 }, + { "olduname", 109 }, + { "iopl", 110 }, + { "vhangup", 111 }, + { "idle", 112 }, + { "vm86", 113 }, + { "wait4", 114 }, + { "swapoff", 115 }, + { "sysinfo", 116 }, + { "ipc", 117 }, + { "fsync", 118 }, + { "sigreturn", 119 }, + { "clone", 120 }, + { "setdomainname", 121 }, + { "uname", 122 }, + { "modify_ldt", 123 }, + { "adjtimex", 124 }, + { "mprotect", 125 }, + { "sigprocmask", 126 }, + { "create_module", 127 }, + { "init_module", 128 }, + { "delete_module", 129 }, + { "get_kernel_syms", 130 }, + { "quotactl", 131 }, + { "getpgid", 132 }, + { "fchdir", 133 }, + { "bdflush", 134 }, + { "sysfs", 135 }, + { "personality", 136 }, + { "afs_syscall", 137 }, + { "setfsuid", 138 }, + { "setfsgid", 139 }, + { "_llseek", 140 }, + { "getdents", 141 }, + { "_newselect", 142 }, + { "flock", 143 }, + { "msync", 144 }, + { "readv", 145 }, + { "writev", 146 }, + { "getsid", 147 }, + { "fdatasync", 148 }, + { "_sysctl", 149 }, + { "mlock", 150 }, + { "munlock", 151 }, + { "mlockall", 152 }, + { "munlockall", 153 }, + { "sched_setparam", 154 }, + { "sched_getparam", 155 }, + { "sched_setscheduler", 156 }, + { "sched_getscheduler", 157 }, + { "sched_yield", 158 }, + { "sched_get_priority_max", 159 }, + { "sched_get_priority_min", 160 }, + { "sched_rr_get_interval", 161 }, + { "nanosleep", 162 }, + { "mremap", 163 }, + { "setresuid", 164 }, + { "getresuid", 165 }, + { "query_module", 166 }, + { "poll", 167 }, + { "nfsservctl", 168 }, + { "setresgid", 169 }, + { "getresgid", 170 }, + { "prctl", 171 }, + { "rt_sigreturn", 172 }, + { "rt_sigaction", 173 }, + { "rt_sigprocmask", 174 }, + { "rt_sigpending", 175 }, + { "rt_sigtimedwait", 176 }, + { "rt_sigqueueinfo", 177 }, + { "rt_sigsuspend", 178 }, + { "pread64", 179 }, + { "pwrite64", 180 }, + { "chown", 181 }, + { "getcwd", 182 }, + { "capget", 183 }, + { "capset", 184 }, + { "sigaltstack", 185 }, + { "sendfile", 186 }, + { "getpmsg", 187 }, + { "putpmsg", 188 }, + { "vfork", 189 }, + { "ugetrlimit", 190 }, + { "readahead", 191 }, + + { "pciconfig_read", 198 }, + { "pciconfig_write", 199 }, + { "pciconfig_iobase", 200 }, + { "multiplexer", 201 }, + { "getdents64", 202 }, + { "pivot_root", 203 }, + { "madvise", 205 }, + { "mincore", 206 }, + { "gettid", 207 }, + { "tkill", 208 }, + { "setxattr", 209 }, + { "lsetxattr", 210 }, + { "fsetxattr", 211 }, + { "getxattr", 212 }, + { "lgetxattr", 213 }, + { "fgetxattr", 214 }, + { "listxattr", 215 }, + { "llistxattr", 216 }, + { "flistxattr", 217 }, + { "removexattr", 218 }, + { "lremovexattr", 219 }, + { "fremovexattr", 220 }, + { "futex", 221 }, + { "sched_setaffinity", 222 }, + { "sched_getaffinity", 223 }, + { "tuxcall", 225 }, + { "io_setup", 227 }, + { "io_destroy", 228 }, + { "io_getevents", 229 }, + { "io_submit", 230 }, + { "io_cancel", 231 }, + { "set_tid_address", 232 }, + { "fadvise64", 233 }, + { "exit_group", 234 }, + { "lookup_dcookie", 235 }, + { "epoll_create", 236 }, + { "epoll_ctl", 237 }, + { "epoll_wait", 238 }, + { "remap_file_pages", 239 }, + { "timer_create", 240 }, + { "timer_settime", 241 }, + { "timer_gettime", 242 }, + { "timer_getoverrun", 243 }, + { "timer_delete", 244 }, + { "clock_settime", 245 }, + { "clock_gettime", 246 }, + { "clock_getres", 247 }, + { "clock_nanosleep", 248 }, + { "swapcontext", 249 }, + { "tgkill", 250 }, + { "utimes", 251 }, + { "statfs64", 252 }, + { "fstatfs64", 253 }, + { "rtas", 255 }, + { "sys_debug_setcontext", 256 }, + { "migrate_pages", 258 }, + { "mbind", 259 }, + { "get_mempolicy", 260 }, + { "set_mempolicy", 261 }, + { "mq_open", 262 }, + { "mq_unlink", 263 }, + { "mq_timedsend", 264 }, + { "mq_timedreceive", 265 }, + { "mq_notify", 266 }, + { "mq_getsetattr", 267 }, + { "kexec_load", 268 }, + { "add_key", 269 }, + { "request_key", 270 }, + { "keyctl", 271 }, + { "waitid", 272 }, + { "ioprio_set", 273 }, + { "ioprio_get", 274 }, + { "inotify_init", 275 }, + { "inotify_add_watch", 276 }, + { "inotify_rm_watch", 277 }, + { "spu_run", 278 }, + { "spu_create", 279 }, + { "pselect6", 280 }, + { "ppoll", 281 }, + { "unshare", 282 }, + { "splice", 283 }, + { "tee", 284 }, + { "vmsplice", 285 }, + { "openat", 286 }, + { "mkdirat", 287 }, + { "mknodat", 288 }, + { "fchownat", 289 }, + { "futimesat", 290 }, + { "newfstatat", 291 }, + { "unlinkat", 292 }, + { "renameat", 293 }, + { "linkat", 294 }, + { "symlinkat", 295 }, + { "readlinkat", 296 }, + { "fchmodat", 297 }, + { "faccessat", 298 }, + { "get_robust_list", 299 }, + { "set_robust_list", 300 }, + { "move_pages", 301 }, + { "getcpu", 302 }, + { "epoll_pwait", 303 }, + { "utimensat", 304 }, + { "signalfd", 305 }, + { "timerfd_create", 306 }, + { "eventfd", 307 }, + { "sync_file_range2", 308 }, + { "fallocate", 309 }, + { "subpage_prot", 310 }, + { "timerfd_settime", 311 }, + { "timerfd_gettime", 312 }, + { "signalfd4", 313 }, + { "eventfd2", 314 }, + { "epoll_create1", 315 }, + { "dup3", 316 }, + { "pipe2", 317 }, + { "inotify_init1", 318 }, + { "perf_event_open", 319 }, + { "preadv", 320 }, + { "pwritev", 321 }, + { "rt_tgsigqueueinfo", 322 }, + { "fanotify_init", 323 }, + { "fanotify_mark", 324 }, + { "prlimit64", 325 }, + { "socket", 326 }, + { "bind", 327 }, + { "connect", 328 }, + { "listen", 329 }, + { "accept", 330 }, + { "getsockname", 331 }, + { "getpeername", 332 }, + { "socketpair", 333 }, + { "send", 334 }, + { "sendto", 335 }, + { "recv", 336 }, + { "recvfrom", 337 }, + { "shutdown", 338 }, + { "setsockopt", 339 }, + { "getsockopt", 340 }, + { "sendmsg", 341 }, + { "recvmsg", 342 }, + { "recvmmsg", 343 }, + { "accept4", 344 }, + { "name_to_handle_at", 345 }, + { "open_by_handle_at", 346 }, + { "clock_adjtime", 347 }, + { "syncfs", 348 }, + { "sendmmsg", 349 }, + { "setns", 350 }, + { "process_vm_readv", 351 }, + { "process_vm_writev", 352 }, + { "finit_module", 353 }, + { "kcmp", 354 }, + { "sched_setattr", 355 }, + { "sched_getattr", 356 }, + {NULL, __NR_SCMP_ERROR}, +}; + + +/** + * Resolve