From 43f42a4f71841cb9051799b584dc2a6f5ac2bd75 Mon Sep 17 00:00:00 2001
From: WANG Xuerui <git@xen0n.name>
Date: Tue, 20 Aug 2024 12:05:46 +0800
Subject: [PATCH 1/3] arch: unify handling of syscall.tbl in
 arch-syscall-validate

Apart from de-duplication of logic, this refactor is also going to help
syncing to the Linux 6.11+ definitions, where all architectures are
converted to source their syscall definitions from syscall.tbl files.

The change is tested on Linux 6.2 sources to not affect the generated
syscalls.csv apart from timestamp changes.

Signed-off-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(imported from commit cfce7b02f3fa44e36b7890f4ed92a3f4b8eb578b)
---
 src/arch-syscall-validate | 101 +++++++++++++++++---------------------
 1 file changed, 45 insertions(+), 56 deletions(-)

diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
index 3b69e9b2..2b46839b 100755
--- a/src/arch-syscall-validate
+++ b/src/arch-syscall-validate
@@ -161,6 +161,31 @@ function mangle_lib_syscall() {
 	sed $sed_filter | sed '/,-[0-9]\+$/d'
 }
 
+#
+# Dump syscalls matching specified tags from the given syscall.tbl file
+#
+# Arguments:
+#     1        path to the syscall.tbl file to dump
+#     (rest)   tags to match (except "common" which is always included)
+#
+#  Dump the matched syscall table entries to stdout.
+#
+function dump_from_syscall_tbl() {
+	local file="$1"
+	shift
+
+	local tag
+	local tag_regexp='^(common'
+	for tag in "$@"; do
+		tag_regexp="${tag_regexp}|${tag}"
+	done
+	tag_regexp="${tag_regexp}) "
+
+	cat "$file" | grep -v '^#\|^$' | awk '{ print $2,$3,$1 }' | \
+		grep -E "$tag_regexp" | awk '{ print $2","$3 }' | sort | \
+		grep -Ev '^(reserved|unused)[0-9]+,'
+}
+
 #
 # Dump the x86 system syscall table
 #
@@ -170,9 +195,7 @@ function mangle_lib_syscall() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_x86() {
-	cat $1/arch/x86/entry/syscalls/syscall_32.tbl | \
-		grep -v "^#" | awk '{ print $3","$1 }' | \
-		sort
+	dump_from_syscall_tbl "$1/arch/x86/entry/syscalls/syscall_32.tbl" i386
 }
 
 #
@@ -193,9 +216,7 @@ function dump_lib_x86() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_x86_64() {
-	cat $1/arch/x86/entry/syscalls/syscall_64.tbl | \
-		grep -v "^#" | sed '/^$/d' | awk '{ print $2,$3,$1 }' | \
-		sed '/^x32/d' | awk '{ print $2","$3 }' | sort
+	dump_from_syscall_tbl "$1/arch/x86/entry/syscalls/syscall_64.tbl" 64
 }
 
 #
@@ -216,9 +237,7 @@ function dump_lib_x86_64() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_x32() {
-	cat $1/arch/x86/entry/syscalls/syscall_64.tbl | \
-		grep -v "^#" | sed '/^$/d' | awk '{ print $2,$3,$1 }' | \
-		sed '/^64/d' | awk '{ print $2","$3 }' | sort
+	dump_from_syscall_tbl "$1/arch/x86/entry/syscalls/syscall_64.tbl" x32
 }
 
 #
@@ -239,14 +258,12 @@ function dump_lib_x32() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_arm() {
-	cat $1/arch/arm/tools/syscall.tbl | grep -v "^#" | \
-		sed -n "/[0-9]\+[ \t]\+\(common\|eabi\)/p" | \
-		awk '{ print $3","$1 }' | sort | (cat -; \
-			(cat $1/arch/arm/include/uapi/asm/unistd.h | \
-			grep "^#define __ARM_NR_" | \
-			grep -v "^#define __ARM_NR_BASE" | \
-			sed 's/#define __ARM_NR_\([a-z0-9_]*\)[ \t]\+(__ARM_NR_BASE+\(.*\))/\1 983040 + \2/' | \
-			awk '{ print $1","$2+$4 }')) | sort
+	dump_from_syscall_tbl "$1/arch/arm/tools/syscall.tbl" eabi | (cat -; \
+		(cat $1/arch/arm/include/uapi/asm/unistd.h | \
+		grep "^#define __ARM_NR_" | \
+		grep -v "^#define __ARM_NR_BASE" | \
+		sed 's/#define __ARM_NR_\([a-z0-9_]*\)[ \t]\+(__ARM_NR_BASE+\(.*\))/\1 983040 + \2/' | \
+		awk '{ print $1","$2+$4 }')) | sort
 }
 
