From 9f3d19f7ee1aac48a059feb96ee2747a457abd51 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Mon, 3 Sep 2018 00:09:40 +0000 Subject: [PATCH] core/linux-odroid-c2 to 3.16.57-2 --- ...-add-extra-errata-843419-build-flags.patch | 8 +- .../0002-arm64-Add-audit-support.patch | 83 ++ ...reate-internal-mode-setting-function.patch | 58 + ...mp-extract-check-assign-mode-helpers.patch | 67 + ...-seccomp-split-mode-setting-routines.patch | 126 ++ .../0006-seccomp-add-seccomp-syscall.patch | 236 +++ ...om-introduce-getrandom-2-system-call.patch | 328 +++++ ...pat-wire-up-memfd_create-syscall-for.patch | 31 + ..._NR_-definitions-for-compat-syscalls.patch | 1280 +++++++++++++++++ ...e-up-memfd_create-and-getrandom-sysc.patch | 44 + ...-arm64-ptrace-add-PTRACE_SET_SYSCALL.patch | 64 + ...e-allow-tracer-to-skip-a-system-call.patch | 122 ++ ...generic-seccomp.h-for-secure-computi.patch | 55 + ...-add-seccomp-syscall-for-compat-task.patch | 30 + ...4-add-SIGSYS-siginfo-for-compat-task.patch | 56 + .../0016-arm64-add-seccomp-support.patch | 152 ++ core/linux-odroid-c2/PKGBUILD | 53 +- core/linux-odroid-c2/config | 16 +- 18 files changed, 2796 insertions(+), 13 deletions(-) create mode 100644 core/linux-odroid-c2/0002-arm64-Add-audit-support.patch create mode 100644 core/linux-odroid-c2/0003-seccomp-create-internal-mode-setting-function.patch create mode 100644 core/linux-odroid-c2/0004-seccomp-extract-check-assign-mode-helpers.patch create mode 100644 core/linux-odroid-c2/0005-seccomp-split-mode-setting-routines.patch create mode 100644 core/linux-odroid-c2/0006-seccomp-add-seccomp-syscall.patch create mode 100644 core/linux-odroid-c2/0007-random-introduce-getrandom-2-system-call.patch create mode 100644 core/linux-odroid-c2/0008-Revert-arm64-compat-wire-up-memfd_create-syscall-for.patch create mode 100644 core/linux-odroid-c2/0009-arm64-Add-__NR_-definitions-for-compat-syscalls.patch create mode 100644 core/linux-odroid-c2/0010-arm64-compat-wire-up-memfd_create-and-getrandom-sysc.patch create mode 100644 core/linux-odroid-c2/0011-arm64-ptrace-add-PTRACE_SET_SYSCALL.patch create mode 100644 core/linux-odroid-c2/0012-arm64-ptrace-allow-tracer-to-skip-a-system-call.patch create mode 100644 core/linux-odroid-c2/0013-asm-generic-add-generic-seccomp.h-for-secure-computi.patch create mode 100644 core/linux-odroid-c2/0014-arm64-add-seccomp-syscall-for-compat-task.patch create mode 100644 core/linux-odroid-c2/0015-arm64-add-SIGSYS-siginfo-for-compat-task.patch create mode 100644 core/linux-odroid-c2/0016-arm64-add-seccomp-support.patch diff --git a/core/linux-odroid-c2/0001-add-extra-errata-843419-build-flags.patch b/core/linux-odroid-c2/0001-add-extra-errata-843419-build-flags.patch index 5d7478b06..bb20d11e5 100644 --- a/core/linux-odroid-c2/0001-add-extra-errata-843419-build-flags.patch +++ b/core/linux-odroid-c2/0001-add-extra-errata-843419-build-flags.patch @@ -1,14 +1,14 @@ -From 11a0d059489c71a07c4a40b5c1f8cfe5cda96b51 Mon Sep 17 00:00:00 2001 +From 967dd9cfe3e038b5e38ea402728f985e931d170f Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Thu, 26 May 2016 06:29:07 -0600 -Subject: [PATCH] add extra errata 843419 build flags +Subject: [PATCH 01/16] add extra errata 843419 build flags --- arch/arm64/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile -index 18ea69f55402..59c5e48458d6 100644 +index b92f401c3a86..733aedf927c7 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -37,6 +37,7 @@ CHECKFLAGS += -D__aarch64__ @@ -20,5 +20,5 @@ index 18ea69f55402..59c5e48458d6 100644 # Default value -- -2.11.0 +2.18.0 diff --git a/core/linux-odroid-c2/0002-arm64-Add-audit-support.patch b/core/linux-odroid-c2/0002-arm64-Add-audit-support.patch new file mode 100644 index 000000000..6fd224469 --- /dev/null +++ b/core/linux-odroid-c2/0002-arm64-Add-audit-support.patch @@ -0,0 +1,83 @@ +From 32e551d35640bb67e9f7655a499ffa9bf3a5ff69 Mon Sep 17 00:00:00 2001 +From: AKASHI Takahiro +Date: Fri, 4 Jul 2014 08:28:30 +0100 +Subject: [PATCH 02/16] arm64: Add audit support + +On AArch64, audit is supported through generic lib/audit.c and +compat_audit.c, and so this patch adds arch specific definitions required. + +Acked-by Will Deacon +Acked-by: Richard Guy Briggs +Signed-off-by: AKASHI Takahiro +Signed-off-by: Catalin Marinas +--- + arch/arm64/Kconfig | 2 ++ + arch/arm64/include/asm/syscall.h | 14 ++++++++++++++ + include/uapi/linux/audit.h | 1 + + 3 files changed, 17 insertions(+) + +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index abed91857926..a3f9d227d179 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -12,6 +12,7 @@ config ARM64 + select ARM_AMBA + select ARM_ARCH_TIMER + select ARM_GIC ++ select AUDIT_ARCH_COMPAT_GENERIC + select BUILDTIME_EXTABLE_SORT + select CLONE_BACKWARDS + select COMMON_CLK +@@ -30,6 +31,7 @@ config ARM64 + select GENERIC_STRNLEN_USER + select GENERIC_TIME_VSYSCALL + select HARDIRQS_SW_RESEND ++ select HAVE_ARCH_AUDITSYSCALL + select HAVE_ARCH_JUMP_LABEL + select HAVE_ARCH_KGDB + select HAVE_ARCH_TRACEHOOK +diff --git a/arch/arm64/include/asm/syscall.h b/arch/arm64/include/asm/syscall.h +index 383771eb0b87..709a574468f0 100644 +--- a/arch/arm64/include/asm/syscall.h ++++ b/arch/arm64/include/asm/syscall.h +@@ -16,6 +16,8 @@ + #ifndef __ASM_SYSCALL_H + #define __ASM_SYSCALL_H + ++#include ++#include + #include + + extern const void *sys_call_table[]; +@@ -105,4 +107,16 @@ static inline void syscall_set_arguments(struct task_struct *task, + memcpy(®s->regs[i], args, n * sizeof(args[0])); + } + ++/* ++ * We don't care about endianness (__AUDIT_ARCH_LE bit) here because ++ * AArch64 has the same system calls both on little- and big- endian. ++ */ ++static inline int syscall_get_arch(void) ++{ ++ if (is_compat_task()) ++ return AUDIT_ARCH_ARM; ++ ++ return AUDIT_ARCH_AARCH64; ++} ++ + #endif /* __ASM_SYSCALL_H */ +diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h +index 6f94bf3f28a9..c460caf7221d 100644 +--- a/include/uapi/linux/audit.h ++++ b/include/uapi/linux/audit.h +@@ -342,6 +342,7 @@ enum { + #define __AUDIT_ARCH_64BIT 0x80000000 + #define __AUDIT_ARCH_LE 0x40000000 + ++#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) + #define AUDIT_ARCH_ALPHA (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) + #define AUDIT_ARCH_ARM (EM_ARM|__AUDIT_ARCH_LE) + #define AUDIT_ARCH_ARMEB (EM_ARM) +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0003-seccomp-create-internal-mode-setting-function.patch b/core/linux-odroid-c2/0003-seccomp-create-internal-mode-setting-function.patch new file mode 100644 index 000000000..42f1f78e5 --- /dev/null +++ b/core/linux-odroid-c2/0003-seccomp-create-internal-mode-setting-function.patch @@ -0,0 +1,58 @@ +From 73a08be22f457df505b9d2346b1e94b96e1ffae6 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Wed, 21 May 2014 15:02:11 -0700 +Subject: [PATCH 03/16] seccomp: create internal mode-setting function + +In preparation for having other callers of the seccomp mode setting +logic, split the prctl entry point away from the core logic that performs +seccomp mode setting. + +Signed-off-by: Kees Cook +Reviewed-by: Oleg Nesterov +Reviewed-by: Andy Lutomirski +(cherry picked from commit d78ab02c2c194257a03355fbb79eb721b381d105) +--- + kernel/seccomp.