a syscall name to a number + * @param name the syscall name + * + * Resolve the given syscall name to the syscall number using the syscall table. + * Returns the syscall number on success, including negative pseudo syscall + * numbers; returns __NR_SCMP_ERROR on failure. + * + */ +int ppc64_syscall_resolve_name(const char *name) +{ + unsigned int iter; + const struct arch_syscall_def *table = ppc64_syscall_table; + + /* XXX - plenty of room for future improvement here */ + for (iter = 0; table[iter].name != NULL; iter++) { + if (strcmp(name, table[iter].name) == 0) + return table[iter].num; + } + + return __NR_SCMP_ERROR; +} + +/** + * Resolve a syscall number to a name + * @param num the syscall number + * + * Resolve the given syscall number to the syscall name using the syscall table. + * Returns a pointer to the syscall name string on success, including pseudo + * syscall names; returns NULL on failure. + * + */ +const char *ppc64_syscall_resolve_num(int num) +{ + unsigned int iter; + const struct arch_syscall_def *table = ppc64_syscall_table; + + /* XXX - plenty of room for future improvement here */ + for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { + if (num == table[iter].num) + return table[iter].name; + } + + return NULL; +} Index: libseccomp-2.1.1/src/arch-ppc.c =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-ppc.c @@ -0,0 +1,34 @@ +/** + * Enhanced Seccomp PowerPC64 Specific Code + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include + +#include "arch.h" +#include "arch-ppc.h" + +const struct arch_def arch_def_ppc = { + .token = SCMP_ARCH_PPC, + .token_bpf = AUDIT_ARCH_PPC, + .size = ARCH_SIZE_32, + .endian = ARCH_ENDIAN_BIG, +}; Index: libseccomp-2.1.1/src/arch-ppc.h =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-ppc.h @@ -0,0 +1,37 @@ +/** + * Enhanced Seccomp PowerPC64 Specific Code + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#ifndef _ARCH_PPC_H +#define _ARCH_PPC_H + +#include + +#include "arch.h" +#include "system.h" + +#define ppc_arg_count_max 6 + +extern const struct arch_def arch_def_ppc; + +int ppc_syscall_resolve_name(const char *name); +const char *ppc_syscall_resolve_num(int num); + +#endif Index: libseccomp-2.1.1/src/arch-ppc-syscalls.c =================================================================== --- /dev/null +++ libseccomp-2.1.1/src/arch-ppc-syscalls.c @@ -0,0 +1,433 @@ +/** + * Enhanced Seccomp PowerPC64 Syscall Table + * + * Copyright (c) 2014 SUSE + * Author: Marcus Meissner + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include + +#include + +#include "arch.h" +#include "arch-ppc.h" + +/* NOTE: based on Linux 3.13 */ + +static const struct arch_syscall_def ppc_syscall_table[] = { \ + { "restart_syscall", 0 }, + { "exit", 1 }, + { "fork", 2 }, + { "read", 3 }, + { "write", 4 }, + { "open", 5 }, + { "close", 6 }, + { "waitpid", 7 }, + { "creat", 8 }, + { "link", 9 }, + { "unlink", 10 }, + { "execve", 