 #
@@ -314,11 +331,7 @@ function dump_lib_aarch64() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_mips() {
-	cat $1/arch/mips/kernel/syscalls/syscall_o32.tbl | \
-		grep -v "^#" | \
-		sed -e '/[ \t]\+reserved[0-9]\+[ \t]\+/d;' | \
-		sed -e '/[ \t]\+unused[0-9]\+[ \t]\+/d;' | \
-		awk '{ print $3","$1 }' | sort
+	dump_from_syscall_tbl "$1/arch/mips/kernel/syscalls/syscall_o32.tbl" o32
 }
 
 #
@@ -339,11 +352,7 @@ function dump_lib_mips() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_mips64() {
-	cat $1/arch/mips/kernel/syscalls/syscall_n64.tbl | \
-		grep -v "^#" | \
-		sed -e '/[ \t]\+reserved[0-9]\+[ \t]\+/d;' | \
-		sed -e '/[ \t]\+unused[0-9]\+[ \t]\+/d;' | \
-		awk '{ print $3","$1 }' | sort
+	dump_from_syscall_tbl "$1/arch/mips/kernel/syscalls/syscall_n64.tbl" n64
 }
 
 #
@@ -364,11 +373,7 @@ function dump_lib_mips64() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_mips64n32() {
-	cat $1/arch/mips/kernel/syscalls/syscall_n32.tbl | \
-		grep -v "^#" | \
-		sed -e '/[ \t]\+reserved[0-9]\+[ \t]\+/d;' | \
-		sed -e '/[ \t]\+unused[0-9]\+[ \t]\+/d;' | \
-		awk '{ print $3","$1 }' | sort
+	dump_from_syscall_tbl "$1/arch/mips/kernel/syscalls/syscall_n32.tbl" n32
 }
 
 #
@@ -389,11 +394,7 @@ function dump_lib_mips64n32() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_parisc() {
-	cat $1/arch/parisc/kernel/syscalls/syscall.tbl | \
-		grep -v "^#" | \
-		sed -n "/[0-9]\+[ \t]\+\(common\|32\)/p" | \
-		awk '{ print $3","$1 }' | \
-		sort
+	dump_from_syscall_tbl "$1/arch/parisc/kernel/syscalls/syscall.tbl" 32
 }
 
 #
@@ -414,11 +415,7 @@ function dump_lib_parisc() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_parisc64() {
-	cat $1/arch/parisc/kernel/syscalls/syscall.tbl | \
-		grep -v "^#" | \
-		sed -n "/[0-9]\+[ \t]\+\(common\|64\)/p" | \
-		awk '{ print $3","$1 }' | \
-		sort
+	dump_from_syscall_tbl "$1/arch/parisc/kernel/syscalls/syscall.tbl" 64
 }
 
 #
@@ -439,9 +436,8 @@ function dump_lib_parisc64() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_ppc() {
-	cat $1/arch/powerpc/kernel/syscalls/syscall.tbl | grep -v "^#" | \
-		sed -ne "/[0-9]\+[ \t]\+\(common\|nospu\|32\)/p" | \
-		awk '{ print $3","$1 }' | sort
+	dump_from_syscall_tbl "$1/arch/powerpc/kernel/syscalls/syscall.tbl" \
+		nospu 32
 }
 
 #
@@ -462,9 +458,8 @@ function dump_lib_ppc() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_ppc64() {
-	cat $1/arch/powerpc/kernel/syscalls/syscall.tbl | grep -v "^#" | \
-		sed -ne "/[0-9]\+[ \t]\+\(common\|nospu\|64\)/p" | \
-		awk '{ print $3","$1 }' | sort
+	dump_from_syscall_tbl "$1/arch/powerpc/kernel/syscalls/syscall.tbl" \
+		nospu 64
 }
 
