]>
iEval git - linux-seccomp.git/blob - libseccomp/src/arch-syscall-validate
4 # libseccomp syscall validation script
6 # Copyright (c) 2014 Red Hat <pmoore@redhat.com>
7 # Author: Paul Moore <paul@paul-moore.com>
11 # This library is free software; you can redistribute it and/or modify it
12 # under the terms of version 2.1 of the GNU Lesser General Public License as
13 # published by the Free Software Foundation.
15 # This library is distributed in the hope that it will be useful, but WITHOUT
16 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
20 # You should have received a copy of the GNU Lesser General Public License
21 # along with this library; if not, see <http://www.gnu.org/licenses>.
24 LIB_SYS_DUMP
="./arch-syscall-dump"
33 # 1 Dependency to check for
35 function check_deps
() {
36 [[ -z "$1" ]] && return
37 which "$1" >& /dev
/null
42 # Dependency verification
45 # 1 Dependency to check for
47 function verify_deps
() {
48 [[ -z "$1" ]] && return
49 if ! check_deps
"$1"; then
50 echo "error: install \"$1\" and include it in your \$PATH"
56 # Print out script usage details
60 usage: arch-syscall-validate [-h] [-a <arch>] <kernel_directory>
62 libseccomp syscall validation script
64 -h show this help message and exit
66 -l output the library's syscall definitions
67 -s output the system's syscall definitions
72 # Dump the library syscall table for a given architecture
79 # Dump the library's syscall table to stdout.
81 function dump_lib_arch
() {
86 [[ -n $2 ]] && offset_str
="-o $2"
87 $LIB_SYS_DUMP -a $1 $offset_str |
sed -e '/[^\t]\+\t-[0-9]\+/d'
91 # Dump the x86 system syscall table
94 # 1 path to the kernel source
96 # Dump the architecture's syscall table to stdout.
98 function dump_sys_x86
() {
99 cat $1/arch
/x86
/entry
/syscalls
/syscall_32.tbl | \
100 grep -v "^#" |
awk '{ print $3"\t"$1 }' |
sed '/^[ \t]*$/d' | \
105 # Dump the x86 library syscall table
107 # Dump the library's syscall table to stdout.
109 function dump_lib_x86
() {
114 # Dump the x86_64 system syscall table
117 # 1 path to the kernel source
119 # Dump the architecture's syscall table to stdout.
121 function dump_sys_x86_64
() {
122 cat $1/arch
/x86
/entry
/syscalls
/syscall_64.tbl | \
123 grep -v "^#" |
awk '{ print $2,$3,$1 }' |
sed -e '/^x32/d' | \
124 awk '{ print $2"\t"$3 }' |
sed '/^[ \t]*$/d' |
sort
128 # Dump the x86_64 library syscall table
130 # Dump the library's syscall table to stdout.
132 function dump_lib_x86_64
() {
137 # Dump the x32 system syscall table
140 # 1 path to the kernel source
142 # Dump the architecture's syscall table to stdout.
144 function dump_sys_x32
() {
145 cat $1/arch
/x86
/entry
/syscalls
/syscall_64.tbl | \
146 grep -v "^#" |
awk '{ print $2,$3,$1 }' |
sed -e '/^64/d' | \
147 awk '{ print $2"\t"$3 }' |
sed '/^[ \t]*$/d' |
sort
151 # Dump the x32 library syscall table
153 # Dump the library's syscall table to stdout.
155 function dump_lib_x32
() {
156 # 1073741824 == 0x40000000
157 dump_lib_arch x32
1073741824
161 # Dump the arm system syscall table
164 # 1 path to the kernel source
166 # Dump the architecture's syscall table to stdout.
168 function dump_sys_arm
() {
169 # NOTE: arm_sync_file_range() and sync_file_range2() share values
170 gcc
-E -dM -D__ARM_EABI__ $1/arch
/arm
/include
/uapi
/asm
/unistd.h | \
171 grep "^#define __\(ARM_\)*NR_" | \
172 grep -v "^#define __NR_OABI_SYSCALL_BASE" | \
173 grep -v "^#define __NR_SYSCALL_BASE" | \
174 grep -v "^#define __ARM_NR_BASE" | \
175 sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_SYSCALL_BASE[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/;s/#define[ \t]\+__ARM_NR_\([^ \t]\+\)[ \t]\+(__ARM_NR_BASE[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t983040 + \2/' | \
176 while read line
; do \
177 if echo "$line" |
grep -q "+"; then \
178 echo "$line" |
awk '{ print $1"\t"$2+$4 }'; \
183 sed -e '/#define __NR_sync_file_range2[ \t]\+__NR_arm_sync_file_range/d' | \
188 # Dump the arm library syscall table
190 # Dump the library's syscall table to stdout.