11 }, + { "chdir", 12 }, + { "time", 13 }, + { "mknod", 14 }, + { "chmod", 15 }, + { "lchown", 16 }, + { "break", 17 }, + { "oldstat", 18 }, + { "lseek", 19 }, + { "getpid", 20 }, + { "mount", 21 }, + { "umount", 22 }, + { "setuid", 23 }, + { "getuid", 24 }, + { "stime", 25 }, + { "ptrace", 26 }, + { "alarm", 27 }, + { "oldfstat", 28 }, + { "pause", 29 }, + { "utime", 30 }, + { "stty", 31 }, + { "gtty", 32 }, + { "access", 33 }, + { "nice", 34 }, + { "ftime", 35 }, + { "sync", 36 }, + { "kill", 37 }, + { "rename", 38 }, + { "mkdir", 39 }, + { "rmdir", 40 }, + { "dup", 41 }, + { "pipe", 42 }, + { "times", 43 }, + { "prof", 44 }, + { "brk", 45 }, + { "setgid", 46 }, + { "getgid", 47 }, + { "signal", 48 }, + { "geteuid", 49 }, + { "getegid", 50 }, + { "acct", 51 }, + { "umount2", 52 }, + { "lock", 53 }, + { "ioctl", 54 }, + { "fcntl", 55 }, + { "mpx", 56 }, + { "setpgid", 57 }, + { "ulimit", 58 }, + { "oldolduname", 59 }, + { "umask", 60 }, + { "chroot", 61 }, + { "ustat", 62 }, + { "dup2", 63 }, + { "getppid", 64 }, + { "getpgrp", 65 }, + { "setsid", 66 }, + { "sigaction", 67 }, + { "sgetmask", 68 }, + { "ssetmask", 69 }, + { "setreuid", 70 }, + { "setregid", 71 }, + { "sigsuspend", 72 }, + { "sigpending", 73 }, + { "sethostname", 74 }, + { "setrlimit", 75 }, + { "getrlimit", 76 }, + { "getrusage", 77 }, + { "gettimeofday", 78 }, + { "settimeofday", 79 }, + { "getgroups", 80 }, + { "setgroups", 81 }, + { "select", 82 }, + { "symlink", 83 }, + { "oldlstat", 84 }, + { "readlink", 85 }, + { "uselib", 86 }, + { "swapon", 87 }, + { "reboot", 88 }, + { "readdir", 89 }, + { "mmap", 90 }, + { "munmap", 91 }, + { "truncate", 92 }, + { "ftruncate", 93 }, + { "fchmod", 94 }, + { "fchown", 95 }, + { "getpriority", 96 }, + { "setpriority", 97 }, + { "profil", 98 }, + { "statfs", 99 }, + { "fstatfs", 100 }, + { "ioperm", 101 }, + { "socketcall", 102 }, + { "syslog", 103 }, + { "setitimer", 104 }, + { "getitimer", 105 }, + { "stat", 106 }, + { "lstat", 107 }, + { "fstat", 108 }, + { "olduname", 109 }, + { "iopl", 110 }, + { "vhangup", 111 }, + { "idle", 112 }, + { "vm86", 113 }, + { "wait4", 114 }, + { "swapoff", 115 }, + { "sysinfo", 116 }, + { "ipc", 117 }, + { "fsync", 118 }, + { "sigreturn", 119 }, + { "clone", 120 }, + { "setdomainname", 121 }, + { "uname", 122 }, + { "modify_ldt", 123 }, + { "adjtimex", 124 }, + { "mprotect", 125 }, + { "sigprocmask", 126 }, + { "create_module", 127 }, + { "init_module", 128 }, + { "delete_module", 129 }, + { "get_kernel_syms", 130 }, + { "quotactl", 131 }, + { "getpgid", 132 }, + { "fchdir", 133 }, + { "bdflush", 134 }, + { "sysfs", 135 }, + { "personality", 136 }, + { "afs_syscall", 137 }, + { "setfsuid", 138 }, + { "setfsgid", 139 }, + { "_llseek", 140 }, + { "getdents", 141 }, + { "_newselect", 142 }, + { "flock", 143 }, + { "msync", 144 }, + { "readv", 145 }, + { "writev", 146 }, + { "getsid", 147 }, + { "fdatasync", 148 }, + { "_sysctl", 149 }, + { "mlock", 