 #
@@ -528,10 +523,7 @@ function dump_lib_riscv64() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_s390() {
-	cat $1/arch/s390/kernel/syscalls/syscall.tbl | grep -v "^#" | \
-		sed -ne "/[0-9]\+[ \t]\+\(common\|32\)/p" | \
-		awk '{ print $3","$1 }' | \
-		sort
+	dump_from_syscall_tbl "$1/arch/s390/kernel/syscalls/syscall.tbl" 32
 }
 
 #
@@ -552,10 +544,7 @@ function dump_lib_s390() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_s390x() {
-	cat $1/arch/s390/kernel/syscalls/syscall.tbl | grep -v "^#" | \
-		sed -ne "/[0-9]\+[ \t]\+\(common\|64\)/p" | \
-		awk '{ print $3","$1 }' | \
-		sort
+	dump_from_syscall_tbl "$1/arch/s390/kernel/syscalls/syscall.tbl" 64
 }
 
 #

From c15da6bf55e11a6d1de9467f5fa9218937265333 Mon Sep 17 00:00:00 2001
From: WANG Xuerui <git@xen0n.name>
Date: Tue, 20 Aug 2024 12:16:55 +0800
Subject: [PATCH 2/3] arch: adapt arch-syscall-validate to Linux 6.11

The aarch64, loongarch64 and riscv64 architectures have their syscall
table sources changed to scripts/syscall.tbl, from the original
inclusion of asm-generic/unistd.h. Make the script recognize the new
format for these architectures.

Signed-off-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(imported from commit 26e2b31a71d14e139730c2a4bbb626a249ad35b5)
---
 src/arch-syscall-validate | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
index 2b46839b..7c5b7146 100755
--- a/src/arch-syscall-validate
+++ b/src/arch-syscall-validate
@@ -286,6 +286,13 @@ function dump_lib_arm() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_aarch64() {
+	local syscall_tbl_file="$1/arch/arm64/tools/syscall_64.tbl"
+	if [[ -e $syscall_tbl_file ]]; then
+		dump_from_syscall_tbl "$syscall_tbl_file" \
+			64 renameat rlimit memfd_secret
+		return
+	fi
+
 	local sed_filter=""
 
 	sed_filter+='s/__NR3264_statfs/43/;'
@@ -480,6 +487,12 @@ function dump_lib_ppc64() {
 #  Dump the architecture's syscall table to stdout.
 #
 function dump_sys_riscv64() {
+	if [[ -e $1/arch/riscv/kernel/Makefile.syscalls ]]; then
+		dump_from_syscall_tbl "$1/scripts/syscall.tbl" \
+			64 riscv rlimit memfd_secret
+		return
+	fi
+
 	local sed_filter=""
 
 	sed_filter+='s/__NR3264_fadvise64/223/;'

From 4830edc1e57e146a02b9d840eb54014513182149 Mon Sep 17 00:00:00 2001
From: Paul Moore <paul@paul-moore.com>
Date: Mon, 11 Nov 2024 12:59:36 -0500
Subject: [PATCH 3/3] syscalls: update the syscall tables to v6.12-rc7

No direct cherry-pick from main due to supported architectures and
other changes.

Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 include/seccomp-syscalls.h | 30 ++++++++++++++++++++++++++++++
 src/syscalls.csv           | 12 ++++++++++--
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
index 611c78db..3e18d74d 100644
--- a/include/seccomp-syscalls.h
+++ b/include/seccomp-syscalls.h
@@ -277,6 +277,12 @@
 #define __PNR_riscv_flush_icache		-10243
 #define __PNR_memfd_secret			-10244
 #define __PNR_map_shadow_stack			-10245
+#define __PNR_fstat				-10246
+#define __PNR_atomic_barrier			-10247
+#define __PNR_atomic_cmpxchg_32			-10248
+#define __PNR_getpagesize			-10249
+#define __PNR_riscv_hwprobe			-10250
+#define __PNR_uretprobe				-10251
 
