diff --git a/libseccomp-arm-syscall-fixes.patch b/libseccomp-arm-syscall-fixes.patch new file mode 100644 index 0000000..981c8aa --- /dev/null +++ b/libseccomp-arm-syscall-fixes.patch @@ -0,0 +1,179 @@ +From d1019115acdc8460c9a1f8a878768001a3c32431 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Fri, 10 Apr 2015 10:31:04 -0400 +Subject: [PATCH] arm: fix some problems with the syscall table + +The 32-bit ARM syscall table mistakenly included syscall definitions +for the syscalls below. This patch redefines those syscalls to +libseccomp's pseudo-syscall numbers and corrects the +arch-syscall-validate to correctly list the 32-bit ARM syscalls. + + * time + * umount + * stime + * alarm + * utime + * getrlimit + * select + * readdir + * mmap + * socketcall + * syscall + * ipc + +Reported-by: Andreas Farber +Signed-off-by: Paul Moore +--- + include/seccomp.h.in | 10 ++++++++++ + src/arch-arm-syscalls.c | 24 ++++++++++++------------ + src/arch-syscall-validate | 2 +- + 3 files changed, 23 insertions(+), 13 deletions(-) + +diff --git a/include/seccomp.h.in b/include/seccomp.h.in +index 6a115d1..9a28e4a 100644 +--- a/include/seccomp.h.in ++++ b/include/seccomp.h.in +@@ -1424,6 +1424,16 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd); + #define __NR_utimes __PNR_utimes + #endif /* __NR_utimes */ + ++#define __PNR_getrlimit -10180 ++#ifndef __NR_getrlimit ++#define __NR_getrlimit __PNR_getrlimit ++#endif /* __NR_utimes */ ++ ++#define __PNR_mmap -10181 ++#ifndef __NR_mmap ++#define __NR_mmap __PNR_mmap ++#endif /* __NR_utimes */ ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c +index 8876135..b574ccc 100644 +--- a/src/arch-arm-syscalls.c ++++ b/src/arch-arm-syscalls.c +@@ -49,7 +49,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "add_key", (__NR_SYSCALL_BASE + 309) }, + { "adjtimex", (__NR_SYSCALL_BASE + 124) }, + { "afs_syscall", __PNR_afs_syscall }, +- { "alarm", (__NR_SYSCALL_BASE + 27) }, ++ { "alarm", __PNR_alarm }, + { "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) }, + { "arm_sync_file_range", (__NR_SYSCALL_BASE + 341) }, + { "arch_prctl", __PNR_arch_prctl }, +@@ -156,7 +156,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "getresgid32", (__NR_SYSCALL_BASE + 211) }, + { "getresuid", (__NR_SYSCALL_BASE + 165) }, + { "getresuid32", (__NR_SYSCALL_BASE + 209) }, +- { "getrlimit", (__NR_SYSCALL_BASE + 76) }, ++ { "getrlimit", __PNR_getrlimit }, + { "getrusage", (__NR_SYSCALL_BASE + 77) }, + { "getsid", (__NR_SYSCALL_BASE + 147) }, + { "getsockname", (__NR_SYSCALL_BASE + 286) }, +@@ -183,7 +183,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "iopl", __PNR_iopl }, + { "ioprio_get", (__NR_SYSCALL_BASE + 315) }, + { "ioprio_set", (__NR_SYSCALL_BASE + 314) }, +- { "ipc", (__NR_SYSCALL_BASE + 117) }, ++ { "ipc", __PNR_ipc }, + { "kcmp", (__NR_SYSCALL_BASE + 378) }, + { "kexec_file_load", __PNR_kexec_file_load }, + { "kexec_load", (__NR_SYSCALL_BASE + 347) }, +@@ -215,7 +215,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "mknodat", (__NR_SYSCALL_BASE + 324) }, + { "mlock", (__NR_SYSCALL_BASE + 150) }, + { "mlockall", (__NR_SYSCALL_BASE + 152) }, +- { "mmap", (__NR_SYSCALL_BASE + 90) }, ++ { "mmap", __PNR_mmap }, + { "mmap2", (__NR_SYSCALL_BASE + 192) }, + { "modify_ldt", __PNR_modify_ldt }, + { "mount", (__NR_SYSCALL_BASE + 21) }, +@@ -279,7 +279,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "quotactl", (__NR_SYSCALL_BASE + 131) }, + { "read", (__NR_SYSCALL_BASE + 3) }, + { "readahead", (__NR_SYSCALL_BASE + 225) }, +- { "readdir", (__NR_SYSCALL_BASE + 89) }, ++ { "readdir", __PNR_readdir }, + { "readlink", (__NR_SYSCALL_BASE + 85) }, + { "readlinkat", (__NR_SYSCALL_BASE + 332) }, + { "readv", (__NR_SYSCALL_BASE + 145) }, +@@ -318,7 +318,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "sched_yield", (__NR_SYSCALL_BASE + 158) }, + { "seccomp", (__NR_SYSCALL_BASE + 383) }, + { "security", __PNR_security }, +- { "select", (__NR_SYSCALL_BASE + 82) }, ++ { "select", __PNR_select }, + { "semctl", (__NR_SYSCALL_BASE + 