150 }, + { "munlock", 151 }, + { "mlockall", 152 }, + { "munlockall", 153 }, + { "sched_setparam", 154 }, + { "sched_getparam", 155 }, + { "sched_setscheduler", 156 }, + { "sched_getscheduler", 157 }, + { "sched_yield", 158 }, + { "sched_get_priority_max", 159 }, + { "sched_get_priority_min", 160 }, + { "sched_rr_get_interval", 161 }, + { "nanosleep", 162 }, + { "mremap", 163 }, + { "setresuid", 164 }, + { "getresuid", 165 }, + { "query_module", 166 }, + { "poll", 167 }, + { "nfsservctl", 168 }, + { "setresgid", 169 }, + { "getresgid", 170 }, + { "prctl", 171 }, + { "rt_sigreturn", 172 }, + { "rt_sigaction", 173 }, + { "rt_sigprocmask", 174 }, + { "rt_sigpending", 175 }, + { "rt_sigtimedwait", 176 }, + { "rt_sigqueueinfo", 177 }, + { "rt_sigsuspend", 178 }, + { "pread64", 179 }, + { "pwrite64", 180 }, + { "chown", 181 }, + { "getcwd", 182 }, + { "capget", 183 }, + { "capset", 184 }, + { "sigaltstack", 185 }, + { "sendfile", 186 }, + { "getpmsg", 187 }, + { "putpmsg", 188 }, + { "vfork", 189 }, + { "ugetrlimit", 190 }, + { "readahead", 191 }, + { "mmap2", 192 }, + { "truncate64", 193 }, + { "ftruncate64", 194 }, + { "stat64", 195 }, + { "lstat64", 196 }, + { "fstat64", 197 }, + { "pciconfig_read", 198 }, + { "pciconfig_write", 199 }, + { "pciconfig_iobase", 200 }, + { "multiplexer", 201 }, + { "getdents64", 202 }, + { "pivot_root", 203 }, + { "fcntl64", 204 }, + { "madvise", 205 }, + { "mincore", 206 }, + { "gettid", 207 }, + { "tkill", 208 }, + { "setxattr", 209 }, + { "lsetxattr", 210 }, + { "fsetxattr", 211 }, + { "getxattr", 212 }, + { "lgetxattr", 213 }, + { "fgetxattr", 214 }, + { "listxattr", 215 }, + { "llistxattr", 216 }, + { "flistxattr", 217 }, + { "removexattr", 218 }, + { "lremovexattr", 219 }, + { "fremovexattr", 220 }, + { "futex", 221 }, + { "sched_setaffinity", 222 }, + { "sched_getaffinity", 223 }, + { "tuxcall", 225 }, + { "sendfile64", 226 }, + { "io_setup", 227 }, + { "io_destroy", 228 }, + { "io_getevents", 229 }, + { "io_submit", 230 }, + { "io_cancel", 231 }, + { "set_tid_address", 232 }, + { "fadvise64", 233 }, + { "exit_group", 234 }, + { "lookup_dcookie", 235 }, + { "epoll_create", 236 }, + { "epoll_ctl", 237 }, + { "epoll_wait", 238 }, + { "remap_file_pages", 239 }, + { "timer_create", 240 }, + { "timer_settime", 241 }, + { "timer_gettime", 242 }, + { "timer_getoverrun", 243 }, + { "timer_delete", 244 }, + { "clock_settime", 245 }, + { "clock_gettime", 246 }, + { "clock_getres", 247 }, + { "clock_nanosleep", 248 }, + { "swapcontext", 249 }, + { "tgkill", 250 }, + { "utimes", 251 }, + { "statfs64", 252 }, + { "fstatfs64", 253 }, + { "fadvise64_64", 254 }, + { "rtas", 255 }, + { "sys_debug_setcontext", 256 }, + { "migrate_pages", 258 }, + { "mbind", 259 }, + { "get_mempolicy", 260 }, + { "set_mempolicy", 261 }, + { "mq_open", 262 }, + { "mq_unlink", 263 }, + { "mq_timedsend", 264 }, + { "mq_timedreceive", 265 }, + { "mq_notify", 266 }, + { "mq_getsetattr", 267 }, + { "kexec_load", 268 }, + { "add_key", 269 }, + { "request_key", 270 }, + { "keyctl", 271 }, + { "waitid", 272 }, + { "ioprio_set", 273 }, + { "ioprio_get", 274 }, + { "inotify_init", 275 }, + { "inotify_add_watch", 276 }, + { "inotify_rm_watch", 277 }, + { "spu_run", 278 }, + { "spu_create", 279 }, + { "pselect6", 280 }, + { "ppoll", 281 }, + { "unshare", 282 }, + { "splice", 283 }, + { "tee", 284 }, + { "vmsplice", 285 }, + { "openat", 286 }, + { "mkdirat", 287 }, + { "mknodat", 288 }, + { "fchownat", 289 }, + { "futimesat", 290 }, + { "fstatat64", 291 }, + { "unlinkat", 292 }, + { "renameat", 293 }, + { "linkat", 294 }, + { "symlinkat", 295 }, + { "readlinkat", 296 }, + { "fchmodat", 297 }, + { "faccessat", 298 }, + { "get_robust_list", 299 }, + { "set_robust_list", 300 }, + { "move_pages", 301 }, + { "getcpu", 302 }, + { "epoll_pwait", 303 }, + { "utimensat", 304 }, + { "signalfd", 305 }, + { "timerfd_create", 306 }, + { "eventfd", 307 }, + { "sync_file_range2", 308 }, + { "fallocate", 309 }, + { "subpage_prot", 310 }, + { "timerfd_settime", 311 }, + { "timerfd_gettime", 312 }, + { "signalfd4", 313 }, + { "eventfd2", 314 }, + { "epoll_create1", 315 }, + { "dup3", 316 }, + { "pipe2", 317 }, + { "inotify_init1", 318 }, + { "perf_event_open", 319 }, + { "preadv", 320 }, + { "pwritev", 321 }, + { "rt_tgsigqueueinfo", 322 }, + { "fanotify_init", 323 }, + { "fanotify_mark", 324 }, + { "prlimit64", 325 }, + { "socket", 326 }, + { "bind", 327 }, + { "connect", 328 }, + { "listen", 329 }, + { "accept", 330 }, + { "getsockname", 331 }, + { "getpeername", 332 }, + { "socketpair", 333 }, + { "send", 334 }, + { "sendto", 335 }, + { "recv", 336 }, + { "recvfrom", 337 }, + { "shutdown", 338 }, + { "setsockopt", 339 }, + { "getsockopt", 340 }, + { "sendmsg", 341 }, + { "recvmsg", 342 }, + { "recvmmsg", 343 }, + { "accept4", 344 }, + { "name_to_handle_at", 345 }, + { "open_by_handle_at", 346 }, + { "clock_adjtime", 347 }, + { "syncfs", 348 }, + { "sendmmsg", 349 }, + { "setns", 350 }, + { "process_vm_readv", 351 }, + { "process_vm_writev", 352 }, + { "finit_module", 353 }, + { "kcmp", 354 }, + {NULL, __NR_SCMP_ERROR}, +}; + + +/** + * Resolve a syscall name to a number + * @param name the syscall name + * + * Resolve the given syscall name to the syscall number using the syscall table. + * Returns the syscall number on success, including negative pseudo syscall + * numbers; returns __NR_SCMP_ERROR on failure. + * + */ +int ppc_syscall_resolve_name(const char *name) +{ + unsigned int iter; + const struct arch_syscall_def *table = ppc_syscall_table; + + /* XXX - plenty of room for future improvement here */ + for (iter = 0; table[iter].name != NULL; iter++) { + if (strcmp(name, table[iter].name) == 0) + return table[iter].num; + } + + return __NR_SCMP_ERROR; +} + +/** + * Resolve a syscall number to a name + * @param num the syscall number + * + * Resolve the given syscall number to the syscall name using