Merge 0c52a7f into 5532444

src/arch-aarch64.c

@@ -25,6 +25,9 @@
 
 #include "arch.h"
 #include "arch-aarch64.h"
+#include "syscalls.h"
+
+ARCH_DEF(aarch64)
 
 const struct arch_def arch_def_aarch64 = {
 	.token = SCMP_ARCH_AARCH64,

src/arch-arm.c

@@ -25,6 +25,7 @@
 
 #include "arch.h"
 #include "arch-arm.h"
+#include "syscalls.h"
 
 #define __SCMP_NR_OABI_SYSCALL_BASE     0x900000
 #define __SCMP_ARM_NR_BASE              0x0f0000
@@ -78,6 +79,8 @@ const char *arm_syscall_resolve_num_munge(const struct arch_def *arch, int num)
 	return arch->syscall_resolve_num_raw(num);
 }
 
+ARCH_DEF(arm)
+
 const struct arch_def arch_def_arm = {
 	.token = SCMP_ARCH_ARM,
 	.token_bpf = AUDIT_ARCH_ARM,

src/arch-mips.c

@@ -30,9 +30,52 @@
 #include "arch.h"
 #include "arch-mips.h"
 
+/* O32 ABI */
+#define __SCMP_NR_BASE			4000
+
 /* mips syscall numbers */
-#define __mips_NR_socketcall		102
-#define __mips_NR_ipc			117
+#define __mips_NR_socketcall		(__SCMP_NR_BASE + 102)
+#define __mips_NR_ipc			(__SCMP_NR_BASE + 117)
+
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number using the syscall table.
+ * Returns the syscall number on success, including negative pseudo syscall
+ * numbers; returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int mips_syscall_resolve_name_raw(const char *name)
+{
+	int sys;
+
+	/* NOTE: we don't want to modify the pseudo-syscall numbers */
+	sys = mips_syscall_resolve_name(name);
+	if (sys == __NR_SCMP_ERROR || sys < 0)
+		return sys;
+
+	return sys + __SCMP_NR_BASE;
+}
+
+/**
+ * Resolve a syscall number to a name
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name using the syscall table.
+ * Returns a pointer to the syscall name string on success, including pseudo
+ * syscall names; returns NULL on failure.
+ *
+ */
+const char *mips_syscall_resolve_num_raw(int num)
+{
+	/* NOTE: we don't want to modify the pseudo-syscall numbers */
+	if (num >= __SCMP_NR_BASE)
+		num -= __SCMP_NR_BASE;
+	return mips_syscall_resolve_num(num);
+}
+
+ARCH_DEF(mips)
 
 const struct arch_def arch_def_mips = {
 	.token = SCMP_ARCH_MIPS,
@@ -42,9 +85,9 @@ const struct arch_def arch_def_mips = {
 	.sys_socketcall = __mips_NR_socketcall,
 	.sys_ipc = __mips_NR_ipc,
 	.syscall_resolve_name = abi_syscall_resolve_name_munge,
-	.syscall_resolve_name_raw = mips_syscall_resolve_name,
+	.syscall_resolve_name_raw = mips_syscall_resolve_name_raw,
 	.syscall_resolve_num = abi_syscall_resolve_num_munge,
-	.syscall_resolve_num_raw = mips_syscall_resolve_num,
+	.syscall_resolve_num_raw = mips_syscall_resolve_num_raw,
 	.syscall_rewrite = abi_syscall_rewrite,
 	.rule_add = abi_rule_add,
 };
@@ -57,9 +100,9 @@ const struct arch_def arch_def_mipsel = {
 	.sys_socketcall = __mips_NR_socketcall,
 	.sys_ipc = __mips_NR_ipc,
 	.syscall_resolve_name = abi_syscall_resolve_name_munge,
-	.syscall_resolve_name_raw = mips_syscall_resolve_name,
+	.syscall_resolve_name_raw = mips_syscall_resolve_name_raw,
 	.syscall_resolve_num = abi_syscall_resolve_num_munge,
-	.syscall_resolve_num_raw = mips_syscall_resolve_num,
+	.syscall_resolve_num_raw = mips_syscall_resolve_num_raw,
 	.syscall_rewrite = abi_syscall_rewrite,
 	.rule_add = abi_rule_add,
 };

src/arch-mips64.c

@@ -24,6 +24,7 @@
 
 #include "arch.h"
 #include "arch-mips64.h"
+#include "syscalls.h"
 
 /* 64 ABI */
 #define __SCMP_NR_BASE			5000
@@ -70,6 +71,8 @@ const char *mips64_syscall_resolve_num_munge(const struct arch_def *arch,
 	return arch->syscall_resolve_num_raw(num);
 }
 
