arm: fix some problems with the syscall table

The 32-bit ARM syscall table mistakenly included syscall definitions
for the syscalls below.  This patch redefines those syscalls to
libseccomp's pseudo-syscall numbers and corrects the
arch-syscall-validate to correctly list the 32-bit ARM syscalls.

 * time
 * umount
 * stime
 * alarm
 * utime
 * getrlimit
 * select
 * readdir
 * mmap
 * socketcall
 * syscall
 * ipc

Reported-by: Andreas Farber <afaerber@suse.de>
Signed-off-by: Paul Moore <pmoore@redhat.com>

include/seccomp.h.in

@@ -1424,6 +1424,16 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
 #define __NR_utimes		__PNR_utimes
 #endif /* __NR_utimes */
 
+#define __PNR_getrlimit		-10180
+#ifndef __NR_getrlimit
+#define __NR_getrlimit		__PNR_getrlimit
+#endif /* __NR_utimes */
+
+#define __PNR_mmap		-10181
+#ifndef __NR_mmap
+#define __NR_mmap		__PNR_mmap
+#endif /* __NR_utimes */
+
 #ifdef __cplusplus
 }
 #endif

src/arch-arm-syscalls.c

@@ -49,7 +49,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
 	{ "add_key", (__NR_SYSCALL_BASE + 309) },
 	{ "adjtimex", (__NR_SYSCALL_BASE + 124) },
 	{ "afs_syscall", __PNR_afs_syscall },
-	{ "alarm", (__NR_SYSCALL_BASE + 27) },
+	{ "alarm", __PNR_alarm },
 	{ "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) },
 	{ "arm_sync_file_range", (__NR_SYSCALL_BASE + 341) },
 	{ "arch_prctl", __PNR_arch_prctl },
@@ -156,7 +156,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
 	{ "getresgid32", (__NR_SYSCALL_BASE + 211) },
 	{ "getresuid", (__NR_SYSCALL_BASE + 165) },
 	{ "getresuid32", (__NR_SYSCALL_BASE + 209) },
-	{ "getrlimit", (__NR_SYSCALL_BASE + 76) },
+	{ "getrlimit", __PNR_getrlimit },
 	{ "getrusage", (__NR_SYSCALL_BASE + 77) },
 	{ "getsid", (__NR_SYSCALL_BASE + 147) },
 	{ "getsockname", (__NR_SYSCALL_BASE + 286) },
@@ -183,7 +183,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
 	{ "iopl", __PNR_iopl },
 	{ "ioprio_get", (__NR_SYSCALL_BASE + 315) },
 	{ "ioprio_set", (__NR_SYSCALL_BASE + 314) },
-	{ "ipc", (__NR_SYSCALL_BASE + 117) },
+	{ "ipc", __PNR_ipc },
 	{ "kcmp", (__NR_SYSCALL_BASE + 378) },
 	{ "kexec_file_load", __PNR_kexec_file_load },
 	{ "kexec_load", (__NR_SYSCALL_BASE + 347) },
@@ -215,7 +215,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
 	{ "mknodat", (__NR_SYSCALL_BASE + 324) },
 	{ "mlock", (__NR_SYSCALL_BASE + 150) },
 	{ "mlockall", (__NR_SYSCALL_BASE + 152) },
-	{ "mmap", (__NR_SYSCALL_BASE + 90) },
+	{ "mmap", __PNR_mmap },
 	{ "mmap2", (__NR_SYSCALL_BASE + 192) },
 	{ "modify_ldt", __PNR_modify_ldt },
 	{ "mount", (__NR_SYSCALL_BASE + 21) },
@@ -279,7 +279,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
 	{ "quotactl", (__NR_SYSCALL_BASE + 131) },
 	{ "read", (__NR_SYSCALL_BASE +  3) },
 	{ "readahead", (__NR_SYSCALL_BASE + 225) },
-	{ "readdir", (__NR_SYSCALL_BASE + 89) },
+	{ "readdir", __PNR_readdir },
 	{ "readlink", (__NR_SYSCALL_BASE + 85) },
 	{ "readlinkat", (__NR_SYSCALL_BASE + 332) },
 	{ "readv", (__NR_SYSCALL_BASE + 145) },
@@ -318,7 +318,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
