2 * Enhanced Seccomp x86 Syscall Table
4 * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
5 * Author: Paul Moore <paul@paul-moore.com>
9 * This library is free software; you can redistribute it and/or modify it
10 * under the terms of version 2.1 of the GNU Lesser General Public License as
11 * published by the Free Software Foundation.
13 * This library is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
15 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this library; if not, see <http://www.gnu.org/licenses>.
29 /* NOTE: based on Linux 4.5-rc4 */
30 const struct arch_syscall_def x86_syscall_table
[] = { \
32 { "_newselect", 142 },
34 { "accept", __PNR_accept
},
40 { "afs_syscall", 137 },
42 { "arm_fadvise64_64", __PNR_arm_fadvise64_64
},
43 { "arm_sync_file_range", __PNR_arm_sync_file_range
},
44 { "arch_prctl", __PNR_arch_prctl
},
49 { "breakpoint", __PNR_breakpoint
},
51 { "cachectl", __PNR_cachectl
},
52 { "cacheflush", __PNR_cacheflush
},
60 { "clock_adjtime", 343 },
61 { "clock_getres", 266 },
62 { "clock_gettime", 265 },
63 { "clock_nanosleep", 267 },
64 { "clock_settime", 264 },
68 { "copy_file_range", 377 },
70 { "create_module", 127 },
71 { "delete_module", 129 },
75 { "epoll_create", 254 },
76 { "epoll_create1", 329 },
78 { "epoll_ctl_old", __PNR_epoll_ctl_old
},
79 { "epoll_pwait", 319 },
80 { "epoll_wait", 256 },
81 { "epoll_wait_old", __PNR_epoll_wait_old
},
87 { "exit_group", 252 },
90 { "fadvise64_64", 272 },
92 { "fanotify_init", 338 },
93 { "fanotify_mark", 339 },
102 { "fdatasync", 148 },
103 { "fgetxattr", 231 },
104 { "finit_module", 350 },
105 { "flistxattr", 234 },
108 { "fremovexattr", 237 },
109 { "fsetxattr", 228 },
112 { "fstatat64", 300 },
114 { "fstatfs64", 269 },
118 { "ftruncate64", 194 },
120 { "futimesat", 299 },
121 { "get_kernel_syms", 130 },
122 { "get_mempolicy", 275 },
123 { "get_robust_list", 312 },
124 { "get_thread_area", 244 },
128 { "getdents64", 220 },
130 { "getegid32", 202 },
132 { "geteuid32", 201 },
136 { "getgroups32", 205 },
137 { "getitimer", 105 },
138 { "getpeername", 368 },
144 { "getpriority", 96 },
145 { "getrandom", 355 },
146 { "getresgid", 171 },
147 { "getresgid32", 211 },
148 { "getresuid", 165 },
149 { "getresuid32", 209 },
153 { "getsockname", 367 },
154 { "getsockopt", 365 },
156 { "gettimeofday", 78 },
162 { "init_module", 128 },
163 { "inotify_add_watch", 292 },
164 { "inotify_init", 291 },
165 { "inotify_init1", 332 },
166 { "inotify_rm_watch", 293 },
167 { "io_cancel", 249 },
168 { "io_destroy", 246 },
169 { "io_getevents", 247 },
171 { "io_submit", 248 },
175 { "ioprio_get", 290 },
176 { "ioprio_set", 289 },
179 { "kexec_file_load", __PNR_kexec_file_load
},
180 { "kexec_load", 283 },
185 { "lgetxattr", 230 },
189 { "listxattr", 232 },
190 { "llistxattr", 233 },
192 { "lookup_dcookie", 253 },
193 { "lremovexattr", 236 },
195 { "lsetxattr", 227 },
200 { "membarrier", 375 },
201 { "memfd_create", 356 },
202 { "migrate_pages", 294 },
213 { "modify_ldt", 123 },
215 { "move_pages", 317 },
218 { "mq_getsetattr", 282 },
219 { "mq_notify", 281 },
221 { "mq_timedreceive", 280 },
222 { "mq_timedsend", 279 },
223 { "mq_unlink", 278 },
225 { "msgctl", __PNR_msgctl
},
226 { "msgget", __PNR_msgget
},
227 { "msgrcv", __PNR_msgrcv
},
228 { "msgsnd", __PNR_msgsnd
},
230 { "multiplexer", __PNR_multiplexer
},
232 { "munlockall", 153 },
234 { "name_to_handle_at", 341 },
235 { "nanosleep", 162 },
236 { "newfstatat", __PNR_newfstatat
},
237 { "nfsservctl", 169 },
241 { "oldolduname", 59 },
244 { "oldwait4", __PNR_oldwait4
},
246 { "open_by_handle_at", 342 },
249 { "pciconfig_iobase", __PNR_pciconfig_iobase
},