192 function dump_lib_arm
() {
193 # NOTE: arm_sync_file_range() and sync_file_range2() share values
194 dump_lib_arch arm |
sed -e '/sync_file_range2[ \t]\+341/d'
198 # Dump the aarch64 system syscall table
201 # 1 path to the kernel source
203 # Dump the architecture's syscall table to stdout.
205 function dump_sys_aarch64
() {
206 gcc
-E -dM -I$1/include
/uapi
-D__BITS_PER_LONG=64 $1/include
/uapi
/asm-generic
/unistd.h | \
207 grep "^#define __NR_" | \
208 sed -e '/__NR_syscalls/d' | \
209 sed -e '/__NR_arch_specific_syscall/d' | \
210 sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+\(.*\)/\1\t\2/' | \
211 sed -e 's/__NR3264_statfs/43/' | \
212 sed -e 's/__NR3264_ftruncate/46/' | \
213 sed -e 's/__NR3264_truncate/45/' | \
214 sed -e 's/__NR3264_lseek/62/' | \
215 sed -e 's/__NR3264_sendfile/71/' | \
216 sed -e 's/__NR3264_fstatat/79/' | \
217 sed -e 's/__NR3264_fstatfs/44/' | \
218 sed -e 's/__NR3264_fcntl/25/' | \
219 sed -e 's/__NR3264_fadvise64/223/' | \
220 sed -e 's/__NR3264_mmap/222/' | \
221 sed -e 's/__NR3264_fstat/80/' | \
222 sed -e 's/__NR3264_lstat/1039/' | \
223 sed -e 's/__NR3264_stat/1038/' | \
228 # Dump the aarch64 library syscall table
230 # Dump the library's syscall table to stdout.
232 function dump_lib_aarch64
() {
233 dump_lib_arch aarch64
237 # Dump the mips system syscall table
240 # 1 path to the kernel source
242 # Dump the architecture's syscall table to stdout.
244 function dump_sys_mips
() {
246 # _MIPS_SIM_ABI32 == 1
247 # _MIPS_SIM_NABI32 == 2
248 # _MIPS_SIM_ABI64 == 3
249 gcc
-E -dM -I$1/arch
/mips
/include
/uapi
-D_MIPS_SIM=1 $1/arch
/mips
/include
/uapi
/asm
/unistd.h | \
250 grep "^#define __NR_" | \
251 grep -v "^#define __NR_O32_" | \
252 grep -v "^#define __NR_N32_" | \
253 grep -v "^#define __NR_64_" | \
254 grep -v "^#define __NR_Linux" | \
255 grep -v "^#define __NR_unused" | \
256 grep -v "^#define __NR_reserved" | \
257 sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_Linux[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/' | \
262 # Dump the mips library syscall table
264 # Dump the library's syscall table to stdout.
266 function dump_lib_mips
() {
267 dump_lib_arch mips
4000
271 # Dump the mips64 system syscall table
274 # 1 path to the kernel source
276 # Dump the architecture's syscall table to stdout.
278 function dump_sys_mips64
() {
280 # _MIPS_SIM_ABI32 == 1
281 # _MIPS_SIM_NABI32 == 2
282 # _MIPS_SIM_ABI64 == 3
283 gcc
-E -dM -I$1/arch
/mips
/include
/uapi
-D_MIPS_SIM=3 $1/arch
/mips
/include
/uapi
/asm
/unistd.h | \
284 grep "^#define __NR_" | \
285 grep -v "^#define __NR_O32_" | \
286 grep -v "^#define __NR_N32_" | \
287 grep -v "^#define __NR_64_" | \
288 grep -v "^#define __NR_Linux" | \
289 grep -v "^#define __NR_unused" | \
290 grep -v "^#define __NR_reserved" | \
291 sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_Linux[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/' | \
296 # Dump the mips64 library syscall table
298 # Dump the library's syscall table to stdout.
300 function dump_lib_mips64
() {
301 dump_lib_arch mips64
5000
305 # Dump the mips64n32 system syscall table
308 # 1 path to the kernel source
310 # Dump the architecture's syscall table to stdout.
312 function dump_sys_mips64n32
() {
314 # _MIPS_SIM_ABI32 == 1
315 # _MIPS_SIM_NABI32 == 2
316 # _MIPS_SIM_ABI64 == 3
317 gcc
-E -dM -I$1/arch
/mips
/include
/uapi
-D_MIPS_SIM=2 $1/arch
/mips
/include
/uapi
/asm
/unistd.h | \
318 grep "^#define __NR_" | \
319 grep -v "^#define __NR_O32_" | \
320 grep -v "^#define __NR_N32_" | \
321 grep -v "^#define __NR_64_" | \
322 grep -v "^#define __NR_Linux" | \
323 grep -v "^#define __NR_unused" | \
324 grep -v "^#define __NR_reserved" | \
325 sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_Linux[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/' | \
330 # Dump the mips64n32 library syscall table
332 # Dump the library's syscall table to stdout.