the syscall table. + * Returns a pointer to the syscall name string on success, including pseudo + * syscall names; returns NULL on failure. + * + */ +const char *ppc_syscall_resolve_num(int num) +{ + unsigned int iter; + const struct arch_syscall_def *table = ppc_syscall_table; + + /* XXX - plenty of room for future improvement here */ + for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { + if (num == table[iter].num) + return table[iter].name; + } + + return NULL; +} Index: libseccomp-2.1.1/tools/scmp_sys_resolver.c =================================================================== --- libseccomp-2.1.1.orig/tools/scmp_sys_resolver.c +++ libseccomp-2.1.1/tools/scmp_sys_resolver.c @@ -31,6 +31,10 @@ #include "../src/arch-x86_64.h" #include "../src/arch-x32.h" #include "../src/arch-arm.h" +#include "../src/arch-ppc.h" +#include "../src/arch-ppc64.h" +#include "../src/arch-s390.h" +#include "../src/arch-s390x.h" /** * Print the usage information to stderr and exit @@ -70,6 +74,14 @@ int main(int argc, char *argv[]) arch = &arch_def_x32; else if (strcmp(optarg, "arm") == 0) arch = &arch_def_arm; + else if (strcmp(optarg, "ppc") == 0) + arch = &arch_def_ppc; + else if (strcmp(optarg, "ppc64") == 0) + arch = &arch_def_ppc64; + else if (strcmp(optarg, "s390") == 0) + arch = &arch_def_s390; + else if (strcmp(optarg, "s390x") == 0) + arch = &arch_def_s390x; else exit_usage(argv[0]); break; Index: libseccomp-2.1.1/tests/23-sim-arch_all_basic.c =================================================================== --- libseccomp-2.1.1.orig/tests/23-sim-arch_all_basic.c +++ libseccomp-2.1.1/tests/23-sim-arch_all_basic.c @@ -60,6 +60,30 @@ int main(int argc, char *argv[]) goto out; } + if (seccomp_arch_exist(ctx, SCMP_ARCH_PPC)) { + rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC); + if (rc != 0) + goto out; + } + + if (seccomp_arch_exist(ctx, SCMP_ARCH_PPC64)) { + rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64); + if (rc != 0) + goto out; + } + + if (seccomp_arch_exist(ctx, SCMP_ARCH_S390)) { + rc = seccomp_arch_add(ctx, SCMP_ARCH_S390); + if (rc != 0) + goto out; + } + + if (seccomp_arch_exist(ctx, SCMP_ARCH_S390X)) { + rc = seccomp_arch_add(ctx, SCMP_ARCH_S390X); + if (rc != 0) + goto out; + } + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); if (rc != 0) Index: libseccomp-2.1.1/tests/23-sim-arch_all_basic.py =================================================================== --- libseccomp-2.1.1.orig/tests/23-sim-arch_all_basic.py +++ libseccomp-2.1.1/tests/23-sim-arch_all_basic.py @@ -38,6 +38,14 @@ def test(args): f.add_arch(Arch.X32) if not f.exist_arch(Arch.ARM): f.add_arch(Arch.ARM) + if not f.exist_arch(Arch.PPC): + f.add_arch(Arch.PPC) + if not f.exist_arch(Arch.PPC64): + f.add_arch(Arch.PPC64) + if not f.exist_arch(Arch.S390): + f.add_arch(Arch.S390) + if not f.exist_arch(Arch.S390X): + f.add_arch(Arch.S390X) f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))