+ARCH_DEF(mips64)
+
 const struct arch_def arch_def_mips64 = {
 	.token = SCMP_ARCH_MIPS64,
 	.token_bpf = AUDIT_ARCH_MIPS64,

src/arch-mips64n32.c

@@ -26,6 +26,7 @@
 
 #include "arch.h"
 #include "arch-mips64n32.h"
+#include "syscalls.h"
 
 /* N32 ABI */
 #define __SCMP_NR_BASE			6000
@@ -72,6 +73,8 @@ const char *mips64n32_syscall_resolve_num_munge(const struct arch_def *arch,
 	return mips64n32_syscall_resolve_num(num);
 }
 
+ARCH_DEF(mips64n32)
+
 const struct arch_def arch_def_mips64n32 = {
 	.token = SCMP_ARCH_MIPS64N32,
 	.token_bpf = AUDIT_ARCH_MIPS64N32,

src/arch-parisc.c

@@ -9,6 +9,9 @@
 
 #include "arch.h"
 #include "arch-parisc.h"
+#include "syscalls.h"
+
+ARCH_DEF(parisc)
 
 const struct arch_def arch_def_parisc = {
 	.token = SCMP_ARCH_PARISC,

src/arch-parisc64.c

@@ -9,6 +9,9 @@
 
 #include "arch.h"
 #include "arch-parisc64.h"
+#include "syscalls.h"
+
+ARCH_DEF(parisc64)
 
 const struct arch_def arch_def_parisc64 = {
 	.token = SCMP_ARCH_PARISC64,

src/arch-ppc.c

@@ -34,6 +34,8 @@
 #define __ppc_NR_socketcall		102
 #define __ppc_NR_ipc			117
 
+ARCH_DEF(ppc)
+
 const struct arch_def arch_def_ppc = {
 	.token = SCMP_ARCH_PPC,
 	.token_bpf = AUDIT_ARCH_PPC,

src/arch-ppc64.c

@@ -34,6 +34,8 @@
 #define __ppc64_NR_socketcall		102
 #define __ppc64_NR_ipc			117
 
+ARCH_DEF(ppc64)
+
 const struct arch_def arch_def_ppc64 = {
 	.token = SCMP_ARCH_PPC64,
 	.token_bpf = AUDIT_ARCH_PPC64,

src/arch-riscv64.c

@@ -18,6 +18,9 @@
 
 #include "arch.h"
 #include "arch-riscv64.h"
+#include "syscalls.h"
+
+ARCH_DEF(riscv64)
 
 const struct arch_def arch_def_riscv64 = {
 	.token = SCMP_ARCH_RISCV64,

src/arch-s390.c

@@ -17,6 +17,8 @@
 #define __s390_NR_socketcall		102
 #define __s390_NR_ipc			117
 
+ARCH_DEF(s390)
+
 const struct arch_def arch_def_s390 = {
 	.token = SCMP_ARCH_S390,
 	.token_bpf = AUDIT_ARCH_S390,

src/arch-s390x.c

@@ -17,6 +17,8 @@
 #define __s390x_NR_socketcall		102
 #define __s390x_NR_ipc			117
 
+ARCH_DEF(s390x)
+
 const struct arch_def arch_def_s390x = {
 	.token = SCMP_ARCH_S390X,
 	.token_bpf = AUDIT_ARCH_S390X,

src/arch-sh.c

@@ -26,6 +26,8 @@
 #define __sh_NR_socketcall		102
 #define __sh_NR_ipc			117
 
+ARCH_DEF(sh)
+
 const struct arch_def arch_def_sheb = {
 	.token = SCMP_ARCH_SHEB,
 	.token_bpf = AUDIT_ARCH_SH,

src/arch-x32.c

@@ -25,6 +25,7 @@
 
 #include "arch.h"
 #include "arch-x32.h"
+#include "syscalls.h"
 
 /**
  * Resolve a syscall name to a number
@@ -68,6 +69,8 @@ const char *x32_syscall_resolve_num_munge(const struct arch_def *arch,
 	return arch->syscall_resolve_num_raw(num);
 }
 