334 function dump_lib_mips64n32
() {
335 dump_lib_arch mips64n32
6000
339 # Dump the ppc system syscall table
342 # 1 path to the kernel source
344 # Dump the architecture's syscall table to stdout.
346 function dump_sys_ppc
() {
347 gcc
-E -dM $1/arch
/powerpc
/include
/uapi
/asm
/unistd.h | \
348 grep "^#define __NR_" | \
349 sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/' | \
354 # Dump the ppc library syscall table
356 # Dump the library's syscall table to stdout.
358 function dump_lib_ppc
() {
363 # Dump the ppc64 system syscall table
366 # 1 path to the kernel source
368 # Dump the architecture's syscall table to stdout.
370 function dump_sys_ppc64
() {
371 gcc
-E -dM -D__powerpc64__ $1/arch
/powerpc
/include
/uapi
/asm
/unistd.h | \
372 grep "^#define __NR_" | \
373 sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/' | \
378 # Dump the ppc64 library syscall table
380 # Dump the library's syscall table to stdout.
382 function dump_lib_ppc64
() {
387 # Dump the s390 system syscall table
390 # 1 path to the kernel source
392 # Dump the architecture's syscall table to stdout.
394 function dump_sys_s390
() {
395 gcc
-E -dM $1/arch
/s390
/include
/uapi
/asm
/unistd.h |
grep __NR | \
396 sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_timer_create[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t254 + \2/' | \
397 while read line
; do \
398 if echo "$line" |
grep -q "+"; then \
399 echo "$line" |
awk '{ print $1"\t"$2+$4 }'; \
404 sed 's/#define __NR_//g' |
sed 's/ /\t/g' |
sort
408 # Dump the s390 library syscall table
410 # Dump the library's syscall table to stdout.
412 function dump_lib_s390
() {
417 # Dump the s390x system syscall table
420 # 1 path to the kernel source
422 # Dump the architecture's syscall table to stdout.
424 function dump_sys_s390x
() {
425 gcc
-E -dM -D __s390x__
$1/arch
/s390
/include
/uapi
/asm
/unistd.h |
grep __NR | \
426 sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_timer_create[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t254 + \2/' | \
427 while read line
; do \
428 if echo "$line" |
grep -q "+"; then \
429 echo "$line" |
awk '{ print $1"\t"$2+$4 }'; \
434 sed 's/#define __NR_//g' |
sed 's/ /\t/g' |
sort
438 # Dump the s390x library syscall table
440 # Dump the library's syscall table to stdout.
442 function dump_lib_s390x
() {
447 # Dump the system syscall table
451 # 2 path to the kernel source
453 # Dump the system's syscall table to stdout using the given architecture.
455 function dump_sys
() {
470 dump_sys_aarch64
"$2"
479 dump_sys_mips64n32
"$2"
503 # Dump the library syscall table
508 # Dump the library's syscall table to stdout using the given architecture.
510 function dump_lib
() {
565 if [[ ! -x $LIB_SYS_DUMP ]]; then
566 echo "error: \"$LIB_SYS_DUMP\" is not in the current working directory"
574 while getopts "a:slh" opt
; do
577 opt_arches
+="$OPTARG "
593 shift $
(($OPTIND - 1))
596 if [[ $opt_arches == "" ]]; then
600 mips mips64 mips64n32 \
607 if [[ -z $kernel_dir ]]; then
611 if [[ ! -d $kernel_dir ]]; then
612 echo "error: \"$1\" is not a valid directory"
616 # generate some temp files
617 tmp_lib
=$
(mktemp
-t syscall_validate_XXXXXX
)
618 tmp_sys
=$
(mktemp
-t syscall_validate_XXXXXX
)
620 # loop through the architectures and compare
621 for i
in $opt_arches; do
622 # dump the syscall tables
623 dump_lib
$i > $tmp_lib
624 if [[ $?
-ne 0 ]]; then
625 echo "error: unknown arch $i"
628 dump_sys
$i "$kernel_dir" > $tmp_sys
629 if [[ $?
-ne 0 ]]; then
630 echo "error: unknown arch $i"
634 if [[ $opt_lib -eq 1 ]]; then
636 elif [[ $opt_sys -eq 1 ]]; then
639 # compare the lib and sys output
640 diff -u --label="$i [library]" $tmp_lib \
641 --label "$i [system]" $tmp_sys
646 rm -f $tmp_lib $tmp_sys
This page took 0.0881110000000001 seconds and 4 git commands to generate.