 /*
  * libseccomp syscall definitions
@@ -1054,6 +1060,8 @@
 #define __SNR_listen			__PNR_listen
 #endif
 
+#define __SNR_listmount			__NR_listmount
+
 #define __SNR_listxattr			__NR_listxattr
 
 #define __SNR_llistxattr		__NR_llistxattr
@@ -1072,6 +1080,12 @@
 
 #define __SNR_lsetxattr			__NR_lsetxattr
 
+#define __SNR_lsm_get_self_attr		__NR_lsm_get_self_attr
+
+#define __SNR_lsm_list_modules		__NR_lsm_list_modules
+
+#define __SNR_lsm_set_self_attr		__NR_lsm_set_self_attr
+
 #ifdef __NR_lstat
 #define __SNR_lstat			__NR_lstat
 #else
@@ -1214,6 +1228,8 @@
 
 #define __SNR_mremap			__NR_mremap
 
+#define __SNR_mseal			__NR_mseal
+
 #ifdef __NR_msgctl
 #define __SNR_msgctl			__NR_msgctl
 #else
@@ -1556,6 +1572,12 @@
 #define __SNR_riscv_flush_icache	__PNR_riscv_flush_icache
 #endif
 
+#ifdef __NR_riscv_hwprobe
+#define __SNR_riscv_hwprobe		__NR_riscv_hwprobe
+#else
+#define __SNR_riscv_hwprobe		__PNR_riscv_hwprobe
+#endif
+
 #ifdef __NR_rmdir
 #define __SNR_rmdir			__NR_rmdir
 #else
@@ -2046,6 +2068,8 @@
 #define __SNR_statfs64			__PNR_statfs64
 #endif
 
+#define __SNR_statmount			__NR_statmount
+
 #ifdef __NR_statx
 #define __SNR_statx			__NR_statx
 #else
@@ -2254,6 +2278,12 @@
 
