From 941e7849250b432233b4c67304c29ec9cb242b15 Mon Sep 17 00:00:00 2001 From: Ruoqing He Date: Wed, 5 Mar 2025 16:19:23 +0800 Subject: [PATCH 1/3] tools: Support generate_syscall_tables with newer kernel Code structure reorganized. Now we need to install headers for each architecture, and extract the syscalls from `unistd_64.h`. Signed-off-by: Ruoqing He --- tools/generate_syscall_tables.sh | 73 +++++--------------------------- 1 file changed, 11 insertions(+), 62 deletions(-) diff --git a/tools/generate_syscall_tables.sh b/tools/generate_syscall_tables.sh index a08d0f0e..ce1bd307 100755 --- a/tools/generate_syscall_tables.sh +++ b/tools/generate_syscall_tables.sh @@ -25,67 +25,16 @@ PATH_TO_X86_TEST_TABLE="$ROOT_DIR/src/syscall_table/test_x86_64.rs" PATH_TO_AARCH64_TEST_TABLE="$ROOT_DIR/src/syscall_table/test_aarch64.rs" PATH_TO_RISCV64_TEST_TABLE="$ROOT_DIR/src/syscall_table/test_riscv64.rs" -generate_syscall_list_x86_64() { - # the table for x86_64 is nicely formatted here: - # linux/arch/x86/entry/syscalls/syscall_64.tbl - echo $(cat linux/arch/x86/entry/syscalls/syscall_64.tbl | grep -v "^#" | \ - grep -v -e '^$' | awk '{print $2,$3,$1}' | grep -v "^x32" | \ - awk '{print "(\""$2"\", "$3"),"}' | \ - sort -d) +install_header() { + make -C "$KERNEL_DIR/linux" ARCH="$1" INSTALL_HDR_PATH="$1-headers" headers_install &>/dev/null + echo $KERNEL_DIR/linux/$1-headers/include/asm/unistd_64.h } -generate_syscall_list_aarch64() { - # filter for substituting `#define`s that point to other macros; - # values taken from linux/include/uapi/asm-generic/unistd.h - replace+='s/__NR3264_fadvise64/223/;' - replace+='s/__NR3264_fcntl/25/;' - replace+='s/__NR3264_fstatat/79/;' - replace+='s/__NR3264_fstatfs/44/;' - replace+='s/__NR3264_fstat/80/;' - replace+='s/__NR3264_ftruncate/46/;' - replace+='s/__NR3264_lseek/62/;' - replace+='s/__NR3264_sendfile/71/;' - replace+='s/__NR3264_statfs/43/;' - replace+='s/__NR3264_truncate/45/;' - replace+='s/__NR3264_mmap/222/;' - - echo "$1" > $path_to_rust_file - - # the aarch64 syscall table is not located in a .tbl file, like x86; - # we run gcc's pre-processor to extract the numeric constants from header - # files. - echo $(gcc -Ilinux/include/uapi -E -dM -D__ARCH_WANT_RENAMEAT\ - -D__BITS_PER_LONG=64 linux/arch/arm64/include/uapi/asm/unistd.h |\ - grep "#define __NR_" | grep -v "__NR_syscalls" |\ - grep -v "__NR_arch_specific_syscall" | awk -F '__NR_' '{print $2}' |\ - sed $replace | awk '{ print "(\""$1"\", "$2")," }' | sort -d) -} - -generate_syscall_list_riscv64() { - # filter for substituting `#define`s that point to other macros; - # values taken from linux/include/uapi/asm-generic/unistd.h - replace+='s/__NR3264_fadvise64/223/;' - replace+='s/__NR3264_fcntl/25/;' - replace+='s/__NR3264_fstatat/79/;' - replace+='s/__NR3264_fstatfs/44/;' - replace+='s/__NR3264_fstat/80/;' - replace+='s/__NR3264_ftruncate/46/;' - replace+='s/__NR3264_lseek/62/;' - replace+='s/__NR3264_sendfile/71/;' - replace+='s/__NR3264_statfs/43/;' - replace+='s/__NR3264_truncate/45/;' - replace+='s/__NR3264_mmap/222/;' - - echo "$1" > $path_to_rust_file - - # the riscv64 syscall table is not located in a .tbl file, like x86; - # we run gcc's pre-processor to extract the numeric constants from header - # files. - echo $(gcc -Ilinux/include/uapi -E -dM \ - -D__BITS_PER_LONG=64 linux/arch/riscv/include/uapi/asm/unistd.h |\ - grep "#define __NR_" | grep -v "__NR_syscalls" |\ - grep -v "__NR_arch_specific_syscall" | awk -F '__NR_' '{print $2}' |\ - sed $replace | awk '{ print "(\""$1"\", "$2")," }' | sort -d) +generate_syscall_list() { + syscall_header=$(install_header $1) + echo $(cat ${syscall_header} | grep "#define __NR_" |\ + grep -v "__NR_syscalls" | grep -v "__NR_arch_specific_syscall" |\ + awk -F '__NR_' '{print $2}' | awk '{ print "(\""$1"\", "$2")," }' | sort -d) } write_rust_syscall_table() { @@ -94,11 +43,11 @@ write_rust_syscall_table() { path_to_rust_file=$3 if [ "$platform" == "x86_64" ]; then - syscall_list=$(generate_syscall_list_x86_64) + syscall_list=$(generate_syscall_list