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/kernel/seccomp.c b/kernel/seccomp.c +index e2eb71b1e970..ef24e22c3d14 100644 +--- a/kernel/seccomp.c ++++ b/kernel/seccomp.c +@@ -473,7 +473,7 @@ long prctl_get_seccomp(void) + } + + /** +- * prctl_set_seccomp: configures current->seccomp.mode ++ * seccomp_set_mode: internal function for setting seccomp mode + * @seccomp_mode: requested mode to use + * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER + * +@@ -486,7 +486,7 @@ long prctl_get_seccomp(void) + * + * Returns 0 on success or -EINVAL on failure. + */ +-long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter) ++static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter) + { + long ret = -EINVAL; + +@@ -517,3 +517,15 @@ long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter) + out: + return ret; + } ++ ++/** ++ * prctl_set_seccomp: configures current->seccomp.mode ++ * @seccomp_mode: requested mode to use ++ * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER ++ * ++ * Returns 0 on success or -EINVAL on failure. ++ */ ++long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter) ++{ ++ return seccomp_set_mode(seccomp_mode, filter); ++} +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0004-seccomp-extract-check-assign-mode-helpers.patch b/core/linux-odroid-c2/0004-seccomp-extract-check-assign-mode-helpers.patch new file mode 100644 index 000000000..0cd4dfbd9 --- /dev/null +++ b/core/linux-odroid-c2/0004-seccomp-extract-check-assign-mode-helpers.patch @@ -0,0 +1,67 @@ +From 3a8c560eb7c461639a6d2310c32be6434b962cf0 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Wed, 25 Jun 2014 15:38:02 -0700 +Subject: [PATCH 04/16] seccomp: extract check/assign mode helpers + +To support splitting mode 1 from mode 2, extract the mode checking and +assignment logic into common functions. + +Signed-off-by: Kees Cook +Reviewed-by: Oleg Nesterov +Reviewed-by: Andy Lutomirski +(cherry picked from commit 1f41b450416e689b9b7c8bfb750a98604f687a9b) +--- + kernel/seccomp.c | 22 ++++++++++++++++++---- + 1 file changed, 18 insertions(+), 4 deletions(-) + +diff --git a/kernel/seccomp.c b/kernel/seccomp.c +index ef24e22c3d14..8ddb252835aa 100644 +--- a/kernel/seccomp.c ++++ b/kernel/seccomp.c +@@ -194,7 +194,23 @@ static u32 seccomp_run_filters(int syscall) + } + return ret; + } ++#endif /* CONFIG_SECCOMP_FILTER */ + ++static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode) ++{ ++ if (current->seccomp.mode && current->seccomp.mode != seccomp_mode) ++ return false; ++ ++ return true; ++} ++ ++static inline void seccomp_assign_mode(unsigned long seccomp_mode) ++{ ++ current->seccomp.mode = seccomp_mode; ++ set_tsk_thread_flag(current, TIF_SECCOMP); ++} ++ ++#ifdef CONFIG_SECCOMP_FILTER + /** + * seccomp_attach_filter: Attaches a seccomp filter to current. + * @fprog: BPF program to install +@@ -490,8 +506,7 @@ static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter) + { + long ret = -EINVAL; + +- if (current->seccomp.mode && +- current->seccomp.mode != seccomp_mode) ++ if (!seccomp_may_assign_mode(seccomp_mode)) + goto out; + + switch (seccomp_mode) { +@@ -512,8 +527,7 @@ static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter) + goto out; + } + +- current->seccomp.mode = seccomp_mode; +- set_thread_flag(TIF_SECCOMP); ++ seccomp_assign_mode(seccomp_mode); + out: + return ret; + } +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0005-seccomp-split-mode-setting-routines.patch b/core/linux-odroid-c2/0005-seccomp-split-mode-setting-routines.patch new file mode 100644 index 000000000..55d9ce621 --- /dev/null +++ b/core/linux-odroid-c2/0005-seccomp-split-mode-setting-routines.patch @@ -0,0 +1,126 @@ +From a4c3f708e3c96d147ec318eb7f5742fbe7cfb536 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Wed, 25 Jun 2014 15:55:25 -0700 +Subject: [PATCH 05/16] seccomp: split mode setting routines + +Separates the two mode setting paths to make things more readable with +fewer #ifdefs within function bodies. + +Signed-off-by: Kees Cook +Reviewed-by: Oleg Nesterov +Reviewed-by: Andy Lutomirski +(cherry picked from commit 3b23dd12846215eff4afb073366b80c0c4d7543e) +--- + kernel/seccomp.c | 71 ++++++++++++++++++++++++++++++++---------------- + 1 file changed, 48 insertions(+), 23 deletions(-) + +diff --git a/kernel/seccomp.c b/kernel/seccomp.c +index 8ddb252835aa..d82359968d57 100644 +--- a/kernel/seccomp.c ++++ b/kernel/seccomp.c +@@ -489,48 +489,66 @@ long prctl_get_seccomp(void) + } + + /** +- * seccomp_set_mode: internal function for setting seccomp mode +- * @seccomp_mode: requested mode to use +- * @filter: optional struct sock_fprog for use with SECCOMP_MODE_FILTER +- * +- * This function may be called repeatedly with a @seccomp_mode of +- * SECCOMP_MODE_FILTER to install additional filters. Every filter +- * successfully installed will be evaluated (in reverse order) for each system +- * call the task makes. ++ * seccomp_set_mode_strict: internal function for setting strict seccomp + * + * Once current->seccomp.mode is non-zero, it may not be changed. + * + * Returns 0 on success or -EINVAL on failure. + */ +-static long seccomp_set_mode(unsigned long seccomp_mode, char __user *filter) ++static long seccomp_set_mode_strict(void) + { ++ const unsigned long seccomp_mode = SECCOMP_MODE_STRICT; + long ret = -EINVAL; + + if (!seccomp_may_assign_mode(seccomp_mode)) + goto out; + +- switch (seccomp_mode) { +- case SECCOMP_MODE_STRICT: +- ret = 0; + #ifdef TIF_NOTSC +- disable_TSC(); ++ disable_TSC(); + #endif +- break; ++ seccomp_assign_mode(seccomp_mode); ++ ret = 0; ++ ++out: ++ ++ return ret; ++} ++ + #ifdef CONFIG_SECCOMP_FILTER +- case