300) }, + { "semget", (__NR_SYSCALL_BASE + 299) }, + { "semop", (__NR_SYSCALL_BASE + 298) }, +@@ -378,7 +378,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "sigreturn", (__NR_SYSCALL_BASE + 119) }, + { "sigsuspend", (__NR_SYSCALL_BASE + 72) }, + { "socket", (__NR_SYSCALL_BASE + 281) }, +- { "socketcall", (__NR_SYSCALL_BASE + 102) }, ++ { "socketcall", __PNR_socketcall }, + { "socketpair", (__NR_SYSCALL_BASE + 288) }, + { "splice", (__NR_SYSCALL_BASE + 340) }, + { "ssetmask", __PNR_ssetmask }, +@@ -386,7 +386,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "stat64", (__NR_SYSCALL_BASE + 195) }, + { "statfs", (__NR_SYSCALL_BASE + 99) }, + { "statfs64", (__NR_SYSCALL_BASE + 266) }, +- { "stime", (__NR_SYSCALL_BASE + 25) }, ++ { "stime", __PNR_stime }, + { "stty", __PNR_stty }, + { "swapoff", (__NR_SYSCALL_BASE + 115) }, + { "swapon", (__NR_SYSCALL_BASE + 87) }, +@@ -396,14 +396,14 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "sync_file_range", __PNR_sync_file_range }, + { "sync_file_range2", (__NR_SYSCALL_BASE + 341) }, + { "syncfs", (__NR_SYSCALL_BASE + 373) }, +- { "syscall", (__NR_SYSCALL_BASE + 113) }, ++ { "syscall", __PNR_syscall }, + { "sysfs", (__NR_SYSCALL_BASE + 135) }, + { "sysinfo", (__NR_SYSCALL_BASE + 116) }, + { "syslog", (__NR_SYSCALL_BASE + 103) }, + { "sysmips", __PNR_sysmips }, + { "tee", (__NR_SYSCALL_BASE + 342) }, + { "tgkill", (__NR_SYSCALL_BASE + 268) }, +- { "time", (__NR_SYSCALL_BASE + 13) }, ++ { "time", __PNR_time }, + { "timer_create", (__NR_SYSCALL_BASE + 257) }, + { "timer_delete", (__NR_SYSCALL_BASE + 261) }, + { "timer_getoverrun", (__NR_SYSCALL_BASE + 260) }, +@@ -421,7 +421,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "ugetrlimit", (__NR_SYSCALL_BASE + 191) }, + { "ulimit", __PNR_ulimit }, + { "umask", (__NR_SYSCALL_BASE + 60) }, +- { "umount", (__NR_SYSCALL_BASE + 22) }, ++ { "umount", __PNR_umount }, + { "umount2", (__NR_SYSCALL_BASE + 52) }, + { "uname", (__NR_SYSCALL_BASE + 122) }, + { "unlink", (__NR_SYSCALL_BASE + 10) }, +@@ -429,7 +429,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "unshare", (__NR_SYSCALL_BASE + 337) }, + { "uselib", (__NR_SYSCALL_BASE + 86) }, + { "ustat", (__NR_SYSCALL_BASE + 62) }, +- { "utime", (__NR_SYSCALL_BASE + 30) }, ++ { "utime", __PNR_utime }, + { "utimensat", (__NR_SYSCALL_BASE + 348) }, + { "utimes", (__NR_SYSCALL_BASE + 269) }, + { "vfork", (__NR_SYSCALL_BASE + 190) }, +diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate +index 2cbf696..1616c9f 100755 +--- a/src/arch-syscall-validate ++++ b/src/arch-syscall-validate +@@ -146,7 +146,7 @@ function dump_lib_x32() { + # + function dump_sys_arm() { + # NOTE: arm_sync_file_range() and sync_file_range2() share values +- cat $1/arch/arm/include/uapi/asm/unistd.h | \ ++ gcc -E -dM -D __ARM_EABI__ $1/arch/arm/include/uapi/asm/unistd.h | \ + grep "^#define __NR_" | sort | \ + grep -v "^#define __NR_OABI_SYSCALL_BASE" | \ + grep -v "^#define __NR_SYSCALL_BASE" | \ +-- +2.1.4 + diff --git a/libseccomp.changes b/libseccomp.changes index c6bc4a1..9a58614 100644 --- a/libseccomp.changes +++ b/libseccomp.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Apr 10 16:52:55 UTC 2015 - afaerber@suse.de + +- Fix some arm syscall constants + libseccomp-arm-syscall-fixes.patch + ------------------------------------------------------------------- Sun Mar 29 00:28:59 UTC 2015 - jengelh@inai.de diff --git a/libseccomp.spec b/libseccomp.spec index b097ec9..fcda261 100644 --- a/libseccomp.spec +++ b/libseccomp.spec @@ -31,6 +31,7 @@ Source2: https://github.com/seccomp/libseccomp/releases/download/v%versio Patch1: no-static.diff Patch2: 0001-tools-add-the-missing-elf.h-header-file.patch Patch3: libseccomp-s390x-support.patch +Patch4: libseccomp-arm-syscall-fixes.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake >= 1.11 @@ -98,7 +99,7 @@ This subpackage contains debug utilities for the seccomp interface. %prep %setup -q -%patch -P 1 -P 2 -P 3 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -p1 %build autoreconf -fi