250 { "pciconfig_read", __PNR_pciconfig_read
},
251 { "pciconfig_write", __PNR_pciconfig_write
},
252 { "perf_event_open", 336 },
253 { "personality", 136 },
256 { "pivot_root", 217 },
262 { "prlimit64", 340 },
263 { "process_vm_readv", 347 },
264 { "process_vm_writev", 348 },
272 { "query_module", 167 },
275 { "readahead", 225 },
278 { "readlinkat", 305 },
281 { "recv", __PNR_recv
},
285 { "remap_file_pages", 257 },
286 { "removexattr", 235 },
289 { "renameat2", 353 },
290 { "request_key", 287 },
291 { "restart_syscall", 0 },
293 { "rt_sigaction", 174 },
294 { "rt_sigpending", 176 },
295 { "rt_sigprocmask", 175 },
296 { "rt_sigqueueinfo", 178 },
297 { "rt_sigreturn", 173 },
298 { "rt_sigsuspend", 179 },
299 { "rt_sigtimedwait", 177 },
300 { "rt_tgsigqueueinfo", 335 },
301 { "rtas", __PNR_rtas
},
302 { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read
},
303 { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write
},
304 { "s390_runtime_instr", __PNR_s390_runtime_instr
},
305 { "sched_get_priority_max", 159 },
306 { "sched_get_priority_min", 160 },
307 { "sched_getaffinity", 242 },
308 { "sched_getattr", 352 },
309 { "sched_getparam", 155 },
310 { "sched_getscheduler", 157 },
311 { "sched_rr_get_interval", 161 },
312 { "sched_setaffinity", 241 },
313 { "sched_setattr", 351 },
314 { "sched_setparam", 154 },
315 { "sched_setscheduler", 156 },
316 { "sched_yield", 158 },
318 { "security", __PNR_security
},
320 { "semctl", __PNR_semctl
},
321 { "semget", __PNR_semget
},
322 { "semop", __PNR_semop
},
323 { "semtimedop", __PNR_semtimedop
},
324 { "send", __PNR_send
},
326 { "sendfile64", 239 },
330 { "set_mempolicy", 276 },
331 { "set_robust_list", 311 },
332 { "set_thread_area", 243 },
333 { "set_tid_address", 258 },
334 { "set_tls", __PNR_set_tls
},
335 { "setdomainname", 121 },
337 { "setfsgid32", 216 },
339 { "setfsuid32", 215 },
343 { "setgroups32", 206 },
344 { "sethostname", 74 },
345 { "setitimer", 104 },
348 { "setpriority", 97 },
350 { "setregid32", 204 },
351 { "setresgid", 170 },
352 { "setresgid32", 210 },
353 { "setresuid", 164 },
354 { "setresuid32", 208 },
356 { "setreuid32", 203 },
359 { "setsockopt", 366 },
360 { "settimeofday", 79 },
365 { "shmat", __PNR_shmat
},
366 { "shmctl", __PNR_shmctl
},
367 { "shmdt", __PNR_shmdt
},
368 { "shmget", __PNR_shmget
},
371 { "sigaltstack", 186 },
374 { "signalfd4", 327 },
375 { "sigpending", 73 },
376 { "sigprocmask", 126 },
377 { "sigreturn", 119 },
378 { "sigsuspend", 72 },
380 { "socketcall", 102 },
381 { "socketpair", 360 },
383 { "spu_create", __PNR_spu_create
},
384 { "spu_run", __PNR_spu_run
},
392 { "subpage_prot", __PNR_subpage_prot
},
393 { "swapcontext", __PNR_swapcontext
},
396 { "switch_endian", __PNR_switch_endian
},
398 { "symlinkat", 304 },
400 { "sync_file_range", 314 },
401 { "sync_file_range2", __PNR_sync_file_range2
},
403 { "syscall", __PNR_syscall
},
404 { "sys_debug_setcontext", __PNR_sys_debug_setcontext
},
408 { "sysmips", __PNR_sysmips
},
412 { "timer_create", 259 },
413 { "timer_delete", 263 },
414 { "timer_getoverrun", 262 },
415 { "timer_gettime", 261 },
416 { "timer_settime", 260 },
417 { "timerfd", __PNR_timerfd
},
418 { "timerfd_create", 322 },
419 { "timerfd_gettime", 326 },
420 { "timerfd_settime", 325 },
424 { "truncate64", 193 },
425 { "tuxcall", __PNR_tuxcall
},
426 { "ugetrlimit", 191 },
436 { "userfaultfd", 374 },
437 { "usr26", __PNR_usr26
},
438 { "usr32", __PNR_usr32
},
441 { "utimensat", 320 },
454 { NULL
, __NR_SCMP_ERROR
},
458 * Resolve a syscall name to a number
459 * @param name the syscall name
461 * Resolve the given syscall name to the syscall number using the syscall table.