x86_64) elif [ "$platform" == "aarch64" ]; then - syscall_list=$(generate_syscall_list_aarch64) + syscall_list=$(generate_syscall_list arm64) elif [ "$platform" == "riscv64" ]; then - syscall_list=$(generate_syscall_list_riscv64) + syscall_list=$(generate_syscall_list riscv) else die "Invalid platform" fi From c4f8e6d2a0541dfee4def0f1f4e3528b7545c7fe Mon Sep 17 00:00:00 2001 From: Ruoqing He Date: Fri, 24 Jan 2025 09:51:24 +0800 Subject: [PATCH 2/3] syscall_table: Update to v6.12 kernel syscall Some of our downstream communities are moving to 6.12 kernel, regenerated `syscall_table` from 6.12 kernel source to catch up. Signed-off-by: Ruoqing He --- src/syscall_table/aarch64.rs | 28 +++++++++++++++++++++++++--- src/syscall_table/riscv64.rs | 28 ++++++++++++++++++++++++++-- src/syscall_table/x86_64.rs | 29 ++++++++++++++++++++++++++--- 3 files changed, 77 insertions(+), 8 deletions(-) diff --git a/src/syscall_table/aarch64.rs b/src/syscall_table/aarch64.rs index e3939fbe..b8d4e992 100644 --- a/src/syscall_table/aarch64.rs +++ b/src/syscall_table/aarch64.rs @@ -1,10 +1,10 @@ -// Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. +// Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR BSD-3-Clause // This file is auto-generated by `tools/generate_syscall_tables`. // Do NOT manually edit! -// Generated on: Mon Jan 17 17:30:54 UTC 2022 -// Kernel version: 5.10 +// Generated on: Sat Dec 14 01:47:02 PM CST 2024 +// Kernel version: 6.12 use std::collections::HashMap; @@ -18,6 +18,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("bind", 200), ("bpf", 280), ("brk", 214), + ("cachestat", 451), ("capget", 90), ("capset", 91), ("chdir", 49), @@ -39,6 +40,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("epoll_create1", 20), ("epoll_ctl", 21), ("epoll_pwait", 22), + ("epoll_pwait2", 441), ("eventfd2", 19), ("execve", 221), ("execveat", 281), @@ -53,6 +55,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("fchdir", 50), ("fchmod", 52), ("fchmodat", 53), + ("fchmodat2", 452), ("fchown", 55), ("fchownat", 54), ("fcntl", 25), @@ -72,6 +75,10 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("fsync", 82), ("ftruncate", 46), ("futex", 98), + ("futex_requeue", 456), + ("futex_wait", 455), + ("futex_waitv", 449), + ("futex_wake", 454), ("getcpu", 168), ("getcwd", 17), ("getdents64", 61), @@ -120,19 +127,28 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("kexec_load", 104), ("keyctl", 219), ("kill", 129), + ("landlock_add_rule", 445), + ("landlock_create_ruleset", 444), + ("landlock_restrict_self", 446), ("lgetxattr", 9), ("linkat", 37), ("listen", 201), + ("listmount", 458), ("listxattr", 11), ("llistxattr", 12), ("lookup_dcookie", 18), ("lremovexattr", 15), ("lseek", 62), ("lsetxattr", 6), + ("lsm_get_self_attr", 459), + ("lsm_list_modules", 461), + ("lsm_set_self_attr", 460), ("madvise", 233), + ("map_shadow_stack", 453), ("mbind", 235), ("membarrier", 283), ("memfd_create", 279), + ("memfd_secret", 447), ("migrate_pages", 238), ("mincore", 232), ("mkdirat", 34), @@ -142,6 +158,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("mlockall", 230), ("mmap", 222), ("mount", 40), + ("mount_setattr", 442), ("move_mount", 429), ("move_pages", 239), ("mprotect", 226), @@ -152,6 +169,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("mq_timedsend", 182), ("mq_unlink", 181), ("mremap", 216), + ("mseal", 462), ("msgctl", 187), ("msgget", 186), ("msgrcv", 188), @@ -185,6 +203,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("preadv2", 286), ("prlimit64", 261), ("process_madvise", 440), + ("process_mrelease", 448), ("process_vm_readv", 270), ("process_vm_writev", 271), ("pselect6", 72), @@ -193,6 +212,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("pwritev", 70), ("pwritev2", 287), ("quotactl", 60), + ("quotactl_fd", 443), ("read", 63), ("readahead", 213), ("readlinkat", 78), @@ -245,6 +265,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("sethostname", 161), ("setitimer", 103), ("set_mempolicy", 237), + ("set_mempolicy_home_node", 450), ("setns", 268), ("setpgid", 