SECCOMP_MODE_FILTER: +- ret = seccomp_attach_user_filter(filter); +- if (ret) +- goto out; +- break; +-#endif +- default: ++/** ++ * seccomp_set_mode_filter: internal function for setting seccomp filter ++ * @filter: struct sock_fprog containing filter ++ * ++ * This function may be called repeatedly to install additional filters. ++ * Every filter successfully installed will be evaluated (in reverse order) ++ * for each system call the task makes. ++ * ++ * Once current->seccomp.mode is non-zero, it may not be changed. ++ * ++ * Returns 0 on success or -EINVAL on failure. ++ */ ++static long seccomp_set_mode_filter(char __user *filter) ++{ ++ const unsigned long seccomp_mode = SECCOMP_MODE_FILTER; ++ long ret = -EINVAL; ++ ++ if (!seccomp_may_assign_mode(seccomp_mode)) ++ goto out; ++ ++ ret = seccomp_attach_user_filter(filter); ++ if (ret) + goto out; +- } + + seccomp_assign_mode(seccomp_mode); + out: + return ret; + } ++#else ++static inline long seccomp_set_mode_filter(char __user *filter) ++{ ++ return -EINVAL; ++} ++#endif + + /** + * prctl_set_seccomp: configures current->seccomp.mode +@@ -541,5 +559,12 @@ out: + */ + long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter) + { +- return seccomp_set_mode(seccomp_mode, filter); ++ switch (seccomp_mode) { ++ case SECCOMP_MODE_STRICT: ++ return seccomp_set_mode_strict(); ++ case SECCOMP_MODE_FILTER: ++ return seccomp_set_mode_filter(filter); ++ default: ++ return -EINVAL; ++ } + } +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0006-seccomp-add-seccomp-syscall.patch b/core/linux-odroid-c2/0006-seccomp-add-seccomp-syscall.patch new file mode 100644 index 000000000..af58164dc --- /dev/null +++ b/core/linux-odroid-c2/0006-seccomp-add-seccomp-syscall.patch @@ -0,0 +1,236 @@ +From 1d7729de997ef9ecb1c9eef1ccf8d191197f984c Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Wed, 25 Jun 2014 16:08:24 -0700 +Subject: [PATCH 06/16] seccomp: add "seccomp" syscall + +This adds the new "seccomp" syscall with both an "operation" and "flags" +parameter for future expansion. The third argument is a pointer value, +used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must +be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...). + +In addition to the TSYNC flag later in this patch series, there is a +non-zero chance that this syscall could be used for configuring a fixed +argument area for seccomp-tracer-aware processes to pass syscall arguments +in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter" +for this syscall. Additionally, this syscall uses operation, flags, +and user pointer for arguments because strictly passing arguments via +a user pointer would mean seccomp itself would be unable to trivially +filter the seccomp syscall itself. + +Signed-off-by: Kees Cook +Reviewed-by: Oleg Nesterov +Reviewed-by: Andy Lutomirski +(cherry picked from commit 48dc92b9fc3926844257316e75ba11eb5c742b2c) +--- + arch/Kconfig | 1 + + arch/x86/syscalls/syscall_32.tbl | 1 + + arch/x86/syscalls/syscall_64.tbl | 1 + + include/linux/syscalls.h | 2 ++ + include/uapi/asm-generic/unistd.h | 3 +- + include/uapi/linux/seccomp.h | 4 +++ + kernel/seccomp.c | 55 ++++++++++++++++++++++++++++--- + kernel/sys_ni.c | 3 ++ + 8 files changed, 64 insertions(+), 6 deletions(-) + +diff --git a/arch/Kconfig b/arch/Kconfig +index 94e811ef45f5..6ba80554149c 100644 +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -321,6 +321,7 @@ config HAVE_ARCH_SECCOMP_FILTER + - secure_computing is called from a ptrace_event()-safe context + - secure_computing return value is checked and a return value of -1 + results in the system call being skipped immediately. ++ - seccomp syscall wired up + + config SECCOMP_FILTER + def_bool y +diff --git a/arch/x86/syscalls/syscall_32.tbl b/arch/x86/syscalls/syscall_32.tbl +index 16209a990be7..cc4c8b448867 100644 +--- a/arch/x86/syscalls/syscall_32.tbl ++++ b/arch/x86/syscalls/syscall_32.tbl +@@ -360,4 +360,5 @@ + 351 i386 sched_setattr sys_sched_setattr + 352 i386 sched_getattr sys_sched_getattr + 353 i386 renameat2 sys_renameat2 ++354 i386 seccomp sys_seccomp + 356 i386 memfd_create sys_memfd_create +diff --git a/arch/x86/syscalls/syscall_64.tbl b/arch/x86/syscalls/syscall_64.tbl +index 9fdc507c0641..a22cd271b891 100644 +--- a/arch/x86/syscalls/syscall_64.tbl ++++ b/arch/x86/syscalls/syscall_64.tbl +@@ -323,6 +323,7 @@ + 314 common sched_setattr sys_sched_setattr + 315 common sched_getattr sys_sched_getattr + 316 common renameat2 sys_renameat2 ++317 common seccomp sys_seccomp + 319 common memfd_create sys_memfd_create + + # +diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h +index 9836e157fc5e..1e6977f03277 100644 +--- a/include/linux/syscalls.h ++++ b/include/linux/syscalls.h +@@ -867,4 +867,6 @@ asmlinkage long sys_process_vm_writev(pid_t pid, + asmlinkage long sys_kcmp(pid_t pid1, pid_t pid2, int type, + unsigned long idx1, unsigned long idx2); + asmlinkage long sys_finit_module(int fd, const char __user *uargs, int flags); ++asmlinkage long sys_seccomp(unsigned int op, unsigned int flags, ++ const char __user *uargs); + #endif +diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h +index b4588752d50f..4f1d521e0af3 100644 +--- a/include/uapi/asm-generic/unistd.h ++++ b/include/uapi/asm-generic/unistd.h +@@ -699,7 +699,8 @@ __SYSCALL(__NR_sched_setattr, sys_sched_setattr) + __SYSCALL(__NR_sched_getattr, sys_sched_getattr) + #define __NR_renameat2 276 + __SYSCALL(__NR_renameat2, sys_renameat2) +-__SYSCALL(277, sys_ni_syscall) ++#define __NR_seccomp 277 ++__SYSCALL(__NR_seccomp, sys_seccomp) + __SYSCALL(278, sys_ni_syscall) + #define __NR_memfd_create 279 + __SYSCALL(__NR_memfd_create, sys_memfd_create) +diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h +index ac2dc9f72973..b258878ba754 100644 +--- a/include/uapi/linux/seccomp.h ++++ b/include/uapi/linux/seccomp.h +@@ -10,6 +10,10 @@ + #define SECCOMP_MODE_STRICT 1 /* uses hard-coded filter. */ + #define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */ + ++/* Valid operations for seccomp syscall. */ ++#define SECCOMP_SET_MODE_STRICT 0 ++#define SECCOMP_SET_MODE_FILTER 1 ++ + /* + * All BPF programs must return a 32-bit value. + * The bottom 16-bits are for optional return data. +diff --git a/kernel/seccomp.c b/kernel/seccomp.c +index d82359968d57..d2596136b0d1 100644 +--- a/kernel/seccomp.c ++++ b/kernel/seccomp.c +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + + /* #define SECCOMP_DEBUG 1 */ + +@@ -314,7 +315,7 @@ free_prog: + * + * Returns 0 on success and non-zero otherwise. + */ +-static long seccomp_attach_user_filter(char __user *user_filter) ++static long seccomp_attach_user_filter(const char __user *user_filter) + { + struct sock_fprog fprog; + long ret = -EFAULT; +@@ -517,6 +518,7 @@ out: + #ifdef CONFIG_SECCOMP_FILTER + /** + * seccomp_set_mode_filter: internal function for setting seccomp filter ++ * @flags: flags to change filter behavior + * @filter: struct sock_fprog containing filter + * + * This function may be called repeatedly to install additional filters. +@@ -527,11 +529,16 @@ out: + * + * Returns 0 on success or -EINVAL on failure. + */ +-static long seccomp_set_mode_filter(char __user *filter) ++static long seccomp_set_mode_filter(unsigned int flags, ++ const char __user *filter) + { + const unsigned long seccomp_mode = SECCOMP_MODE_FILTER; + long ret = -EINVAL; + ++ /* Validate flags. */ ++ if (flags != 0) ++ goto out; ++ + if (!seccomp_may_assign_mode(seccomp_mode)) + goto out; + +@@ -544,12 +551,35 @@ out: + return ret; + } + #else +-static inline long seccomp_set_mode_filter(char __user *filter) ++static inline long seccomp_set_mode_filter(unsigned int flags, ++ const char __user *filter) + { + return -EINVAL; + } + #endif + ++/* Common entry point for both prctl and syscall. */ ++static long do_seccomp(unsigned int op, unsigned int flags, ++ const char __user *uargs) ++{ ++ switch (op) { ++ case SECCOMP_SET_MODE_STRICT: ++ if (flags != 0 || uargs != NULL) ++ return -EINVAL; ++ return seccomp_set_mode_strict(); ++ case SECCOMP_SET_MODE_FILTER: ++ return seccomp_set_mode_filter(flags, uargs); ++ default: ++ return -EINVAL; ++ } ++} ++ ++SYSCALL_DEFINE3(seccomp, unsigned int, op, unsigned int, flags, ++ const char __user *, uargs) ++{ ++ return do_seccomp(op, flags, uargs); ++} ++ + /** + * prctl_set_seccomp: configures current->seccomp.mode + * @seccomp_mode: requested mode to use +@@ -559,12 +589,27 @@ static inline long seccomp_set_mode_filter(char __user *filter) + */ + long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter) + { ++ unsigned int op; ++ char __user *uargs; ++ + switch (seccomp_mode) { + case SECCOMP_MODE_STRICT: +- return seccomp_set_mode_strict(); ++ op = SECCOMP_SET_MODE_STRICT; ++ /* ++ * Setting strict mode through prctl always ignored filter, ++ * so make sure it is always NULL here to pass the internal ++ * check in do_seccomp(). ++ */ ++ uargs = NULL; ++ break; + case SECCOMP_MODE_FILTER: +- return seccomp_set_mode_filter(filter); ++ op = SECCOMP_SET_MODE_FILTER; ++ uargs = filter; ++ break; + default: + return -EINVAL; + } ++ ++ /* prctl interface doesn't have flags, so they are always zero. */ ++ return do_seccomp(op, 0, uargs); + } +diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c +index 489a4e6498c7..1f79e3714533 100644 +--- a/kernel/sys_ni.c ++++ b/kernel/sys_ni.c +@@ -214,3 +214,6 @@ cond_syscall(compat_sys_open_by_handle_at); + + /* compare kernel pointers */ + cond_syscall(sys_kcmp); ++ ++/* operate on Secure Computing state */ ++cond_syscall(sys_seccomp); +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0007-random-introduce-getrandom-2-system-call.patch b/core/linux-odroid-c2/0007-random-introduce-getrandom-2-system-call.patch new file mode 100644 index 000000000..97ff9908d --- /dev/null +++ b/core/linux-odroid-c2/0007-random-introduce-getrandom-2-system-call.patch @@ -0,0 +1,328 @@ +From 086a08b553a9c276154772f717cb586c636d6b49 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Thu, 17 Jul 2014 04:13:05 -0400 +Subject: [PATCH 07/16] random: introduce getrandom(2) system call + +The getrandom(2) system call was requested by the LibreSSL Portable +developers. It is analoguous to the getentropy(2) system call in +OpenBSD. + +The rationale of this system call is to provide resiliance against +file descriptor exhaustion attacks, where the attacker consumes all +available file descriptors, forcing the use of the fallback code where +/dev/[u]random is not available. Since the fallback code is often not +well-tested, it is better to eliminate this potential failure mode +entirely. + +The other feature provided by this new system call is the ability to +request randomness from the /dev/urandom entropy pool, but to block +until at least 128 bits of entropy has been accumulated in the +/dev/urandom entropy pool. Historically, the emphasis in the +/dev/urandom development has been to ensure that urandom pool is +initialized as quickly as possible after system boot, and preferably +before the init scripts start execution. + +This is because changing /dev/urandom reads to block represents an +interface change that could potentially break userspace which is not +acceptable. In practice, on most x86 desktop and server systems, in +general the entropy pool can be initialized before it is needed (and +in modern kernels, we will printk a warning message if not). However, +on an embedded system, this may not be the case. And so with this new +interface, we can provide the functionality of blocking until the +urandom pool has been initialized. Any userspace program which uses +this new functionality must take care to assure that if it is used +during the boot process, that it will not cause the init scripts or +other portions of the system startup to hang indefinitely. + +SYNOPSIS + #include + + int getrandom(void *buf, size_t buflen, unsigned int flags); + +DESCRIPTION + The system call getrandom() fills the buffer pointed to by buf + with up to buflen random bytes which can be used to seed user + space random number generators (i.e., DRBG's) or for other + cryptographic uses. It should not be used for Monte Carlo + simulations or other programs/algorithms which are doing + probabilistic sampling. + + If the GRND_RANDOM flags bit is set, then draw from the + /dev/random pool instead of the /dev/urandom pool. The + /dev/random pool is limited based on the entropy that can be + obtained from environmental noise, so if there is insufficient + entropy, the requested number of bytes may not be returned. + If there is no entropy available at all, getrandom(2) will + either block, or return an error with errno set to EAGAIN if + the GRND_NONBLOCK bit is set in flags. + + If the GRND_RANDOM bit is not set, then the /dev/urandom pool + will be used. Unlike using read(2) to fetch data from + /dev/urandom, if the urandom pool has not been sufficiently + initialized, getrandom(2) will block (or return -1 with the + errno set to EAGAIN if the GRND_NONBLOCK bit is set in flags). + + The getentropy(2) system call in OpenBSD can be emulated using + the following function: + + int getentropy(void *buf, size_t buflen) + { + int ret; + + if (buflen > 256) + goto failure; + ret = getrandom(buf, buflen, 0); + if (ret < 0) + return ret; + if (ret == buflen) + return 0; + failure: + errno = EIO; + return -1; + } + +RETURN VALUE + On success, the number of bytes that was filled in the buf is + returned. This may not be all the bytes requested by the + caller via buflen if insufficient entropy was present in the + /dev/random pool, or if the system call was interrupted by a + signal. + + On error, -1 is returned, and errno is set appropriately. + +ERRORS + EINVAL An invalid flag was passed to getrandom(2) + + EFAULT buf is outside the accessible address space. + + EAGAIN The requested entropy was not available, and + getentropy(2) would have blocked if the + GRND_NONBLOCK flag was not set. + + EINTR While blocked waiting for entropy, the call was + interrupted by a signal handler; see the description + of how interrupted read(2) calls on "slow" devices + are handled with and without the SA_RESTART flag + in the signal(7) man page. + +NOTES + For small requests (buflen <= 256) getrandom(2) will not + return EINTR when reading from the urandom pool once the + entropy pool has been initialized, and it will return all of + the bytes that have been requested. This is the recommended + way to use getrandom(2), and is designed for compatibility + with OpenBSD's getentropy() system call. + + However, if you are using GRND_RANDOM, then getrandom(2) may + block until the entropy accounting determines that sufficient + environmental noise has been gathered such that getrandom(2) + will be operating as a NRBG instead of a DRBG for those people + who are working in the NIST SP 800-90 regime. Since it may + block for a long time, these guarantees do *not* apply. The + user may want to interrupt a hanging process using a signal, + so blocking until all of the requested bytes are returned + would be unfriendly. + + For this reason, the user of getrandom(2) MUST always check + the return value, in case it returns some error, or if fewer + bytes than requested was returned. In the case of + !GRND_RANDOM and small request, the latter should never + happen, but the careful userspace code (and all crypto code + should be careful) should check for this anyway! + + Finally, unless you are doing long-term key generation (and + perhaps not even then), you probably shouldn't be using + GRND_RANDOM. The cryptographic algorithms used for + /dev/urandom are quite conservative, and so should be + sufficient for all purposes. The disadvantage of GRND_RANDOM + is that it can block, and the increased complexity required to + deal with partially fulfilled getrandom(2) requests. + +Signed-off-by: Theodore Ts'o +Reviewed-by: Zach Brown +--- + arch/x86/syscalls/syscall_32.tbl | 1 + + arch/x86/syscalls/syscall_64.tbl | 1 + + drivers/char/random.c | 40 ++++++++++++++++++++++++++++--- + include/linux/syscalls.h | 3 +++ + include/uapi/asm-generic/unistd.h | 3 ++- + include/uapi/linux/random.h | 9 +++++++ + 6 files changed, 53 insertions(+), 4 deletions(-) + +diff --git a/arch/x86/syscalls/syscall_32.tbl b/arch/x86/syscalls/syscall_32.tbl +index cc4c8b448867..617d15fa1d6d 100644 +--- a/arch/x86/syscalls/syscall_32.tbl ++++ b/arch/x86/syscalls/syscall_32.tbl +@@ -361,4 +361,5 @@ + 352 i386 sched_getattr sys_sched_getattr + 353 i386 renameat2 sys_renameat2 + 354 i386 seccomp sys_seccomp ++355 i386 getrandom sys_getrandom + 356 i386 memfd_create sys_memfd_create +diff --git a/arch/x86/syscalls/syscall_64.tbl b/arch/x86/syscalls/syscall_64.tbl +index a22cd271b891..ca2b9aa78c81 100644 +--- a/arch/x86/syscalls/syscall_64.tbl ++++ b/arch/x86/syscalls/syscall_64.tbl +@@ -324,6 +324,7 @@ + 315 common sched_getattr sys_sched_getattr + 316 common renameat2 sys_renameat2 + 317 common seccomp sys_seccomp ++318 common getrandom sys_getrandom + 319 common memfd_create sys_memfd_create + + # +diff --git a/drivers/char/random.c b/drivers/char/random.c +index 692482b7c2fb..5d7e2b1cb09b 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -257,6 +257,8 @@ + #include + #include + #include ++#include ++#include + + #include + #include +@@ -401,6 +403,7 @@ static struct poolinfo { + */ + static DECLARE_WAIT_QUEUE_HEAD(random_read_wait); + static DECLARE_WAIT_QUEUE_HEAD(random_write_wait); ++static DECLARE_WAIT_QUEUE_HEAD(urandom_init_wait); + static struct fasync_struct *fasync; + + /********************************************************************** +@@ -657,6 +660,7 @@ retry: + r->entropy_total = 0; + if (r == &nonblocking_pool) { + prandom_reseed_late(); ++ wake_up_interruptible(&urandom_init_wait); + pr_notice("random: %s pool is initialized\n", r->name); + } + } +@@ -1161,13 +1165,14 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, + { + ssize_t ret = 0, i; + __u8 tmp[EXTRACT_SIZE]; ++ int large_request = (nbytes > 256); + + trace_extract_entropy_user(r->name, nbytes, ENTROPY_BITS(r), _RET_IP_); + xfer_secondary_pool(r, nbytes); + nbytes = account(r, nbytes, 0, 0); + + while (nbytes) { +- if (need_resched()) { ++ if (large_request && need_resched()) { + if (signal_pending(current)) { + if (ret == 0) + ret = -ERESTARTSYS; +@@ -1342,7 +1347,7 @@ static int arch_random_refill(void) + } + + static ssize_t +-random_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) ++_random_read(int nonblock, char __user *buf, size_t nbytes) + { + ssize_t n; + +@@ -1366,7 +1371,7 @@ random_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) + if (arch_random_refill()) + continue; + +- if (file->f_flags & O_NONBLOCK) ++ if (nonblock) + return -EAGAIN; + + wait_event_interruptible(random_read_wait, +@@ -1377,6 +1382,12 @@ random_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) + } + } + ++static ssize_t ++random_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) ++{ ++ return _random_read(file->f_flags & O_NONBLOCK, buf, nbytes); ++} ++ + static ssize_t + urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) + { +@@ -1525,6 +1536,29 @@ const struct file_operations urandom_fops = { + .llseek = noop_llseek, + }; + ++SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, ++ unsigned int, flags) ++{ ++ if (flags & ~(GRND_NONBLOCK|GRND_RANDOM)) ++ return -EINVAL; ++ ++ if (count > INT_MAX) ++ count = INT_MAX; ++ ++ if (flags & GRND_RANDOM) ++ return _random_read(flags & GRND_NONBLOCK, buf, count); ++ ++ if (unlikely(nonblocking_pool.initialized == 0)) { ++ if (flags & GRND_NONBLOCK) ++ return -EAGAIN; ++ wait_event_interruptible(urandom_init_wait, ++ nonblocking_pool.initialized); ++ if (signal_pending(current)) ++ return -ERESTARTSYS; ++ } ++ return urandom_read(NULL, buf, count, NULL); ++} ++ + /*************************************************************** + * Random UUID interface + * +diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h +index 1e6977f03277..8597786ea362 100644 +--- a/include/linux/syscalls.h ++++ b/include/linux/syscalls.h +@@ -866,6 +866,9 @@ asmlinkage long sys_process_vm_writev(pid_t pid, + + asmlinkage long sys_kcmp(pid_t pid1, pid_t pid2, int type, + unsigned long idx1, unsigned long idx2); ++asmlinkage long sys_getrandom(char __user *buf, size_t count, ++ unsigned int flags); ++ + asmlinkage long sys_finit_module(int fd, const char __user *uargs, int flags); + asmlinkage long sys_seccomp(unsigned int op, unsigned int flags, + const char __user *uargs); +diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h +index 4f1d521e0af3..11d11bc5c78f 100644 +--- a/include/uapi/asm-generic/unistd.h ++++ b/include/uapi/asm-generic/unistd.h +@@ -701,7 +701,8 @@ __SYSCALL(__NR_sched_getattr, sys_sched_getattr) + __SYSCALL(__NR_renameat2, sys_renameat2) + #define __NR_seccomp 277 + __SYSCALL(__NR_seccomp, sys_seccomp) +-__SYSCALL(278, sys_ni_syscall) ++#define __NR_getrandom 278 ++__SYSCALL(__NR_getrandom, sys_getrandom) + #define __NR_memfd_create 279 + __SYSCALL(__NR_memfd_create, sys_memfd_create) + +diff --git a/include/uapi/linux/random.h b/include/uapi/linux/random.h +index fff3528a078f..3f93d1695e7f 100644 +--- a/include/uapi/linux/random.h ++++ b/include/uapi/linux/random.h +@@ -40,4 +40,13 @@ struct rand_pool_info { + __u32 buf[0]; + }; + ++/* ++ * Flags for getrandom(2) ++ * ++ * GRND_NONBLOCK Don't block and return EAGAIN instead ++ * GRND_RANDOM Use the /dev/random pool instead of /dev/urandom ++ */ ++#define GRND_NONBLOCK 0x0001 ++#define GRND_RANDOM 0x0002 ++ + #endif /* _UAPI_LINUX_RANDOM_H */ +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0008-Revert-arm64-compat-wire-up-memfd_create-syscall-for.patch b/core/linux-odroid-c2/0008-Revert-arm64-compat-wire-up-memfd_create-syscall-for.patch new file mode 100644 index 000000000..435e89e43 --- /dev/null +++ b/core/linux-odroid-c2/0008-Revert-arm64-compat-wire-up-memfd_create-syscall-for.patch @@ -0,0 +1,31 @@ +From d24768a36614bd5f547a60b9a1c64be707bd3a24 Mon Sep 17 00:00:00 2001 +From: Kevin Mihelich +Date: Sun, 2 Sep 2018 15:57:10 -0600 +Subject: [PATCH 08/16] Revert "arm64: compat: wire up memfd_create syscall for + aarch32" + +This reverts commit 92c47b1c5b173365582c61229e50dd6477b3e8a4. +--- + arch/arm64/include/asm/unistd32.h | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h +index 75eacd239848..c8d8fc17bd5a 100644 +--- a/arch/arm64/include/asm/unistd32.h ++++ b/arch/arm64/include/asm/unistd32.h +@@ -404,11 +404,8 @@ __SYSCALL(379, sys_finit_module) + __SYSCALL(380, sys_sched_setattr) + __SYSCALL(381, sys_sched_getattr) + __SYSCALL(382, sys_renameat2) +-__SYSCALL(383, sys_ni_syscall) /* 383 for seccomp */ +-__SYSCALL(384, sys_ni_syscall) /* 384 for getrandom */ +-__SYSCALL(385, sys_memfd_create) + +-#define __NR_compat_syscalls 386 ++#define __NR_compat_syscalls 383 + + /* + * Compat syscall numbers used by the AArch64 kernel. +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0009-arm64-Add-__NR_-definitions-for-compat-syscalls.patch b/core/linux-odroid-c2/0009-arm64-Add-__NR_-definitions-for-compat-syscalls.patch new file mode 100644 index 000000000..cab2385b8 --- /dev/null +++ b/core/linux-odroid-c2/0009-arm64-Add-__NR_-definitions-for-compat-syscalls.patch @@ -0,0 +1,1280 @@ +From e1309b7f35395eb0db94095e6abbbf25b3a16570 Mon Sep 17 00:00:00 2001 +From: Catalin Marinas +Date: Thu, 30 Jan 2014 17:56:56 +0000 +Subject: [PATCH 09/16] arm64: Add __NR_* definitions for compat syscalls + +This patch adds __NR_* definitions to asm/unistd32.h, moves the +__NR_compat_* definitions to asm/unistd.h and removes all the explicit +unistd32.h includes apart from the one building the compat syscall +table. The aim is to have the compat __NR_* definitions available but +without colliding with the native syscall definitions (required by +lib/compat_audit.c to avoid duplicating the audit header files between +native and compat). + +Signed-off-by: Catalin Marinas +--- + arch/arm64/include/asm/unistd.h | 17 + + arch/arm64/include/asm/unistd32.h | 1166 +++++++++++++++++++---------- + arch/arm64/kernel/entry.S | 1 - + arch/arm64/kernel/kuser32.S | 2 +- + arch/arm64/kernel/signal32.c | 2 +- + arch/arm64/kernel/sys_compat.c | 2 +- + 6 files changed, 786 insertions(+), 404 deletions(-) + +diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h +index e5f47df00c24..4bc95d27e063 100644 +--- a/arch/arm64/include/asm/unistd.h ++++ b/arch/arm64/include/asm/unistd.h +@@ -26,7 +26,24 @@ + #define __ARCH_WANT_COMPAT_SYS_SENDFILE + #define __ARCH_WANT_SYS_FORK + #define __ARCH_WANT_SYS_VFORK ++ ++/* ++ * Compat syscall numbers used by the AArch64 kernel. ++ */ ++#define __NR_compat_restart_syscall 0 ++#define __NR_compat_sigreturn 119 ++#define __NR_compat_rt_sigreturn 173 ++ ++/* ++ * The following SVCs are ARM private. ++ */ ++#define __ARM_NR_COMPAT_BASE 0x0f0000 ++#define __ARM_NR_compat_cacheflush (__ARM_NR_COMPAT_BASE+2) ++#define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE+5) ++ ++#define __NR_compat_syscalls 383 + #endif ++ + #define __ARCH_WANT_SYS_CLONE + #include + +diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h +index c8d8fc17bd5a..e242600c4046 100644 +--- a/arch/arm64/include/asm/unistd32.h ++++ b/arch/arm64/include/asm/unistd32.h +@@ -21,403 +21,769 @@ + #define __SYSCALL(x, y) + #endif + +-__SYSCALL(0, sys_restart_syscall) +-__SYSCALL(1, sys_exit) +-__SYSCALL(2, sys_fork) +-__SYSCALL(3, sys_read) +-__SYSCALL(4, sys_write) +-__SYSCALL(5, compat_sys_open) +-__SYSCALL(6, sys_close) +-__SYSCALL(7, sys_ni_syscall) /* 7 was sys_waitpid */ +-__SYSCALL(8, sys_creat) +-__SYSCALL(9, sys_link) +-__SYSCALL(10, sys_unlink) +-__SYSCALL(11, compat_sys_execve) +-__SYSCALL(12, sys_chdir) +-__SYSCALL(13, sys_ni_syscall) /* 13 was sys_time */ +-__SYSCALL(14, sys_mknod) +-__SYSCALL(15, sys_chmod) +-__SYSCALL(16, sys_lchown16) +-__SYSCALL(17, sys_ni_syscall) /* 