462 * Returns the syscall number on success, including negative pseudo syscall
463 * numbers; returns __NR_SCMP_ERROR on failure.
466 int x86_syscall_resolve_name(const char *name
)
469 const struct arch_syscall_def
*table
= x86_syscall_table
;
471 /* XXX - plenty of room for future improvement here */
473 if (strcmp(name
, "accept") == 0)
475 if (strcmp(name
, "accept4") == 0)
476 return __PNR_accept4
;
477 else if (strcmp(name
, "bind") == 0)
479 else if (strcmp(name
, "connect") == 0)
480 return __PNR_connect
;
481 else if (strcmp(name
, "getpeername") == 0)
482 return __PNR_getpeername
;
483 else if (strcmp(name
, "getsockname") == 0)
484 return __PNR_getsockname
;
485 else if (strcmp(name
, "getsockopt") == 0)
486 return __PNR_getsockopt
;
487 else if (strcmp(name
, "listen") == 0)
489 else if (strcmp(name
, "recv") == 0)
491 else if (strcmp(name
, "recvfrom") == 0)
492 return __PNR_recvfrom
;
493 else if (strcmp(name
, "recvmsg") == 0)
494 return __PNR_recvmsg
;
495 else if (strcmp(name
, "recvmmsg") == 0)
496 return __PNR_recvmmsg
;
497 else if (strcmp(name
, "send") == 0)
499 else if (strcmp(name
, "sendmsg") == 0)
500 return __PNR_sendmsg
;
501 else if (strcmp(name
, "sendmmsg") == 0)
502 return __PNR_sendmmsg
;
503 else if (strcmp(name
, "sendto") == 0)
505 else if (strcmp(name
, "setsockopt") == 0)
506 return __PNR_setsockopt
;
507 else if (strcmp(name
, "shutdown") == 0)
508 return __PNR_shutdown
;
509 else if (strcmp(name
, "socket") == 0)
511 else if (strcmp(name
, "socketpair") == 0)
512 return __PNR_socketpair
;
514 for (iter
= 0; table
[iter
].name
!= NULL
; iter
++) {
515 if (strcmp(name
, table
[iter
].name
) == 0)
516 return table
[iter
].num
;
519 return __NR_SCMP_ERROR
;
523 * Resolve a syscall number to a name
524 * @param num the syscall number
526 * Resolve the given syscall number to the syscall name using the syscall table.
527 * Returns a pointer to the syscall name string on success, including pseudo
528 * syscall names; returns NULL on failure.
531 const char *x86_syscall_resolve_num(int num
)
534 const struct arch_syscall_def
*table
= x86_syscall_table
;
536 /* XXX - plenty of room for future improvement here */
538 if (num
== __PNR_accept
)
540 else if (num
== __PNR_accept4
)
542 else if (num
== __PNR_bind
)
544 else if (num
== __PNR_connect
)
546 else if (num
== __PNR_getpeername
)
547 return "getpeername";
548 else if (num
== __PNR_getsockname
)
549 return "getsockname";
550 else if (num
== __PNR_getsockopt
)
552 else if (num
== __PNR_listen
)
554 else if (num
== __PNR_recv
)
556 else if (num
== __PNR_recvfrom
)
558 else if (num
== __PNR_recvmsg
)
560 else if (num
== __PNR_recvmmsg
)
562 else if (num
== __PNR_send
)
564 else if (num
== __PNR_sendmsg
)
566 else if (num
== __PNR_sendmmsg
)
568 else if (num
== __PNR_sendto
)
570 else if (num
== __PNR_setsockopt
)
572 else if (num
== __PNR_shutdown
)
574 else if (num
== __PNR_socket
)
576 else if (num
== __PNR_socketpair
)
579 for (iter
= 0; table
[iter
].num
!= __NR_SCMP_ERROR
; iter
++) {
580 if (num
== table
[iter
].num
)
581 return table
[iter
].name
;
588 * Iterate through the syscall table and return the syscall name
589 * @param spot the offset into the syscall table
591 * Return the syscall name at position @spot or NULL on failure. This function
592 * should only ever be used internally by libseccomp.
595 const char *x86_syscall_iterate_name(unsigned int spot
)
597 /* XXX - no safety checks here */
598 return x86_syscall_table
[spot
].name
;