From d1019115acdc8460c9a1f8a878768001a3c32431 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Fri, 10 Apr 2015 10:31:04 -0400 Subject: [PATCH] arm: fix some problems with the syscall table The 32-bit ARM syscall table mistakenly included syscall definitions for the syscalls below. This patch redefines those syscalls to libseccomp's pseudo-syscall numbers and corrects the arch-syscall-validate to correctly list the 32-bit ARM syscalls. * time * umount * stime * alarm * utime * getrlimit * select * readdir * mmap * socketcall * syscall * ipc Reported-by: Andreas Farber Signed-off-by: Paul Moore --- include/seccomp.h.in | 10 ++++++++++ src/arch-arm-syscalls.c | 24 ++++++++++++------------ src/arch-syscall-validate | 2 +- 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/include/seccomp.h.in b/include/seccomp.h.in index 6a115d1..9a28e4a 100644 --- a/include/seccomp.h.in +++ b/include/seccomp.h.in @@ -1424,6 +1424,16 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd); #define __NR_utimes __PNR_utimes #endif /* __NR_utimes */ +#define __PNR_getrlimit -10180 +#ifndef __NR_getrlimit +#define __NR_getrlimit __PNR_getrlimit +#endif /* __NR_utimes */ + +#define __PNR_mmap -10181 +#ifndef __NR_mmap +#define __NR_mmap __PNR_mmap +#endif /* __NR_utimes */ + #ifdef __cplusplus } #endif diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c index 8876135..b574ccc 100644 --- a/src/arch-arm-syscalls.c +++ b/src/arch-arm-syscalls.c @@ -49,7 +49,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "add_key", (__NR_SYSCALL_BASE + 309) }, { "adjtimex", (__NR_SYSCALL_BASE + 124) }, { "afs_syscall", __PNR_afs_syscall }, - { "alarm", (__NR_SYSCALL_BASE + 27) }, + { "alarm", __PNR_alarm }, { "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) }, { "arm_sync_file_range", (__NR_SYSCALL_BASE + 341) }, { "arch_prctl", __PNR_arch_prctl }, @@ -156,7 +156,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "getresgid32", (__NR_SYSCALL_BASE + 211) }, { "getresuid", (__NR_SYSCALL_BASE + 165) }, { "getresuid32", (__NR_SYSCALL_BASE + 209) }, - { "getrlimit", (__NR_SYSCALL_BASE + 76) }, + { "getrlimit", __PNR_getrlimit }, { "getrusage", (__NR_SYSCALL_BASE + 77) }, { "getsid", (__NR_SYSCALL_BASE + 147) }, { "getsockname", (__NR_SYSCALL_BASE + 286) }, @@ -183,7 +183,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "iopl", __PNR_iopl }, { "ioprio_get", (__NR_SYSCALL_BASE + 315) }, { "ioprio_set", (__NR_SYSCALL_BASE + 314) }, - { "ipc", (__NR_SYSCALL_BASE + 117) }, + { "ipc", __PNR_ipc }, { "kcmp", (__NR_SYSCALL_BASE + 378) }, { "kexec_file_load", __PNR_kexec_file_load }, { "kexec_load", (__NR_SYSCALL_BASE + 347) }, @@ -215,7 +215,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "mknodat", (__NR_SYSCALL_BASE + 324) }, { "mlock", (__NR_SYSCALL_BASE + 150) }, { "mlockall", (__NR_SYSCALL_BASE + 152) }, - { "mmap", (__NR_SYSCALL_BASE + 90) }, + { "mmap", __PNR_mmap }, { "mmap2", (__NR_SYSCALL_BASE + 192) }, { "modify_ldt", __PNR_modify_ldt }, { "mount", (__NR_SYSCALL_BASE + 21) }, @@ -279,7 +279,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "quotactl", (__NR_SYSCALL_BASE + 131) }, { "read", (__NR_SYSCALL_BASE + 3) }, { "readahead", (__NR_SYSCALL_BASE + 225) }, - { "readdir", (__NR_SYSCALL_BASE + 89) }, + { "readdir", __PNR_readdir }, { "readlink", (__NR_SYSCALL_BASE + 85) }, { "readlinkat", (__NR_SYSCALL_BASE + 332) }, { "readv", (__NR_SYSCALL_BASE + 145) }, @@ -318,7 +318,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "sched_yield", (__NR_SYSCALL_BASE + 158) }, { "seccomp", (__NR_SYSCALL_BASE + 383) }, { "security", __PNR_security }, - { "select", (__NR_SYSCALL_BASE + 82) }, + { "select", __PNR_select }, { "semctl", (__NR_SYSCALL_BASE + 300) }, { "semget", (__NR_SYSCALL_BASE + 299) }, { "semop", (__NR_SYSCALL_BASE + 298) }, @@ -378,7 +378,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "sigreturn", (__NR_SYSCALL_BASE + 119) }, { "sigsuspend", (__NR_SYSCALL_BASE + 72) }, { "socket", (__NR_SYSCALL_BASE + 281) }, - { "socketcall", (__NR_SYSCALL_BASE + 102) }, + { "socketcall", __PNR_socketcall }, { "socketpair", (__NR_SYSCALL_BASE + 288) }, { "splice", (__NR_SYSCALL_BASE + 340) }, { "ssetmask", __PNR_ssetmask }, @@ -386,7 +386,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "stat64", (__NR_SYSCALL_BASE + 195) }, { "statfs", (__NR_SYSCALL_BASE + 99) }, { "statfs64", (__NR_SYSCALL_BASE + 266) }, - { "stime", (__NR_SYSCALL_BASE + 25) }, + { "stime", __PNR_stime }, { "stty", __PNR_stty }, { "swapoff", (__NR_SYSCALL_BASE + 115) }, { "swapon", (__NR_SYSCALL_BASE + 87) }, @@ -396,14 +396,14 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "sync_file_range", __PNR_sync_file_range }, { "sync_file_range2", (__NR_SYSCALL_BASE + 341) }, { "syncfs", (__NR_SYSCALL_BASE + 373) }, - { "syscall", (__NR_SYSCALL_BASE + 113) }, + { "syscall", __PNR_syscall }, { "sysfs", (__NR_SYSCALL_BASE + 135) }, { "sysinfo", (__NR_SYSCALL_BASE + 116) }, { "syslog", (__NR_SYSCALL_BASE + 103) }, { "sysmips", __PNR_sysmips }, { "tee", (__NR_SYSCALL_BASE + 342) }, { "tgkill", (__NR_SYSCALL_BASE + 268) }, - { "time", (__NR_SYSCALL_BASE + 13) }, + { "time", __PNR_time }, { "timer_create", (__NR_SYSCALL_BASE + 257) }, { "timer_delete", (__NR_SYSCALL_BASE + 261) }, { "timer_getoverrun", (__NR_SYSCALL_BASE + 260) }, @@ -421,7 +421,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "ugetrlimit", (__NR_SYSCALL_BASE + 191) }, { "ulimit", __PNR_ulimit }, { "umask", (__NR_SYSCALL_BASE + 60) }, - { "umount", (__NR_SYSCALL_BASE + 22) }, + { "umount", __PNR_umount }, { "umount2", (__NR_SYSCALL_BASE + 52) }, { "uname", (__NR_SYSCALL_BASE + 122) }, { "unlink", (__NR_SYSCALL_BASE + 10) }, @@ -429,7 +429,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "unshare", (__NR_SYSCALL_BASE + 337) }, { "uselib", (__NR_SYSCALL_BASE + 86) }, { "ustat", (__NR_SYSCALL_BASE + 62) }, - { "utime", (__NR_SYSCALL_BASE + 30) }, + { "utime", __PNR_utime }, { "utimensat", (__NR_SYSCALL_BASE + 348) }, { "utimes", (__NR_SYSCALL_BASE + 269) }, { "vfork", (__NR_SYSCALL_BASE + 190) }, diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate index 2cbf696..1616c9f 100755 --- a/src/arch-syscall-validate +++ b/src/arch-syscall-validate @@ -146,7 +146,7 @@ function dump_lib_x32() { # function dump_sys_arm() { # NOTE: arm_sync_file_range() and sync_file_range2() share values - cat $1/arch/arm/include/uapi/asm/unistd.h | \ + gcc -E -dM -D __ARM_EABI__ $1/arch/arm/include/uapi/asm/unistd.h | \ grep "^#define __NR_" | sort | \ grep -v "^#define __NR_OABI_SYSCALL_BASE" | \ grep -v "^#define __NR_SYSCALL_BASE" | \ -- 2.1.4