 #define __SNR_unshare			__NR_unshare
 
+#ifdef __NR_uretprobe
+#define __SNR_uretprobe			__NR_uretprobe
+#else
+#define __SNR_uretprobe			__PNR_uretprobe
+#endif
+
 #ifdef __NR_uselib
 #define __SNR_uselib			__NR_uselib
 #else
diff --git a/src/syscalls.csv b/src/syscalls.csv
index b0da8e6e..fe602c9d 100644
--- a/src/syscalls.csv
+++ b/src/syscalls.csv
@@ -1,4 +1,4 @@
-#syscall (v6.7.0-rc3 2023-11-30),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv64,s390,s390x
+#syscall (v6.12.0-rc7 2024-11-11),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv64,s390,s390x
 accept,PNR,43,43,285,202,168,42,42,35,35,330,330,202,PNR,PNR
 accept4,364,288,288,366,242,334,293,297,320,320,344,344,242,364,364
 access,33,21,21,33,PNR,33,20,20,33,33,33,33,PNR,33,33
@@ -183,6 +183,7 @@ lgetxattr,230,192,192,230,9,228,184,184,242,242,213,213,9,228,228
 link,9,86,86,9,PNR,9,84,84,9,9,9,9,PNR,9,9
 linkat,303,265,265,330,37,296,255,259,283,283,294,294,37,296,296
 listen,363,50,50,284,201,174,49,49,32,32,329,329,201,363,363
+listmount,458,458,458,458,458,458,458,458,458,458,458,458,458,458,458
 listxattr,232,194,194,232,11,230,186,186,244,244,215,215,11,230,230
 llistxattr,233,195,195,233,12,231,187,187,245,245,216,216,12,231,231
 _llseek,140,PNR,PNR,140,PNR,140,PNR,PNR,140,140,140,140,PNR,140,PNR
@@ -191,10 +192,13 @@ lookup_dcookie,253,212,212,249,18,247,206,206,223,223,235,235,18,110,110
 lremovexattr,236,198,198,236,15,234,190,190,248,248,219,219,15,234,234
 lseek,19,8,8,19,62,19,8,8,19,19,19,19,62,19,19
 lsetxattr,227,189,189,227,6,225,181,181,239,239,210,210,6,225,225
+lsm_get_self_attr,459,459,459,459,459,459,459,459,459,459,459,459,459,459,459
+lsm_list_modules,461,461,461,461,461,461,461,461,461,461,461,461,461,461,461
+lsm_set_self_attr,460,460,460,460,460,460,460,460,460,460,460,460,460,460,460
 lstat,107,6,6,107,PNR,107,6,6,84,84,107,107,PNR,107,107
 lstat64,196,PNR,PNR,196,PNR,214,PNR,PNR,198,198,196,PNR,PNR,196,PNR
 madvise,219,28,28,220,233,218,27,27,119,119,205,205,233,219,219
-map_shadow_stack,453,453,PNR,453,453,453,453,453,453,453,453,453,453,453,453
+map_shadow_stack,453,453,453,453,453,453,453,453,453,453,453,453,453,453,453
 mbind,274,237,237,319,235,268,227,231,260,260,259,259,235,268,268
 membarrier,375,324,324,389,283,358,318,322,343,343,365,365,283,356,356
 memfd_create,356,319,319,385,279,354,314,318,340,340,360,360,279,350,350
@@ -226,6 +230,7 @@ mq_timedsend,279,242,242,276,182,273,232,236,231,231,264,264,182,273,273
 mq_timedsend_time64,418,PNR,PNR,418,PNR,418,PNR,418,418,PNR,418,PNR,PNR,418,PNR
 mq_unlink,278,241,241,275,181,272,231,235,230,230,263,263,181,272,272
 mremap,163,25,25,163,216,167,24,24,163,163,163,163,216,163,163
+mseal,462,462,462,462,462,462,462,462,462,462,462,462,462,462,462
 msgctl,402,71,71,304,187,402,69,69,191,191,402,402,187,402,402
 msgget,399,68,68,303,186,399,66,66,190,190,399,399,186,399,399
 msgrcv,401,70,70,302,188,401,68,68,189,189,401,401,188,401,401
@@ -310,6 +315,7 @@ renameat2,353,316,316,382,276,351,311,315,337,337,357,357,276,347,347
 request_key,287,249,249,310,218,281,240,244,265,265,270,270,218,279,279
 restart_syscall,0,219,219,0,128,253,213,214,0,0,0,0,128,7,7
 riscv_flush_icache,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,259,PNR,PNR
+riscv_hwprobe,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,258,PNR,PNR
 rmdir,40,84,84,40,PNR,40,82,82,40,40,40,40,PNR,40,40
 rseq,386,334,334,398,293,367,327,331,354,354,387,387,293,383,383
 rtas,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,255,255,PNR,PNR,PNR
@@ -415,6 +421,7 @@ stat,106,4,4,106,PNR,106,4,4,18,18,106,106,PNR,106,106
 stat64,195,PNR,PNR,195,PNR,213,PNR,PNR,101,101,195,PNR,PNR,195,PNR
 statfs,99,137,137,99,43,99,134,134,99,99,99,99,43,99,99
 statfs64,268,PNR,PNR,266,PNR,255,PNR,217,298,298,252,252,PNR,265,265
+statmount,457,457,457,457,457,457,457,457,457,457,457,457,457,457,457
 statx,383,332,332,397,291,366,326,330,349,349,383,383,291,379,379
 stime,25,PNR,PNR,PNR,PNR,25,PNR,PNR,25,25,25,25,PNR,25,PNR
 stty,31,PNR,PNR,PNR,PNR,31,PNR,PNR,PNR,PNR,31,31,PNR,PNR,PNR
@@ -466,6 +473,7 @@ uname,122,63,63,122,160,122,61,61,59,59,122,122,160,122,122
 unlink,10,87,87,10,PNR,10,85,85,10,10,10,10,PNR,10,10
 unlinkat,301,263,263,328,35,294,253,257,281,281,292,292,35,294,294
 unshare,310,272,272,337,97,303,262,266,288,288,282,282,97,303,303
+uretprobe,PNR,335,335,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR
 uselib,86,134,PNR,86,PNR,86,PNR,PNR,86,86,86,86,PNR,86,86
 userfaultfd,374,323,323,388,282,357,317,321,344,344,364,364,282,355,355
 usr26,PNR,PNR,PNR,983043,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR