[linux-seccomp.git] / libseccomp / src / arch-x86-syscalls.c

/**
 * Enhanced Seccomp x86 Syscall Table
 *
 * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
 * Author: Paul Moore <paul@paul-moore.com>
 */

/*
 * This library is free software; you can redistribute it and/or modify it
 * under the terms of version 2.1 of the GNU Lesser General Public License as
 * published by the Free Software Foundation.
 *
 * This library is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
 * for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this library; if not, see <http://www.gnu.org/licenses>.
 */

#include <string.h>

#include <seccomp.h>

#include "arch.h"
#include "arch-x86.h"

/* NOTE: based on Linux 4.5-rc4 */
const struct arch_syscall_def x86_syscall_table[] = { \
	{ "_llseek", 140 },
	{ "_newselect", 142 },
	{ "_sysctl", 149 },
	{ "accept", __PNR_accept },
	{ "accept4", 364 },
	{ "access", 33 },
	{ "acct", 51 },
	{ "add_key", 286 },
	{ "adjtimex", 124 },
	{ "afs_syscall", 137 },
	{ "alarm", 27 },
	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
	{ "arch_prctl", __PNR_arch_prctl },
	{ "bdflush", 134 },
	{ "bind", 361 },
	{ "bpf", 357 },
	{ "break", 17 },
	{ "breakpoint", __PNR_breakpoint },
	{ "brk", 45 },
	{ "cachectl", __PNR_cachectl },
	{ "cacheflush", __PNR_cacheflush },
	{ "capget", 184 },
	{ "capset", 185 },
	{ "chdir", 12 },
	{ "chmod", 15 },
	{ "chown", 182 },
	{ "chown32", 212 },
	{ "chroot", 61 },
	{ "clock_adjtime", 343 },
	{ "clock_getres", 266 },
	{ "clock_gettime", 265 },
	{ "clock_nanosleep", 267 },
	{ "clock_settime", 264 },
	{ "clone", 120 },
	{ "close", 6 },
	{ "connect", 362 },
	{ "copy_file_range", 377 },
	{ "creat", 8 },
	{ "create_module", 127 },
	{ "delete_module", 129 },
	{ "dup", 41 },
	{ "dup2", 63 },
	{ "dup3", 330 },
	{ "epoll_create", 254 },
	{ "epoll_create1", 329 },
	{ "epoll_ctl", 255 },
	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
	{ "epoll_pwait", 319 },
	{ "epoll_wait", 256 },
	{ "epoll_wait_old", __PNR_epoll_wait_old },
	{ "eventfd", 323 },
	{ "eventfd2", 328 },
	{ "execve", 11 },
	{ "execveat", 358 },
	{ "exit", 1 },
	{ "exit_group", 252 },
	{ "faccessat", 307 },
	{ "fadvise64", 250 },
	{ "fadvise64_64", 272 },
	{ "fallocate", 324 },
	{ "fanotify_init", 338 },
	{ "fanotify_mark", 339 },
	{ "fchdir", 133 },
	{ "fchmod", 94 },
	{ "fchmodat", 306 },
	{ "fchown", 95 },
	{ "fchown32", 207 },
	{ "fchownat", 298 },
	{ "fcntl", 55 },
	{ "fcntl64", 221 },
	{ "fdatasync", 148 },
	{ "fgetxattr", 231 },
	{ "finit_module", 350 },
	{ "flistxattr", 234 },
	{ "flock", 143 },
	{ "fork", 2 },
	{ "fremovexattr", 237 },
	{ "fsetxattr", 228 },
	{ "fstat", 108 },
	{ "fstat64", 197 },
	{ "fstatat64", 300 },
	{ "fstatfs", 100 },
	{ "fstatfs64", 269 },
	{ "fsync", 118 },
	{ "ftime", 35 },
	{ "ftruncate", 93 },
	{ "ftruncate64", 194 },
	{ "futex", 240 },
	{ "futimesat", 299 },
	{ "get_kernel_syms", 130 },
	{ "get_mempolicy", 275 },
	{ "get_robust_list", 312 },
	{ "get_thread_area", 244 },
	{ "getcpu", 318 },
	{ "getcwd", 183 },
	{ "getdents", 141 },
	{ "getdents64", 220 },
	{ "getegid", 50 },
	{ "getegid32", 202 },
	{ "geteuid", 49 },
	{ "geteuid32", 201 },
	{ "getgid", 47 },
	{ "getgid32", 200 },
	{ "getgroups", 80 },
	{ "getgroups32", 205 },
	{ "getitimer", 105 },
	{ "getpeername", 368 },
	{ "getpgid", 132 },
	{ "getpgrp", 65 },
	{ "getpid", 20 },
	{ "getpmsg", 188 },
	{ "getppid", 64 },
	{ "getpriority", 96 },
	{ "getrandom", 355 },
	{ "getresgid", 171 },
	{ "getresgid32", 211 },
	{ "getresuid", 165 },
	{ "getresuid32", 209 },
	{ "getrlimit", 76 },
	{ "getrusage", 77 },
	{ "getsid", 147 },