17 was sys_break */ +-__SYSCALL(18, sys_ni_syscall) /* 18 was sys_stat */ +-__SYSCALL(19, compat_sys_lseek) +-__SYSCALL(20, sys_getpid) +-__SYSCALL(21, compat_sys_mount) +-__SYSCALL(22, sys_ni_syscall) /* 22 was sys_umount */ +-__SYSCALL(23, sys_setuid16) +-__SYSCALL(24, sys_getuid16) +-__SYSCALL(25, sys_ni_syscall) /* 25 was sys_stime */ +-__SYSCALL(26, compat_sys_ptrace) +-__SYSCALL(27, sys_ni_syscall) /* 27 was sys_alarm */ +-__SYSCALL(28, sys_ni_syscall) /* 28 was sys_fstat */ +-__SYSCALL(29, sys_pause) +-__SYSCALL(30, sys_ni_syscall) /* 30 was sys_utime */ +-__SYSCALL(31, sys_ni_syscall) /* 31 was sys_stty */ +-__SYSCALL(32, sys_ni_syscall) /* 32 was sys_gtty */ +-__SYSCALL(33, sys_access) +-__SYSCALL(34, sys_nice) +-__SYSCALL(35, sys_ni_syscall) /* 35 was sys_ftime */ +-__SYSCALL(36, sys_sync) +-__SYSCALL(37, sys_kill) +-__SYSCALL(38, sys_rename) +-__SYSCALL(39, sys_mkdir) +-__SYSCALL(40, sys_rmdir) +-__SYSCALL(41, sys_dup) +-__SYSCALL(42, sys_pipe) +-__SYSCALL(43, compat_sys_times) +-__SYSCALL(44, sys_ni_syscall) /* 44 was sys_prof */ +-__SYSCALL(45, sys_brk) +-__SYSCALL(46, sys_setgid16) +-__SYSCALL(47, sys_getgid16) +-__SYSCALL(48, sys_ni_syscall) /* 48 was sys_signal */ +-__SYSCALL(49, sys_geteuid16) +-__SYSCALL(50, sys_getegid16) +-__SYSCALL(51, sys_acct) +-__SYSCALL(52, sys_umount) +-__SYSCALL(53, sys_ni_syscall) /* 53 was sys_lock */ +-__SYSCALL(54, compat_sys_ioctl) +-__SYSCALL(55, compat_sys_fcntl) +-__SYSCALL(56, sys_ni_syscall) /* 56 was sys_mpx */ +-__SYSCALL(57, sys_setpgid) +-__SYSCALL(58, sys_ni_syscall) /* 58 was sys_ulimit */ +-__SYSCALL(59, sys_ni_syscall) /* 59 was sys_olduname */ +-__SYSCALL(60, sys_umask) +-__SYSCALL(61, sys_chroot) +-__SYSCALL(62, compat_sys_ustat) +-__SYSCALL(63, sys_dup2) +-__SYSCALL(64, sys_getppid) +-__SYSCALL(65, sys_getpgrp) +-__SYSCALL(66, sys_setsid) +-__SYSCALL(67, compat_sys_sigaction) +-__SYSCALL(68, sys_ni_syscall) /* 68 was sys_sgetmask */ +-__SYSCALL(69, sys_ni_syscall) /* 69 was sys_ssetmask */ +-__SYSCALL(70, sys_setreuid16) +-__SYSCALL(71, sys_setregid16) +-__SYSCALL(72, sys_sigsuspend) +-__SYSCALL(73, compat_sys_sigpending) +-__SYSCALL(74, sys_sethostname) +-__SYSCALL(75, compat_sys_setrlimit) +-__SYSCALL(76, sys_ni_syscall) /* 76 was compat_sys_getrlimit */ +-__SYSCALL(77, compat_sys_getrusage) +-__SYSCALL(78, compat_sys_gettimeofday) +-__SYSCALL(79, compat_sys_settimeofday) +-__SYSCALL(80, sys_getgroups16) +-__SYSCALL(81, sys_setgroups16) +-__SYSCALL(82, sys_ni_syscall) /* 82 was compat_sys_select */ +-__SYSCALL(83, sys_symlink) +-__SYSCALL(84, sys_ni_syscall) /* 84 was sys_lstat */ +-__SYSCALL(85, sys_readlink) +-__SYSCALL(86, sys_uselib) +-__SYSCALL(87, sys_swapon) +-__SYSCALL(88, sys_reboot) +-__SYSCALL(89, sys_ni_syscall) /* 89 was sys_readdir */ +-__SYSCALL(90, sys_ni_syscall) /* 90 was sys_mmap */ +-__SYSCALL(91, sys_munmap) +-__SYSCALL(92, compat_sys_truncate) +-__SYSCALL(93, compat_sys_ftruncate) +-__SYSCALL(94, sys_fchmod) +-__SYSCALL(95, sys_fchown16) +-__SYSCALL(96, sys_getpriority) +-__SYSCALL(97, sys_setpriority) +-__SYSCALL(98, sys_ni_syscall) /* 98 was sys_profil */ +-__SYSCALL(99, compat_sys_statfs) +-__SYSCALL(100, compat_sys_fstatfs) +-__SYSCALL(101, sys_ni_syscall) /* 101 was sys_ioperm */ +-__SYSCALL(102, sys_ni_syscall) /* 102 was sys_socketcall */ +-__SYSCALL(103, sys_syslog) +-__SYSCALL(104, compat_sys_setitimer) +-__SYSCALL(105, compat_sys_getitimer) +-__SYSCALL(106, compat_sys_newstat) +-__SYSCALL(107, compat_sys_newlstat) +-__SYSCALL(108, compat_sys_newfstat) +-__SYSCALL(109, sys_ni_syscall) /* 109 was sys_uname */ +-__SYSCALL(110, sys_ni_syscall) /* 110 was sys_iopl */ +-__SYSCALL(111, sys_vhangup) +-__SYSCALL(112, sys_ni_syscall) /* 112 was sys_idle */ +-__SYSCALL(113, sys_ni_syscall) /* 113 was sys_syscall */ +-__SYSCALL(114, compat_sys_wait4) +-__SYSCALL(115, sys_swapoff) +-__SYSCALL(116, compat_sys_sysinfo) +-__SYSCALL(117, sys_ni_syscall) /* 117 was sys_ipc */ +-__SYSCALL(118, sys_fsync) +-__SYSCALL(119, compat_sys_sigreturn_wrapper) +-__SYSCALL(120, sys_clone) +-__SYSCALL(121, sys_setdomainname) +-__SYSCALL(122, sys_newuname) +-__SYSCALL(123, sys_ni_syscall) /* 123 was sys_modify_ldt */ +-__SYSCALL(124, compat_sys_adjtimex) +-__SYSCALL(125, sys_mprotect) +-__SYSCALL(126, compat_sys_sigprocmask) +-__SYSCALL(127, sys_ni_syscall) /* 127 was sys_create_module */ +-__SYSCALL(128, sys_init_module) +-__SYSCALL(129, sys_delete_module) +-__SYSCALL(130, sys_ni_syscall) /* 130 was sys_get_kernel_syms */ +-__SYSCALL(131, sys_quotactl) +-__SYSCALL(132, sys_getpgid) +-__SYSCALL(133, sys_fchdir) +-__SYSCALL(134, sys_bdflush) +-__SYSCALL(135, sys_sysfs) +-__SYSCALL(136, sys_personality) +-__SYSCALL(137, sys_ni_syscall) /* 137 was sys_afs_syscall */ +-__SYSCALL(138, sys_setfsuid16) +-__SYSCALL(139, sys_setfsgid16) +-__SYSCALL(140, sys_llseek) +-__SYSCALL(141, compat_sys_getdents) +-__SYSCALL(142, compat_sys_select) +-__SYSCALL(143, sys_flock) +-__SYSCALL(144, sys_msync) +-__SYSCALL(145, compat_sys_readv) +-__SYSCALL(146, compat_sys_writev) +-__SYSCALL(147, sys_getsid) +-__SYSCALL(148, sys_fdatasync) +-__SYSCALL(149, compat_sys_sysctl) +-__SYSCALL(150, sys_mlock) +-__SYSCALL(151, sys_munlock) +-__SYSCALL(152, sys_mlockall) +-__SYSCALL(153, sys_munlockall) +-__SYSCALL(154, sys_sched_setparam) +-__SYSCALL(155, sys_sched_getparam) +-__SYSCALL(156, sys_sched_setscheduler) +-__SYSCALL(157, sys_sched_getscheduler) +-__SYSCALL(158, sys_sched_yield) +-__SYSCALL(159, sys_sched_get_priority_max) +-__SYSCALL(160, sys_sched_get_priority_min) +-__SYSCALL(161, compat_sys_sched_rr_get_interval) +-__SYSCALL(162, compat_sys_nanosleep) +-__SYSCALL(163, sys_mremap) +-__SYSCALL(164, sys_setresuid16) +-__SYSCALL(165, sys_getresuid16) +-__SYSCALL(166, sys_ni_syscall) /* 166 was sys_vm86 */ +-__SYSCALL(167, sys_ni_syscall) /* 167 was sys_query_module */ +-__SYSCALL(168, sys_poll) +-__SYSCALL(169, sys_ni_syscall) +-__SYSCALL(170, sys_setresgid16) +-__SYSCALL(171, sys_getresgid16) +-__SYSCALL(172, sys_prctl) +-__SYSCALL(173, compat_sys_rt_sigreturn_wrapper) +-__SYSCALL(174, compat_sys_rt_sigaction) +-__SYSCALL(175, compat_sys_rt_sigprocmask) +-__SYSCALL(176, compat_sys_rt_sigpending) +-__SYSCALL(177, compat_sys_rt_sigtimedwait) +-__SYSCALL(178, compat_sys_rt_sigqueueinfo) +-__SYSCALL(179, compat_sys_rt_sigsuspend) +-__SYSCALL(180, compat_sys_pread64_wrapper) +-__SYSCALL(181, compat_sys_pwrite64_wrapper) +-__SYSCALL(182, sys_chown16) +-__SYSCALL(183, sys_getcwd) +-__SYSCALL(184, sys_capget) +-__SYSCALL(185, sys_capset) +-__SYSCALL(186, compat_sys_sigaltstack) +-__SYSCALL(187, compat_sys_sendfile) +-__SYSCALL(188, sys_ni_syscall) /* 