154), ("setpriority", 140), @@ -271,6 +292,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("socketpair", 199), ("splice", 76), ("statfs", 43), + ("statmount", 457), ("statx", 291), ("swapoff", 225), ("swapon", 224), diff --git a/src/syscall_table/riscv64.rs b/src/syscall_table/riscv64.rs index b01285e0..ea5b0c5b 100644 --- a/src/syscall_table/riscv64.rs +++ b/src/syscall_table/riscv64.rs @@ -3,8 +3,8 @@ // This file is auto-generated by `tools/generate_syscall_tables`. // Do NOT manually edit! -// Generated on: Thu Dec 5 19:14:32 HKT 2024 -// Kernel version: 5.10 +// Generated on: Sat Dec 14 01:47:02 PM CST 2024 +// Kernel version: 6.12 use std::collections::HashMap; @@ -18,6 +18,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("bind", 200), ("bpf", 280), ("brk", 214), + ("cachestat", 451), ("capget", 90), ("capset", 91), ("chdir", 49), @@ -39,6 +40,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("epoll_create1", 20), ("epoll_ctl", 21), ("epoll_pwait", 22), + ("epoll_pwait2", 441), ("eventfd2", 19), ("execve", 221), ("execveat", 281), @@ -53,6 +55,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("fchdir", 50), ("fchmod", 52), ("fchmodat", 53), + ("fchmodat2", 452), ("fchown", 55), ("fchownat", 54), ("fcntl", 25), @@ -72,6 +75,10 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("fsync", 82), ("ftruncate", 46), ("futex", 98), + ("futex_requeue", 456), + ("futex_wait", 455), + ("futex_waitv", 449), + ("futex_wake", 454), ("getcpu", 168), ("getcwd", 17), ("getdents64", 61), @@ -120,19 +127,28 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("kexec_load", 104), ("keyctl", 219), ("kill", 129), + ("landlock_add_rule", 445), + ("landlock_create_ruleset", 444), + ("landlock_restrict_self", 446), ("lgetxattr", 9), ("linkat", 37), ("listen", 201), + ("listmount", 458), ("listxattr", 11), ("llistxattr", 12), ("lookup_dcookie", 18), ("lremovexattr", 15), ("lseek", 62), ("lsetxattr", 6), + ("lsm_get_self_attr", 459), + ("lsm_list_modules", 461), + ("lsm_set_self_attr", 460), ("madvise", 233), + ("map_shadow_stack", 453), ("mbind", 235), ("membarrier", 283), ("memfd_create", 279), + ("memfd_secret", 447), ("migrate_pages", 238), ("mincore", 232), ("mkdirat", 34), @@ -142,6 +158,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("mlockall", 230), ("mmap", 222), ("mount", 40), + ("mount_setattr", 442), ("move_mount", 429), ("move_pages", 239), ("mprotect", 226), @@ -152,6 +169,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("mq_timedsend", 182), ("mq_unlink", 181), ("mremap", 216), + ("mseal", 462), ("msgctl", 187), ("msgget", 186), ("msgrcv", 188), @@ -185,6 +203,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("preadv2", 286), ("prlimit64", 261), ("process_madvise", 440), + ("process_mrelease", 448), ("process_vm_readv", 270), ("process_vm_writev", 271), ("pselect6", 72), @@ -193,6 +212,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("pwritev", 70), ("pwritev2", 287), ("quotactl", 60), + ("quotactl_fd", 443), ("read", 63), ("readahead", 213), ("readlinkat", 78), @@ -206,6 +226,8 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("renameat2", 276), ("request_key", 218), ("restart_syscall", 128), + ("riscv_flush_icache", 259), + ("riscv_hwprobe", 258), ("rseq", 293), ("rt_sigaction", 134), ("rt_sigpending", 136), @@ -244,6 +266,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("sethostname", 161), ("setitimer", 103), ("set_mempolicy", 237), + ("set_mempolicy_home_node", 450), ("setns", 268), ("setpgid", 154), ("setpriority", 140), @@ -270,6 +293,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("socketpair", 199), ("splice", 76), ("statfs", 43), + ("statmount", 457), ("statx", 291), ("swapoff", 225), ("swapon", 224), diff --git a/src/syscall_table/x86_64.rs b/src/syscall_table/x86_64.rs index 55f412b0..5bb83078 100644 --- a/src/syscall_table/x86_64.rs +++ b/src/syscall_table/x86_64.rs @@ -1,10 +1,10 @@ -// Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. +// Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR BSD-3-Clause // This file is auto-generated