	{ "getsockname", 367 },
	{ "getsockopt", 365 },
	{ "gettid", 224 },
	{ "gettimeofday", 78 },
	{ "getuid", 24 },
	{ "getuid32", 199 },
	{ "getxattr", 229 },
	{ "gtty", 32 },
	{ "idle", 112 },
	{ "init_module", 128 },
	{ "inotify_add_watch", 292 },
	{ "inotify_init", 291 },
	{ "inotify_init1", 332 },
	{ "inotify_rm_watch", 293 },
	{ "io_cancel", 249 },
	{ "io_destroy", 246 },
	{ "io_getevents", 247 },
	{ "io_setup", 245 },
	{ "io_submit", 248 },
	{ "ioctl", 54 },
	{ "ioperm", 101 },
	{ "iopl", 110 },
	{ "ioprio_get", 290 },
	{ "ioprio_set", 289 },
	{ "ipc", 117 },
	{ "kcmp", 349 },
	{ "kexec_file_load", __PNR_kexec_file_load },
	{ "kexec_load", 283 },
	{ "keyctl", 288 },
	{ "kill", 37 },
	{ "lchown", 16 },
	{ "lchown32", 198 },
	{ "lgetxattr", 230 },
	{ "link", 9 },
	{ "linkat", 303 },
	{ "listen", 363 },
	{ "listxattr", 232 },
	{ "llistxattr", 233 },
	{ "lock", 53 },
	{ "lookup_dcookie", 253 },
	{ "lremovexattr", 236 },
	{ "lseek", 19 },
	{ "lsetxattr", 227 },
	{ "lstat", 107 },
	{ "lstat64", 196 },
	{ "madvise", 219 },
	{ "mbind", 274 },
	{ "membarrier", 375 },
	{ "memfd_create", 356 },
	{ "migrate_pages", 294 },
	{ "mincore", 218 },
	{ "mkdir", 39 },
	{ "mkdirat", 296 },
	{ "mknod", 14 },
	{ "mknodat", 297 },
	{ "mlock", 150 },
	{ "mlock2", 376 },
	{ "mlockall", 152 },
	{ "mmap", 90 },
	{ "mmap2", 192 },
	{ "modify_ldt", 123 },
	{ "mount", 21 },
	{ "move_pages", 317 },
	{ "mprotect", 125 },
	{ "mpx", 56 },
	{ "mq_getsetattr", 282 },
	{ "mq_notify", 281 },
	{ "mq_open", 277 },
	{ "mq_timedreceive", 280 },
	{ "mq_timedsend", 279 },
	{ "mq_unlink", 278 },
	{ "mremap", 163 },
	{ "msgctl", __PNR_msgctl },
	{ "msgget", __PNR_msgget },
	{ "msgrcv", __PNR_msgrcv },
	{ "msgsnd", __PNR_msgsnd },
	{ "msync", 144 },
	{ "multiplexer", __PNR_multiplexer },
	{ "munlock", 151 },
	{ "munlockall", 153 },
	{ "munmap", 91 },
	{ "name_to_handle_at", 341 },
	{ "nanosleep", 162 },
	{ "newfstatat", __PNR_newfstatat },
	{ "nfsservctl", 169 },
	{ "nice", 34 },
	{ "oldfstat", 28 },
	{ "oldlstat", 84 },
	{ "oldolduname", 59 },
	{ "oldstat", 18 },
	{ "olduname", 109 },
	{ "oldwait4", __PNR_oldwait4 },
	{ "open", 5 },
	{ "open_by_handle_at", 342 },
	{ "openat", 295 },
	{ "pause", 29 },
	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
	{ "pciconfig_read", __PNR_pciconfig_read },
	{ "pciconfig_write", __PNR_pciconfig_write },
	{ "perf_event_open", 336 },
	{ "personality", 136 },
	{ "pipe", 42 },
	{ "pipe2", 331 },
	{ "pivot_root", 217 },
	{ "poll", 168 },
	{ "ppoll", 309 },
	{ "prctl", 172 },
	{ "pread64", 180 },
	{ "preadv", 333 },
	{ "prlimit64", 340 },
	{ "process_vm_readv", 347 },
	{ "process_vm_writev", 348 },
	{ "prof", 44 },
	{ "profil", 98 },
	{ "pselect6", 308 },
	{ "ptrace", 26 },
	{ "putpmsg", 189 },
	{ "pwrite64", 181 },
	{ "pwritev", 334 },
	{ "query_module", 167 },
	{ "quotactl", 131 },
	{ "read", 3 },
	{ "readahead", 225 },
	{ "readdir", 89 },
	{ "readlink", 85 },
	{ "readlinkat", 305 },
	{ "readv", 145 },
	{ "reboot", 88 },
	{ "recv", __PNR_recv },
	{ "recvfrom", 371 },
	{ "recvmmsg", 337 },
	{ "recvmsg", 372 },
	{ "remap_file_pages", 257 },
	{ "removexattr", 235 },
	{ "rename", 38 },
	{ "renameat", 302 },
	{ "renameat2", 353 },
	{ "request_key", 287 },
	{ "restart_syscall", 0 },
	{ "rmdir", 40 },
	{ "rt_sigaction", 174 },
	{ "rt_sigpending", 176 },
	{ "rt_sigprocmask", 175 },
	{ "rt_sigqueueinfo", 178 },
	{ "rt_sigreturn", 173 },
	{ "rt_sigsuspend", 179 },
	{ "rt_sigtimedwait", 177 },
	{ "rt_tgsigqueueinfo", 335 },
	{ "rtas", __PNR_rtas },
	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
	{ "sched_get_priority_max", 159 },
	{ "sched_get_priority_min", 160 },
	{ "sched_getaffinity", 242 },
	{ "sched_getattr", 352 },
	{ "sched_getparam", 155 },
	{ "sched_getscheduler", 157 },
	{ "sched_rr_get_interval", 161 },
	{ "sched_setaffinity", 241 },
	{ "sched_setattr", 351 },
	{ "sched_setparam", 154 },
	{ "sched_setscheduler", 156 },
	{ "sched_yield", 158 },
	{ "seccomp", 354 },
	{ "security", __PNR_security },
	{ "select", 82 },
	{ "semctl", __PNR_semctl },
	{ "semget", __PNR_semget },
	{ "semop", __PNR_semop },
	{ "semtimedop", __PNR_semtimedop },
	{ "send", __PNR_send },
	{ "sendfile", 187 },
	{ "sendfile64", 239 },
	{ "sendmmsg", 345 },
	{ "sendmsg", 370 },
	{ "sendto", 369 },
	{ "set_mempolicy", 276 },
	{ "set_robust_list", 311 },
	{ "set_thread_area", 243 },
	{ "set_tid_address", 258 },
	{ "set_tls", __PNR_set_tls },
	{ "setdomainname", 121 },
	{ "setfsgid", 139 },
	{ "setfsgid32", 216 },
	{ "setfsuid", 138 },
	{ "setfsuid32", 215 },
	{ "setgid", 46 },
	{ "setgid32", 214 },
	{ "setgroups", 81 },
	{ "setgroups32", 206 },
	{ "sethostname", 74 },
	{ "setitimer", 104 },
	{ "setns", 346 },
	{ "setpgid", 57 },
	{ "setpriority", 97 },
	{ "setregid", 71 },
	{ "setregid32", 204 },
	{ "setresgid", 170 },
	{ "setresgid32", 210 },
	{ "setresuid", 164 },
	{ "setresuid32", 208 },
	{ "setreuid", 70 },
	{ "setreuid32", 203 },
	{ "setrlimit", 75 },
	{ "setsid", 66 },
	{ "setsockopt", 366 },
	{ "settimeofday", 79 },
	{ "setuid", 23 },
	{ "setuid32", 213 },
	{ "setxattr", 226 },
	{ "sgetmask", 68 },
	{ "shmat", __PNR_shmat },
	{ "shmctl", __PNR_shmctl },
	{ "shmdt", __PNR_shmdt },
	{ "shmget", __PNR_shmget },
	{ "shutdown", 373 },
	{ "sigaction", 67 },
	{ "sigaltstack", 186 },
	{ "signal", 48 },
	{ "signalfd", 321 },
	{ "signalfd4", 327 },
	{ "sigpending", 73 },
	{ "sigprocmask", 126 },
	{ "sigreturn", 119 },
	{ "sigsuspend", 72 },
	{ "socket", 359 },
	{ "socketcall", 102 },
	{ "socketpair", 360 },
	{ "splice", 313 },
	{ "spu_create", __PNR_spu_create },
	{ "spu_run", __PNR_spu_run },
	{ "ssetmask", 69 },
	{ "stat", 106 },
	{ "stat64", 195 },
	{ "statfs", 99 },
	{ "statfs64", 268 },
	{ "stime", 25 },
	{ "stty", 31 },
	{ "subpage_prot", __PNR_subpage_prot },
	{ "swapcontext", __PNR_swapcontext },
	{ "swapoff", 115 },
	{ "swapon", 87 },
	{ "switch_endian", __PNR_switch_endian },
	{ "symlink", 83 },
	{ "symlinkat", 304 },
	{ "sync", 36 },
	{ "sync_file_range", 314 },
	{ "sync_file_range2", __PNR_sync_file_range2 },
	{ "syncfs", 344 },
	{ "syscall", __PNR_syscall },
	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
	{ "sysfs", 135 },
	{ "sysinfo", 116 },
	{ "syslog", 103 },
	{ "sysmips", __PNR_sysmips },
	{ "tee", 315 },
	{ "tgkill", 270 },
	{ "time", 13 },
	{ "timer_create", 259 },
	{ "timer_delete", 263 },
	{ "timer_getoverrun", 262 },
	{ "timer_gettime", 261 },
	{ "timer_settime", 260 },
	{ "timerfd", __PNR_timerfd },
	{ "timerfd_create", 322 },
	{ "timerfd_gettime", 326 },
	{ "timerfd_settime", 325 },
	{ "times", 43 },
	{ "tkill", 238 },
	{ "truncate", 92 },
	{ "truncate64", 193 },
	{ "tuxcall", __PNR_tuxcall },
	{ "ugetrlimit", 191 },
	{ "ulimit", 58 },
	{ "umask", 60 },
	{ "umount", 22 },
	{ "umount2", 52 },
	{ "uname", 122 },
	{ "unlink", 10 },
	{ "unlinkat", 301 },
	{ "unshare", 310 },
	{ "uselib", 86 },
	{ "userfaultfd", 374 },
	{ "usr26", __PNR_usr26 },
	{ "usr32", __PNR_usr32 },
	{ "ustat", 62 },
	{ "utime", 30 },
	{ "utimensat", 320 },
	{ "utimes", 271 },
	{ "vfork", 190 },
	{ "vhangup", 111 },
	{ "vm86", 166 },
	{ "vm86old", 113 },
	{ "vmsplice", 316 },
	{ "vserver", 273 },
	{ "wait4", 114 },
	{ "waitid", 284 },
	{ "waitpid", 7 },
	{ "write", 4 },
	{ "writev", 146 },
	{ NULL, __NR_SCMP_ERROR },
};