 	{ "sched_yield", (__NR_SYSCALL_BASE + 158) },
 	{ "seccomp", (__NR_SYSCALL_BASE + 383) },
 	{ "security", __PNR_security },
-	{ "select", (__NR_SYSCALL_BASE + 82) },
+	{ "select", __PNR_select },
 	{ "semctl", (__NR_SYSCALL_BASE + 300) },
 	{ "semget", (__NR_SYSCALL_BASE + 299) },
 	{ "semop", (__NR_SYSCALL_BASE + 298) },
@@ -378,15 +378,15 @@ const struct arch_syscall_def arm_syscall_table[] = { \
 	{ "sigreturn", (__NR_SYSCALL_BASE + 119) },
 	{ "sigsuspend", (__NR_SYSCALL_BASE + 72) },
 	{ "socket", (__NR_SYSCALL_BASE + 281) },
-	{ "socketcall", (__NR_SYSCALL_BASE + 102) },
+	{ "socketcall", __PNR_socketcall },
 	{ "socketpair", (__NR_SYSCALL_BASE + 288) },
 	{ "splice", (__NR_SYSCALL_BASE + 340) },
 	{ "ssetmask", __PNR_ssetmask },
 	{ "stat", (__NR_SYSCALL_BASE + 106) },
 	{ "stat64", (__NR_SYSCALL_BASE + 195) },
 	{ "statfs", (__NR_SYSCALL_BASE + 99) },
 	{ "statfs64", (__NR_SYSCALL_BASE + 266) },
-	{ "stime", (__NR_SYSCALL_BASE + 25) },
+	{ "stime", __PNR_stime },
 	{ "stty", __PNR_stty },
 	{ "swapoff", (__NR_SYSCALL_BASE + 115) },
 	{ "swapon", (__NR_SYSCALL_BASE + 87) },
@@ -396,14 +396,14 @@ const struct arch_syscall_def arm_syscall_table[] = { \
 	{ "sync_file_range", __PNR_sync_file_range },
 	{ "sync_file_range2", (__NR_SYSCALL_BASE + 341) },
 	{ "syncfs", (__NR_SYSCALL_BASE + 373) },
-	{ "syscall", (__NR_SYSCALL_BASE + 113) },
+	{ "syscall", __PNR_syscall },
 	{ "sysfs", (__NR_SYSCALL_BASE + 135) },
 	{ "sysinfo", (__NR_SYSCALL_BASE + 116) },
 	{ "syslog", (__NR_SYSCALL_BASE + 103) },
 	{ "sysmips", __PNR_sysmips },
 	{ "tee", (__NR_SYSCALL_BASE + 342) },
 	{ "tgkill", (__NR_SYSCALL_BASE + 268) },
-	{ "time", (__NR_SYSCALL_BASE + 13) },
+	{ "time", __PNR_time },
 	{ "timer_create", (__NR_SYSCALL_BASE + 257) },
 	{ "timer_delete", (__NR_SYSCALL_BASE + 261) },
 	{ "timer_getoverrun", (__NR_SYSCALL_BASE + 260) },
@@ -421,15 +421,15 @@ const struct arch_syscall_def arm_syscall_table[] = { \
 	{ "ugetrlimit", (__NR_SYSCALL_BASE + 191) },
 	{ "ulimit", __PNR_ulimit },
 	{ "umask", (__NR_SYSCALL_BASE + 60) },
-	{ "umount", (__NR_SYSCALL_BASE + 22) },
+	{ "umount", __PNR_umount },
 	{ "umount2", (__NR_SYSCALL_BASE + 52) },
 	{ "uname", (__NR_SYSCALL_BASE + 122) },
 	{ "unlink", (__NR_SYSCALL_BASE + 10) },
 	{ "unlinkat", (__NR_SYSCALL_BASE + 328) },
 	{ "unshare", (__NR_SYSCALL_BASE + 337) },
 	{ "uselib", (__NR_SYSCALL_BASE + 86) },
 	{ "ustat", (__NR_SYSCALL_BASE + 62) },
-	{ "utime", (__NR_SYSCALL_BASE + 30) },
+	{ "utime", __PNR_utime },
 	{ "utimensat", (__NR_SYSCALL_BASE + 348) },
 	{ "utimes", (__NR_SYSCALL_BASE + 269) },
 	{ "vfork", (__NR_SYSCALL_BASE + 190) },

src/arch-syscall-validate

@@ -146,7 +146,7 @@ function dump_lib_x32() {
 #
 function dump_sys_arm() {
 	# NOTE: arm_sync_file_range() and sync_file_range2() share values
-	cat $1/arch/arm/include/uapi/asm/unistd.h | \
+	gcc -E -dM -D __ARM_EABI__ $1/arch/arm/include/uapi/asm/unistd.h | \
 		grep "^#define __NR_" | sort | \
 		grep -v "^#define __NR_OABI_SYSCALL_BASE" | \
 		grep -v "^#define __NR_SYSCALL_BASE" | \