+ARCH_DEF(x32)
+
 const struct arch_def arch_def_x32 = {
 	.token = SCMP_ARCH_X32,
 	/* NOTE: this seems odd but the kernel treats x32 like x86_64 here */

src/arch-x86.c

@@ -33,6 +33,8 @@
 #define __x86_NR_socketcall		102
 #define __x86_NR_ipc			117
 
+ARCH_DEF(x86)
+
 const struct arch_def arch_def_x86 = {
 	.token = SCMP_ARCH_X86,
 	.token_bpf = AUDIT_ARCH_I386,

src/arch-x86_64.c

@@ -25,6 +25,9 @@
 
 #include "arch.h"
 #include "arch-x86_64.h"
+#include "syscalls.h"
+
+ARCH_DEF(x86_64)
 
 const struct arch_def arch_def_x86_64 = {
 	.token = SCMP_ARCH_X86_64,

src/arch.h

@@ -74,6 +74,21 @@ extern const struct arch_def *arch_def_native;
 	const char *NAME##_syscall_resolve_num(int num); \
 	const struct arch_syscall_def *NAME##_syscall_iterate(unsigned int spot);
 
+/* macro to define the arch specific structures and functions */
+#define ARCH_DEF(NAME) \
+	int NAME##_syscall_resolve_name(const char *name) \
+	{ \
+		return syscall_resolve_name(name, OFFSET_ARCH(NAME)); \
+	} \
+	const char *NAME##_syscall_resolve_num(int num) \
+	{ \
+		return syscall_resolve_num(num, OFFSET_ARCH(NAME)); \
+	} \
+	const struct arch_syscall_def *NAME##_syscall_iterate(unsigned int spot) \
+	{ \
+		return syscall_iterate(spot, OFFSET_ARCH(NAME)); \
+	}
+
 /* syscall name/num mapping */
 struct arch_syscall_def {
 	const char *name;

src/syscalls.c

@@ -29,37 +29,6 @@
 #include "arch.h"
 #include "syscalls.h"
 
-#define ARCH_DEF(NAME) \
-	int NAME##_syscall_resolve_name(const char *name) \
-	{ \
-		return syscall_resolve_name(name, OFFSET_ARCH(NAME)); \
-	} \
-	const char *NAME##_syscall_resolve_num(int num) \
-	{ \
-		return syscall_resolve_num(num, OFFSET_ARCH(NAME)); \
-	} \
-	const struct arch_syscall_def *NAME##_syscall_iterate(unsigned int spot) \
-	{ \
-		return syscall_iterate(spot, OFFSET_ARCH(NAME)); \
-	}
-
-ARCH_DEF(x86_64)
-ARCH_DEF(arm)
-ARCH_DEF(aarch64)
-ARCH_DEF(mips64n32)
-ARCH_DEF(mips64)
-ARCH_DEF(mips)
-ARCH_DEF(parisc)
-ARCH_DEF(parisc64)
-ARCH_DEF(ppc64)
-ARCH_DEF(ppc)
-ARCH_DEF(s390)
-ARCH_DEF(s390x)
-ARCH_DEF(sh)
-ARCH_DEF(x32)
-ARCH_DEF(x86)
-ARCH_DEF(riscv64)
-
 /**
  * Resolve a syscall name to a number
  * @param arch the arch definition

tests/30-sim-socket_syscalls.c

@@ -54,6 +54,12 @@ int main(int argc, char *argv[])
 	if (rc != 0)
 		goto out;
 	rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_SH);
 	if (rc != 0)
 		goto out;
 

tests/30-sim-socket_syscalls.py

@@ -35,11 +35,29 @@ def test(args):
     f.add_arch(Arch("x86_64"))
     f.add_arch(Arch("x32"))
     f.add_arch(Arch("ppc64le"))
+    f.add_arch(Arch("mipsel"))
+    f.add_arch(Arch("sh"))
     f.add_rule(ALLOW, "socket")
+    f.add_rule(ALLOW, "bind")
     f.add_rule(ALLOW, "connect")
+    f.add_rule(ALLOW, "listen")
     f.add_rule(ALLOW, "accept")
     f.add_rule(ALLOW, "accept4")
+    f.add_rule(ALLOW, "getsockname")
+    f.add_rule(ALLOW, "getpeername")
+    f.add_rule(ALLOW, "socketpair")
+    f.add_rule(ALLOW, "send")
+    f.add_rule(ALLOW, "recv")
+    f.add_rule(ALLOW, "sendto")
+    f.add_rule(ALLOW, "recvfrom")
     f.add_rule(ALLOW, "shutdown")
+    f.add_rule(ALLOW, "setsockopt")
+    f.add_rule(ALLOW, "getsockopt")
+    f.add_rule(ALLOW, "sendmsg")
+    f.add_rule(ALLOW, "recvmsg")
+    f.add_rule(ALLOW, "accept4")
+    f.add_rule(ALLOW, "sendmmsg")
+    f.add_rule(ALLOW, "recvmmsg")
     return f
 
 args = util.get_opt()