/**
 * Resolve a syscall name to a number
 * @param name the syscall name
 *
 * Resolve the given syscall name to the syscall number using the syscall table.
 * Returns the syscall number on success, including negative pseudo syscall
 * numbers; returns __NR_SCMP_ERROR on failure.
 *
 */
int x86_syscall_resolve_name(const char *name)
{
	unsigned int iter;
	const struct arch_syscall_def *table = x86_syscall_table;

	/* XXX - plenty of room for future improvement here */

	if (strcmp(name, "accept") == 0)
		return __PNR_accept;
	if (strcmp(name, "accept4") == 0)
		return __PNR_accept4;
	else if (strcmp(name, "bind") == 0)
		return __PNR_bind;
	else if (strcmp(name, "connect") == 0)
		return __PNR_connect;
	else if (strcmp(name, "getpeername") == 0)
		return __PNR_getpeername;
	else if (strcmp(name, "getsockname") == 0)
		return __PNR_getsockname;
	else if (strcmp(name, "getsockopt") == 0)
		return __PNR_getsockopt;
	else if (strcmp(name, "listen") == 0)
		return __PNR_listen;
	else if (strcmp(name, "recv") == 0)
		return __PNR_recv;
	else if (strcmp(name, "recvfrom") == 0)
		return __PNR_recvfrom;
	else if (strcmp(name, "recvmsg") == 0)
		return __PNR_recvmsg;
	else if (strcmp(name, "recvmmsg") == 0)
		return __PNR_recvmmsg;
	else if (strcmp(name, "send") == 0)
		return __PNR_send;
	else if (strcmp(name, "sendmsg") == 0)
		return __PNR_sendmsg;
	else if (strcmp(name, "sendmmsg") == 0)
		return __PNR_sendmmsg;
	else if (strcmp(name, "sendto") == 0)
		return __PNR_sendto;
	else if (strcmp(name, "setsockopt") == 0)
		return __PNR_setsockopt;
	else if (strcmp(name, "shutdown") == 0)
		return __PNR_shutdown;
	else if (strcmp(name, "socket") == 0)
		return __PNR_socket;
	else if (strcmp(name, "socketpair") == 0)
		return __PNR_socketpair;

	for (iter = 0; table[iter].name != NULL; iter++) {
		if (strcmp(name, table[iter].name) == 0)
			return table[iter].num;
	}

	return __NR_SCMP_ERROR;
}

/**
 * Resolve a syscall number to a name
 * @param num the syscall number
 *
 * Resolve the given syscall number to the syscall name using the syscall table.
 * Returns a pointer to the syscall name string on success, including pseudo
 * syscall names; returns NULL on failure.
 *
 */
const char *x86_syscall_resolve_num(int num)
{
	unsigned int iter;
	const struct arch_syscall_def *table = x86_syscall_table;

	/* XXX - plenty of room for future improvement here */

	if (num == __PNR_accept)
		return "accept";
	else if (num == __PNR_accept4)
		return "accept4";
	else if (num == __PNR_bind)
		return "bind";
	else if (num == __PNR_connect)
		return "connect";
	else if (num == __PNR_getpeername)
		return "getpeername";
	else if (num == __PNR_getsockname)
		return "getsockname";
	else if (num == __PNR_getsockopt)
		return "getsockopt";
	else if (num == __PNR_listen)
		return "listen";
	else if (num == __PNR_recv)
		return "recv";
	else if (num == __PNR_recvfrom)
		return "recvfrom";
	else if (num == __PNR_recvmsg)
		return "recvmsg";
	else if (num == __PNR_recvmmsg)
		return "recvmmsg";
	else if (num == __PNR_send)
		return "send";
	else if (num == __PNR_sendmsg)
		return "sendmsg";
	else if (num == __PNR_sendmmsg)
		return "sendmmsg";
	else if (num == __PNR_sendto)
		return "sendto";
	else if (num == __PNR_setsockopt)
		return "setsockopt";
	else if (num == __PNR_shutdown)
		return "shutdown";
	else if (num == __PNR_socket)
		return "socket";
	else if (num == __PNR_socketpair)
		return "socketpair";

	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
		if (num == table[iter].num)
			return table[iter].name;
	}

	return NULL;
}

/**
 * Iterate through the syscall table and return the syscall name
 * @param spot the offset into the syscall table
 *
 * Return the syscall name at position @spot or NULL on failure.  This function
 * should only ever be used internally by libseccomp.
 *
 */
const char *x86_syscall_iterate_name(unsigned int spot)
{
	/* XXX - no safety checks here */
	return x86_syscall_table[spot].name;
}
Commit	Line	Data
8befd5cc MG	1	/**
	2	* Enhanced Seccomp x86 Syscall Table
	3	*
	4	* Copyright (c) 2012 Red Hat <pmoore@redhat.com>
	5	* Author: Paul Moore <paul@paul-moore.com>
	6	*/
	7
	8	/*
	9	* This library is free software; you can redistribute it and/or modify it
	10	* under the terms of version 2.1 of the GNU Lesser General Public License as
	11	* published by the Free Software Foundation.
	12	*
	13	* This library is distributed in the hope that it will be useful, but WITHOUT
	14	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	15	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
	16	* for more details.
	17	*
	18	* You should have received a copy of the GNU Lesser General Public License
	19	* along with this library; if not, see <http://www.gnu.org/licenses>.
	20	*/
	21
	22	#include <string.h>
	23
	24	#include <seccomp.h>
	25
	26	#include "arch.h"
	27	#include "arch-x86.h"
	28
	29	/* NOTE: based on Linux 4.5-rc4 */
	30	const struct arch_syscall_def x86_syscall_table[] = { \
	31	{ "_llseek", 140 },
	32	{ "_newselect", 142 },
	33	{ "_sysctl", 149 },
	34	{ "accept", __PNR_accept },
	35	{ "accept4", 364 },
	36	{ "access", 33 },
	37	{ "acct", 51 },
	38	{ "add_key", 286 },
	39	{ "adjtimex", 124 },
	40	{ "afs_syscall", 137 },
	41	{ "alarm", 27 },
	42	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
	43	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
	44	{ "arch_prctl", __PNR_arch_prctl },
	45	{ "bdflush", 134 },
	46	{ "bind", 361 },
	47	{ "bpf", 357 },
	48	{ "break", 17 },
	49	{ "breakpoint", __PNR_breakpoint },
	50	{ "brk", 45 },
	51	{ "cachectl", __PNR_cachectl },
	52	{ "cacheflush", __PNR_cacheflush },
	53	{ "capget", 184 },
	54	{ "capset", 185 },
	55	{ "chdir", 12 },
	56	{ "chmod", 15 },
	57	{ "chown", 182 },
	58	{ "chown32", 212 },
	59	{ "chroot", 61 },
	60	{ "clock_adjtime", 343 },
	61	{ "clock_getres", 266 },
	62	{ "clock_gettime", 265 },
	63	{ "clock_nanosleep", 267 },
	64	{ "clock_settime", 264 },
65	{ "clone", 120 },
66	{ "close", 6 },
67	{ "connect", 362 },
68	{ "copy_file_range", 377 },
69	{ "creat", 8 },
70	{ "create_module", 127 },
71	{ "delete_module", 129 },
72	{ "dup", 41 },
73	{ "dup2", 63 },
74	{ "dup3", 330 },
75	{ "epoll_create", 254 },
76	{ "epoll_create1", 329 },
77	{ "epoll_ctl", 255 },
78	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
79	{ "epoll_pwait", 319 },
80	{ "epoll_wait", 256 },
81	{ "epoll_wait_old", __PNR_epoll_wait_old },
82	{ "eventfd", 323 },
83	{ "eventfd2", 328 },
84	{ "execve", 11 },
85	{ "execveat", 358 },
86	{ "exit", 1 },
87	{ "exit_group", 252 },
88	{ "faccessat", 307 },
89	{ "fadvise64", 250 },
90	{ "fadvise64_64", 272 },
91	{ "fallocate", 324 },
92	{ "fanotify_init", 338 },
93	{ "fanotify_mark", 339 },
94	{ "fchdir", 133 },
95	{ "fchmod", 94 },
96	{ "fchmodat", 306 },
97	{ "fchown", 95 },
98	{ "fchown32", 207 },
99	{ "fchownat", 298 },
100	{ "fcntl", 55 },
101	{ "fcntl64", 221 },
102	{ "fdatasync", 148 },
103	{ "fgetxattr", 231 },
104	{ "finit_module", 350 },
105	{ "flistxattr", 234 },
106	{ "flock", 143 },
107	{ "fork", 2 },
108	{ "fremovexattr", 237 },
109	{ "fsetxattr", 228 },
110	{ "fstat", 108 },
111	{ "fstat64", 197 },
112	{ "fstatat64", 300 },
113	{ "fstatfs", 100 },
114	{ "fstatfs64", 269 },
115	{ "fsync", 118 },
116	{ "ftime", 35 },
117	{ "ftruncate", 93 },
118	{ "ftruncate64", 194 },
119	{ "futex", 240 },
120	{ "futimesat", 299 },
121	{ "get_kernel_syms", 130 },
122	{ "get_mempolicy", 275 },
123	{ "get_robust_list", 312 },
124	{ "get_thread_area", 244 },
125	{ "getcpu", 318 },
126	{ "getcwd", 183 },
127	{ "getdents", 141 },
128	{ "getdents64", 220 },
129	{ "getegid", 50 },
130	{ "getegid32", 202 },
131	{ "geteuid", 49 },
132	{ "geteuid32", 201 },
133	{ "getgid", 47 },
134	{ "getgid32", 200 },
135	{ "getgroups", 80 },
136	{ "getgroups32", 205 },
137	{ "getitimer", 105 },
138	{ "getpeername", 368 },
139	{ "getpgid", 132 },
140	{ "getpgrp", 65 },
141	{ "getpid", 20 },
142	{ "getpmsg", 188 },
143	{ "getppid", 64 },
144	{ "getpriority", 96 },
145	{ "getrandom", 355 },
146	{ "getresgid", 171 },
147	{ "getresgid32", 211 },
148	{ "getresuid", 165 },
149	{ "getresuid32", 209 },
150	{ "getrlimit", 76 },
151	{ "getrusage", 77 },
152	{ "getsid", 147 },
153	{ "getsockname", 367 },
154	{ "getsockopt", 365 },
155	{ "gettid", 224 },
156	{ "gettimeofday", 78 },
157	{ "getuid", 24 },
158	{ "getuid32", 199 },
159	{ "getxattr", 229 },
160	{ "gtty", 32 },
161	{ "idle", 112 },
162	{ "init_module", 128 },
163	{ "inotify_add_watch", 292 },
164	{ "inotify_init", 291 },
165	{ "inotify_init1", 332 },
166	{ "inotify_rm_watch", 293 },
167	{ "io_cancel", 249 },
168	{ "io_destroy", 246 },
169	{ "io_getevents", 247 },
170	{ "io_setup", 245 },
171	{ "io_submit", 248 },
172	{ "ioctl", 54 },
173	{ "ioperm", 101 },
174	{ "iopl", 110 },
175	{ "ioprio_get", 290 },
176	{ "ioprio_set", 289 },
177	{ "ipc", 117 },
178	{ "kcmp", 349 },
179	{ "kexec_file_load", __PNR_kexec_file_load },
180	{ "kexec_load", 283 },
181	{ "keyctl", 288 },
182	{ "kill", 37 },
183	{ "lchown", 16 },
184	{ "lchown32", 198 },
185	{ "lgetxattr", 230 },
186	{ "link", 9 },
187	{ "linkat", 303 },
188	{ "listen", 363 },
189	{ "listxattr", 232 },
190	{ "llistxattr", 233 },
191	{ "lock", 53 },
192	{ "lookup_dcookie", 253 },
193	{ "lremovexattr", 236 },
194	{ "lseek", 19 },
195	{ "lsetxattr", 227 },
196	{ "lstat", 107 },
197	{ "lstat64", 196 },
198	{ "madvise", 219 },
199	{ "mbind", 274 },
200	{ "membarrier", 375 },
201	{ "memfd_create", 356 },
202	{ "migrate_pages", 294 },
203	{ "mincore", 218 },
204	{ "mkdir", 39 },
205	{ "mkdirat", 296 },
206	{ "mknod", 14 },
207	{ "mknodat", 297 },
208	{ "mlock", 150 },
209	{ "mlock2", 376 },
210	{ "mlockall", 152 },
211	{ "mmap", 90 },
212	{ "mmap2", 192 },
213	{ "modify_ldt", 123 },
214	{ "mount", 21 },
215	{ "move_pages", 317 },
216	{ "mprotect", 125 },
217	{ "mpx", 56 },
218	{ "mq_getsetattr", 282 },
219	{ "mq_notify", 281 },
220	{ "mq_open", 277 },
221	{ "mq_timedreceive", 280 },
222	{ "mq_timedsend", 279 },
223	{ "mq_unlink", 278 },
224	{ "mremap", 163 },
225	{ "msgctl", __PNR_msgctl },
226	{ "msgget", __PNR_msgget },
227	{ "msgrcv", __PNR_msgrcv },
228	{ "msgsnd", __PNR_msgsnd },
229	{ "msync", 144 },
230	{ "multiplexer", __PNR_multiplexer },
231	{ "munlock", 151 },
232	{ "munlockall", 153 },
233	{ "munmap", 91 },
234	{ "name_to_handle_at", 341 },
235	{ "nanosleep", 162 },
236	{ "newfstatat", __PNR_newfstatat },
237	{ "nfsservctl", 169 },
238	{ "nice", 34 },
239	{ "oldfstat", 28 },
240	{ "oldlstat", 84 },
241	{ "oldolduname", 59 },
242	{ "oldstat", 18 },
243	{ "olduname", 109 },
244	{ "oldwait4", __PNR_oldwait4 },
245	{ "open", 5 },
246	{ "open_by_handle_at", 342 },
247	{ "openat", 295 },
248	{ "pause", 29 },
249	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
250	{ "pciconfig_read", __PNR_pciconfig_read },
251	{ "pciconfig_write", __PNR_pciconfig_write },
252	{ "perf_event_open", 336 },
253	{ "personality", 136 },
254	{ "pipe", 42 },
255	{ "pipe2", 331 },
256	{ "pivot_root", 217 },
257	{ "poll", 168 },
258	{ "ppoll", 309 },
259	{ "prctl", 172 },
260	{ "pread64", 180 },
261	{ "preadv", 333 },
262	{ "prlimit64", 340 },
263	{ "process_vm_readv", 347 },
264	{ "process_vm_writev", 348 },
265	{ "prof", 44 },
266	{ "profil", 98 },
267	{ "pselect6", 308 },
268	{ "ptrace", 26 },
269	{ "putpmsg", 189 },
270	{ "pwrite64", 181 },
271	{ "pwritev", 334 },
272	{ "query_module", 167 },
273	{ "quotactl", 131 },
274	{ "read", 3 },
275	{ "readahead", 225 },
276	{ "readdir", 89 },
277	{ "readlink", 85 },
278	{ "readlinkat", 305 },
279	{ "readv", 145 },
280	{ "reboot", 88 },
281	{ "recv", __PNR_recv },
282	{ "recvfrom", 371 },
283	{ "recvmmsg", 337 },
284	{ "recvmsg", 372 },
285	{ "remap_file_pages", 257 },
286	{ "removexattr", 235 },
287	{ "rename", 38 },
288	{ "renameat", 302 },
289	{ "renameat2", 353 },
290	{ "request_key", 287 },
291	{ "restart_syscall", 0 },
292	{ "rmdir", 40 },
293	{ "rt_sigaction", 174 },
294	{ "rt_sigpending", 176 },
295	{ "rt_sigprocmask", 175 },
296	{ "rt_sigqueueinfo", 178 },
297	{ "rt_sigreturn", 173 },
298	{ "rt_sigsuspend", 179 },
299	{ "rt_sigtimedwait", 177 },
300	{ "rt_tgsigqueueinfo", 335 },
301	{ "rtas", __PNR_rtas },
302	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