by `tools/generate_syscall_tables`. // Do NOT manually edit! -// Generated on: Mon Jan 17 17:30:54 UTC 2022 -// Kernel version: 5.10 +// Generated on: Sat Dec 14 01:47:02 PM CST 2024 +// Kernel version: 6.12 use std::collections::HashMap; @@ -22,6 +22,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("bind", 49), ("bpf", 321), ("brk", 12), + ("cachestat", 451), ("capget", 125), ("capset", 126), ("chdir", 80), @@ -50,6 +51,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("epoll_ctl", 233), ("epoll_ctl_old", 214), ("epoll_pwait", 281), + ("epoll_pwait2", 441), ("epoll_wait", 232), ("epoll_wait_old", 215), ("eventfd", 284), @@ -67,6 +69,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("fchdir", 81), ("fchmod", 91), ("fchmodat", 268), + ("fchmodat2", 452), ("fchown", 93), ("fchownat", 260), ("fcntl", 72), @@ -87,6 +90,10 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("fsync", 74), ("ftruncate", 77), ("futex", 202), + ("futex_requeue", 456), + ("futex_wait", 455), + ("futex_waitv", 449), + ("futex_wake", 454), ("futimesat", 261), ("getcpu", 309), ("getcwd", 79), @@ -144,22 +151,31 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("kexec_load", 246), ("keyctl", 250), ("kill", 62), + ("landlock_add_rule", 445), + ("landlock_create_ruleset", 444), + ("landlock_restrict_self", 446), ("lchown", 94), ("lgetxattr", 192), ("link", 86), ("linkat", 265), ("listen", 50), + ("listmount", 458), ("listxattr", 194), ("llistxattr", 195), ("lookup_dcookie", 212), ("lremovexattr", 198), ("lseek", 8), ("lsetxattr", 189), + ("lsm_get_self_attr", 459), + ("lsm_list_modules", 461), + ("lsm_set_self_attr", 460), ("lstat", 6), ("madvise", 28), + ("map_shadow_stack", 453), ("mbind", 237), ("membarrier", 324), ("memfd_create", 319), + ("memfd_secret", 447), ("migrate_pages", 256), ("mincore", 27), ("mkdir", 83), @@ -172,6 +188,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("mmap", 9), ("modify_ldt", 154), ("mount", 165), + ("mount_setattr", 442), ("move_mount", 429), ("move_pages", 279), ("mprotect", 10), @@ -182,6 +199,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("mq_timedsend", 242), ("mq_unlink", 241), ("mremap", 25), + ("mseal", 462), ("msgctl", 71), ("msgget", 68), ("msgrcv", 70), @@ -219,6 +237,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("preadv2", 327), ("prlimit64", 302), ("process_madvise", 440), + ("process_mrelease", 448), ("process_vm_readv", 310), ("process_vm_writev", 311), ("pselect6", 270), @@ -229,6 +248,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("pwritev2", 328), ("query_module", 178), ("quotactl", 179), + ("quotactl_fd", 443), ("read", 0), ("readahead", 187), ("readlink", 89), @@ -286,6 +306,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("sethostname", 170), ("setitimer", 38), ("set_mempolicy", 238), + ("set_mempolicy_home_node", 450), ("setns", 308), ("setpgid", 109), ("setpriority", 141), @@ -315,6 +336,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("splice", 275), ("stat", 4), ("statfs", 137), + ("statmount", 457), ("statx", 332), ("swapoff", 168), ("swapon", 167), @@ -348,6 +370,7 @@ pub(crate) fn make_syscall_table() -> HashMap<&'static str, i64> { ("unlink", 87), ("unlinkat", 263), ("unshare", 272), + ("uretprobe", 335), ("uselib", 134), ("userfaultfd", 323), ("ustat", 136), From 56fe67a56e4417f201c107c3b5894fab12f45464 Mon Sep 17 00:00:00 2001 From: Ruoqing He Date: Fri, 24 Jan 2025 09:52:20 +0800 Subject: [PATCH 3/3] CHANGELOG: Update CHANGELOG.md Update `CHANGELOG.md` and document the update of `syscall_tables` from v6.12 kernel source. Signed-off-by: Ruoqing He --- CHANGELOG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5eb82c4f..4ad4d7fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,12 @@ # Upcoming Release ## Added -- Support for riscv64 architecture is added +- [[#72]](https://github.com/rust-vmm/seccompiler/pull/72): Introduce RISC-V + 64-bit architecture support. + +## Changed +- [[#78]](https://github.com/rust-vmm/seccompiler/pull/78): Update + `syscall_tables` from v6.12 kernel source # v0.4.0