303	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
304	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
305	{ "sched_get_priority_max", 159 },
306	{ "sched_get_priority_min", 160 },
307	{ "sched_getaffinity", 242 },
308	{ "sched_getattr", 352 },
309	{ "sched_getparam", 155 },
310	{ "sched_getscheduler", 157 },
311	{ "sched_rr_get_interval", 161 },
312	{ "sched_setaffinity", 241 },
313	{ "sched_setattr", 351 },
314	{ "sched_setparam", 154 },
315	{ "sched_setscheduler", 156 },
316	{ "sched_yield", 158 },
317	{ "seccomp", 354 },
318	{ "security", __PNR_security },
319	{ "select", 82 },
320	{ "semctl", __PNR_semctl },
321	{ "semget", __PNR_semget },
322	{ "semop", __PNR_semop },
323	{ "semtimedop", __PNR_semtimedop },
324	{ "send", __PNR_send },
325	{ "sendfile", 187 },
326	{ "sendfile64", 239 },
327	{ "sendmmsg", 345 },
328	{ "sendmsg", 370 },
329	{ "sendto", 369 },
330	{ "set_mempolicy", 276 },
331	{ "set_robust_list", 311 },
332	{ "set_thread_area", 243 },
333	{ "set_tid_address", 258 },
334	{ "set_tls", __PNR_set_tls },
335	{ "setdomainname", 121 },
336	{ "setfsgid", 139 },
337	{ "setfsgid32", 216 },
338	{ "setfsuid", 138 },
339	{ "setfsuid32", 215 },
340	{ "setgid", 46 },
341	{ "setgid32", 214 },
342	{ "setgroups", 81 },
343	{ "setgroups32", 206 },
344	{ "sethostname", 74 },
345	{ "setitimer", 104 },
346	{ "setns", 346 },
347	{ "setpgid", 57 },
348	{ "setpriority", 97 },
349	{ "setregid", 71 },
350	{ "setregid32", 204 },
351	{ "setresgid", 170 },
352	{ "setresgid32", 210 },
353	{ "setresuid", 164 },
354	{ "setresuid32", 208 },
355	{ "setreuid", 70 },
356	{ "setreuid32", 203 },
357	{ "setrlimit", 75 },
358	{ "setsid", 66 },
359	{ "setsockopt", 366 },
360	{ "settimeofday", 79 },
361	{ "setuid", 23 },
362	{ "setuid32", 213 },
363	{ "setxattr", 226 },
364	{ "sgetmask", 68 },
365	{ "shmat", __PNR_shmat },
366	{ "shmctl", __PNR_shmctl },
367	{ "shmdt", __PNR_shmdt },
368	{ "shmget", __PNR_shmget },
369	{ "shutdown", 373 },
370	{ "sigaction", 67 },
371	{ "sigaltstack", 186 },
372	{ "signal", 48 },
373	{ "signalfd", 321 },
374	{ "signalfd4", 327 },
375	{ "sigpending", 73 },
376	{ "sigprocmask", 126 },
377	{ "sigreturn", 119 },
378	{ "sigsuspend", 72 },
379	{ "socket", 359 },
380	{ "socketcall", 102 },
381	{ "socketpair", 360 },
382	{ "splice", 313 },
383	{ "spu_create", __PNR_spu_create },
384	{ "spu_run", __PNR_spu_run },
385	{ "ssetmask", 69 },
386	{ "stat", 106 },
387	{ "stat64", 195 },
388	{ "statfs", 99 },
389	{ "statfs64", 268 },
390	{ "stime", 25 },
391	{ "stty", 31 },
392	{ "subpage_prot", __PNR_subpage_prot },
393	{ "swapcontext", __PNR_swapcontext },
394	{ "swapoff", 115 },
395	{ "swapon", 87 },
396	{ "switch_endian", __PNR_switch_endian },
397	{ "symlink", 83 },
398	{ "symlinkat", 304 },
399	{ "sync", 36 },
400	{ "sync_file_range", 314 },
401	{ "sync_file_range2", __PNR_sync_file_range2 },
402	{ "syncfs", 344 },
403	{ "syscall", __PNR_syscall },
404	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
405	{ "sysfs", 135 },
406	{ "sysinfo", 116 },
407	{ "syslog", 103 },
408	{ "sysmips", __PNR_sysmips },
409	{ "tee", 315 },
410	{ "tgkill", 270 },
411	{ "time", 13 },
412	{ "timer_create", 259 },
413	{ "timer_delete", 263 },
414	{ "timer_getoverrun", 262 },
415	{ "timer_gettime", 261 },
416	{ "timer_settime", 260 },
417	{ "timerfd", __PNR_timerfd },
418	{ "timerfd_create", 322 },
419	{ "timerfd_gettime", 326 },
420	{ "timerfd_settime", 325 },
421	{ "times", 43 },
422	{ "tkill", 238 },
423	{ "truncate", 92 },
424	{ "truncate64", 193 },
425	{ "tuxcall", __PNR_tuxcall },
426	{ "ugetrlimit", 191 },
427	{ "ulimit", 58 },
428	{ "umask", 60 },
429	{ "umount", 22 },
430	{ "umount2", 52 },
431	{ "uname", 122 },
432	{ "unlink", 10 },
433	{ "unlinkat", 301 },
434	{ "unshare", 310 },
435	{ "uselib", 86 },
436	{ "userfaultfd", 374 },
437	{ "usr26", __PNR_usr26 },
438	{ "usr32", __PNR_usr32 },
439	{ "ustat", 62 },
440	{ "utime", 30 },
441	{ "utimensat", 320 },
442	{ "utimes", 271 },
443	{ "vfork", 190 },
444	{ "vhangup", 111 },
445	{ "vm86", 166 },
446	{ "vm86old", 113 },
447	{ "vmsplice", 316 },
448	{ "vserver", 273 },
449	{ "wait4", 114 },
450	{ "waitid", 284 },
451	{ "waitpid", 7 },
452	{ "write", 4 },
453	{ "writev", 146 },
454	{ NULL, __NR_SCMP_ERROR },
455	};
456
457	/**
458	* Resolve a syscall name to a number
459	* @param name the syscall name
460	*
461	* Resolve the given syscall name to the syscall number using the syscall table.
462	* Returns the syscall number on success, including negative pseudo syscall
463	* numbers; returns __NR_SCMP_ERROR on failure.
464	*
465	*/
466	int x86_syscall_resolve_name(const char *name)
467	{
468	unsigned int iter;
469	const struct arch_syscall_def *table = x86_syscall_table;
470
471	/* XXX - plenty of room for future improvement here */
472
473	if (strcmp(name, "accept") == 0)
474	return __PNR_accept;
475	if (strcmp(name, "accept4") == 0)
476	return __PNR_accept4;
477	else if (strcmp(name, "bind") == 0)
478	return __PNR_bind;
479	else if (strcmp(name, "connect") == 0)
480	return __PNR_connect;
481	else if (strcmp(name, "getpeername") == 0)
482	return __PNR_getpeername;
483	else if (strcmp(name, "getsockname") == 0)
484	return __PNR_getsockname;
485	else if (strcmp(name, "getsockopt") == 0)
486	return __PNR_getsockopt;
487	else if (strcmp(name, "listen") == 0)
488	return __PNR_listen;
489	else if (strcmp(name, "recv") == 0)
490	return __PNR_recv;
491	else if (strcmp(name, "recvfrom") == 0)
492	return __PNR_recvfrom;
493	else if (strcmp(name, "recvmsg") == 0)
494	return __PNR_recvmsg;
495	else if (strcmp(name, "recvmmsg") == 0)
496	return __PNR_recvmmsg;
497	else if (strcmp(name, "send") == 0)
498	return __PNR_send;
499	else if (strcmp(name, "sendmsg") == 0)
500	return __PNR_sendmsg;
501	else if (strcmp(name, "sendmmsg") == 0)
502	return __PNR_sendmmsg;
503	else if (strcmp(name, "sendto") == 0)
504	return __PNR_sendto;
505	else if (strcmp(name, "setsockopt") == 0)
506	return __PNR_setsockopt;
507	else if (strcmp(name, "shutdown") == 0)
508	return __PNR_shutdown;
509	else if (strcmp(name, "socket") == 0)
510	return __PNR_socket;
511	else if (strcmp(name, "socketpair") == 0)
512	return __PNR_socketpair;
513
514	for (iter = 0; table[iter].name != NULL; iter++) {
515	if (strcmp(name, table[iter].name) == 0)
516	return table[iter].num;
517	}
518
519	return __NR_SCMP_ERROR;
520	}
521
522	/**
523	* Resolve a syscall number to a name
524	* @param num the syscall number
525	*
526	* Resolve the given syscall number to the syscall name using the syscall table.
527	* Returns a pointer to the syscall name string on success, including pseudo
528	* syscall names; returns NULL on failure.
529	*
530	*/
531	const char *x86_syscall_resolve_num(int num)
532	{
533	unsigned int iter;
534	const struct arch_syscall_def *table = x86_syscall_table;
535
536	/* XXX - plenty of room for future improvement here */
537
538	if (num == __PNR_accept)
539	return "accept";
540	else if (num == __PNR_accept4)
541	return "accept4";
542	else if (num == __PNR_bind)
543	return "bind";
544	else if (num == __PNR_connect)
545	return "connect";
546	else if (num == __PNR_getpeername)
547	return "getpeername";
548	else if (num == __PNR_getsockname)
549	return "getsockname";
550	else if (num == __PNR_getsockopt)
551	return "getsockopt";
552	else if (num == __PNR_listen)
553	return "listen";
554	else if (num == __PNR_recv)
555	return "recv";
556	else if (num == __PNR_recvfrom)
557	return "recvfrom";
558	else if (num == __PNR_recvmsg)
559	return "recvmsg";
560	else if (num == __PNR_recvmmsg)
561	return "recvmmsg";
562	else if (num == __PNR_send)
563	return "send";
564	else if (num == __PNR_sendmsg)
565	return "sendmsg";
566	else if (num == __PNR_sendmmsg)
567	return "sendmmsg";
568	else if (num == __PNR_sendto)
569	return "sendto";
570	else if (num == __PNR_setsockopt)
571	return "setsockopt";
572	else if (num == __PNR_shutdown)
573	return "shutdown";
574	else if (num == __PNR_socket)
575	return "socket";
576	else if (num == __PNR_socketpair)
577	return "socketpair";
578
579	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
580	if (num == table[iter].num)
581	return table[iter].name;
582	}
583
584	return NULL;
585	}
586
587	/**
588	* Iterate through the syscall table and return the syscall name
589	* @param spot the offset into the syscall table
590	*
591	* Return the syscall name at position @spot or NULL on failure. This function
592	* should only ever be used internally by libseccomp.
593	*
594	*/
595	const char *x86_syscall_iterate_name(unsigned int spot)
596	{
597	/* XXX - no safety checks here */
598	return x86_syscall_table[spot].name;
599	}