188 reserved */ +-__SYSCALL(189, sys_ni_syscall) /* 189 reserved */ +-__SYSCALL(190, sys_vfork) +-__SYSCALL(191, compat_sys_getrlimit) /* SuS compliant getrlimit */ +-__SYSCALL(192, sys_mmap_pgoff) +-__SYSCALL(193, compat_sys_truncate64_wrapper) +-__SYSCALL(194, compat_sys_ftruncate64_wrapper) +-__SYSCALL(195, sys_stat64) +-__SYSCALL(196, sys_lstat64) +-__SYSCALL(197, sys_fstat64) +-__SYSCALL(198, sys_lchown) +-__SYSCALL(199, sys_getuid) +-__SYSCALL(200, sys_getgid) +-__SYSCALL(201, sys_geteuid) +-__SYSCALL(202, sys_getegid) +-__SYSCALL(203, sys_setreuid) +-__SYSCALL(204, sys_setregid) +-__SYSCALL(205, sys_getgroups) +-__SYSCALL(206, sys_setgroups) +-__SYSCALL(207, sys_fchown) +-__SYSCALL(208, sys_setresuid) +-__SYSCALL(209, sys_getresuid) +-__SYSCALL(210, sys_setresgid) +-__SYSCALL(211, sys_getresgid) +-__SYSCALL(212, sys_chown) +-__SYSCALL(213, sys_setuid) +-__SYSCALL(214, sys_setgid) +-__SYSCALL(215, sys_setfsuid) +-__SYSCALL(216, sys_setfsgid) +-__SYSCALL(217, compat_sys_getdents64) +-__SYSCALL(218, sys_pivot_root) +-__SYSCALL(219, sys_mincore) +-__SYSCALL(220, sys_madvise) +-__SYSCALL(221, compat_sys_fcntl64) +-__SYSCALL(222, sys_ni_syscall) /* 222 for tux */ +-__SYSCALL(223, sys_ni_syscall) /* 223 is unused */ +-__SYSCALL(224, sys_gettid) +-__SYSCALL(225, compat_sys_readahead_wrapper) +-__SYSCALL(226, sys_setxattr) +-__SYSCALL(227, sys_lsetxattr) +-__SYSCALL(228, sys_fsetxattr) +-__SYSCALL(229, sys_getxattr) +-__SYSCALL(230, sys_lgetxattr) +-__SYSCALL(231, sys_fgetxattr) +-__SYSCALL(232, sys_listxattr) +-__SYSCALL(233, sys_llistxattr) +-__SYSCALL(234, sys_flistxattr) +-__SYSCALL(235, sys_removexattr) +-__SYSCALL(236, sys_lremovexattr) +-__SYSCALL(237, sys_fremovexattr) +-__SYSCALL(238, sys_tkill) +-__SYSCALL(239, sys_sendfile64) +-__SYSCALL(240, compat_sys_futex) +-__SYSCALL(241, compat_sys_sched_setaffinity) +-__SYSCALL(242, compat_sys_sched_getaffinity) +-__SYSCALL(243, compat_sys_io_setup) +-__SYSCALL(244, sys_io_destroy) +-__SYSCALL(245, compat_sys_io_getevents) +-__SYSCALL(246, compat_sys_io_submit) +-__SYSCALL(247, sys_io_cancel) +-__SYSCALL(248, sys_exit_group) +-__SYSCALL(249, compat_sys_lookup_dcookie) +-__SYSCALL(250, sys_epoll_create) +-__SYSCALL(251, sys_epoll_ctl) +-__SYSCALL(252, sys_epoll_wait) +-__SYSCALL(253, sys_remap_file_pages) +-__SYSCALL(254, sys_ni_syscall) /* 254 for set_thread_area */ +-__SYSCALL(255, sys_ni_syscall) /* 255 for get_thread_area */ +-__SYSCALL(256, sys_set_tid_address) +-__SYSCALL(257, compat_sys_timer_create) +-__SYSCALL(258, compat_sys_timer_settime) +-__SYSCALL(259, compat_sys_timer_gettime) +-__SYSCALL(260, sys_timer_getoverrun) +-__SYSCALL(261, sys_timer_delete) +-__SYSCALL(262, compat_sys_clock_settime) +-__SYSCALL(263, compat_sys_clock_gettime) +-__SYSCALL(264, compat_sys_clock_getres) +-__SYSCALL(265, compat_sys_clock_nanosleep) +-__SYSCALL(266, compat_sys_statfs64_wrapper) +-__SYSCALL(267, compat_sys_fstatfs64_wrapper) +-__SYSCALL(268, sys_tgkill) +-__SYSCALL(269, compat_sys_utimes) +-__SYSCALL(270, compat_sys_fadvise64_64_wrapper) +-__SYSCALL(271, sys_pciconfig_iobase) +-__SYSCALL(272, sys_pciconfig_read) +-__SYSCALL(273, sys_pciconfig_write) +-__SYSCALL(274, compat_sys_mq_open) +-__SYSCALL(275, sys_mq_unlink) +-__SYSCALL(276, compat_sys_mq_timedsend) +-__SYSCALL(277, compat_sys_mq_timedreceive) +-__SYSCALL(278, compat_sys_mq_notify) +-__SYSCALL(279, compat_sys_mq_getsetattr) +-__SYSCALL(280, compat_sys_waitid) +-__SYSCALL(281, sys_socket) +-__SYSCALL(282, sys_bind) +-__SYSCALL(283, sys_connect) +-__SYSCALL(284, sys_listen) +-__SYSCALL(285, sys_accept) +-__SYSCALL(286, sys_getsockname) +-__SYSCALL(287, sys_getpeername) +-__SYSCALL(288, sys_socketpair) +-__SYSCALL(289, sys_send) +-__SYSCALL(290, sys_sendto) +-__SYSCALL(291, compat_sys_recv) +-__SYSCALL(292, compat_sys_recvfrom) +-__SYSCALL(293, sys_shutdown) +-__SYSCALL(294, compat_sys_setsockopt) +-__SYSCALL(295, compat_sys_getsockopt) +-__SYSCALL(296, compat_sys_sendmsg) +-__SYSCALL(297, compat_sys_recvmsg) +-__SYSCALL(298, sys_semop) +-__SYSCALL(299, sys_semget) +-__SYSCALL(300, compat_sys_semctl) +-__SYSCALL(301, compat_sys_msgsnd) +-__SYSCALL(302, compat_sys_msgrcv) +-__SYSCALL(303, sys_msgget) +-__SYSCALL(304, compat_sys_msgctl) +-__SYSCALL(305, compat_sys_shmat) +-__SYSCALL(306, sys_shmdt) +-__SYSCALL(307, sys_shmget) +-__SYSCALL(308, compat_sys_shmctl) +-__SYSCALL(309, sys_add_key) +-__SYSCALL(310, sys_request_key) +-__SYSCALL(311, compat_sys_keyctl) +-__SYSCALL(312, compat_sys_semtimedop) +-__SYSCALL(313, sys_ni_syscall) +-__SYSCALL(314, sys_ioprio_set) +-__SYSCALL(315, sys_ioprio_get) +-__SYSCALL(316, sys_inotify_init) +-__SYSCALL(317, sys_inotify_add_watch) +-__SYSCALL(318, sys_inotify_rm_watch) +-__SYSCALL(319, compat_sys_mbind) +-__SYSCALL(320, compat_sys_get_mempolicy) +-__SYSCALL(321, compat_sys_set_mempolicy) +-__SYSCALL(322, compat_sys_openat) +-__SYSCALL(323, sys_mkdirat) +-__SYSCALL(324, sys_mknodat) +-__SYSCALL(325, sys_fchownat) +-__SYSCALL(326, compat_sys_futimesat) +-__SYSCALL(327, sys_fstatat64) +-__SYSCALL(328, sys_unlinkat) +-__SYSCALL(329, sys_renameat) +-__SYSCALL(330, sys_linkat) +-__SYSCALL(331, sys_symlinkat) +-__SYSCALL(332, sys_readlinkat) +-__SYSCALL(333, sys_fchmodat) +-__SYSCALL(334, sys_faccessat) +-__SYSCALL(335, compat_sys_pselect6) +-__SYSCALL(336, compat_sys_ppoll) +-__SYSCALL(337, sys_unshare) +-__SYSCALL(338, compat_sys_set_robust_list) +-__SYSCALL(339, compat_sys_get_robust_list) +-__SYSCALL(340, sys_splice) +-__SYSCALL(341, compat_sys_sync_file_range2_wrapper) +-__SYSCALL(342, sys_tee) +-__SYSCALL(343, compat_sys_vmsplice) +-__SYSCALL(344, compat_sys_move_pages) +-__SYSCALL(345, sys_getcpu) +-__SYSCALL(346, compat_sys_epoll_pwait) +-__SYSCALL(347, compat_sys_kexec_load) +-__SYSCALL(348, compat_sys_utimensat) +-__SYSCALL(349, compat_sys_signalfd) +-__SYSCALL(350, sys_timerfd_create) +-__SYSCALL(351, sys_eventfd) +-__SYSCALL(352, compat_sys_fallocate_wrapper) +-__SYSCALL(353, compat_sys_timerfd_settime) +-__SYSCALL(354, compat_sys_timerfd_gettime) +-__SYSCALL(355, compat_sys_signalfd4) +-__SYSCALL(356, sys_eventfd2) +-__SYSCALL(357, sys_epoll_create1) +-__SYSCALL(358, sys_dup3) +-__SYSCALL(359, sys_pipe2) +-__SYSCALL(360, sys_inotify_init1) +-__SYSCALL(361, compat_sys_preadv) +-__SYSCALL(362, compat_sys_pwritev) +-__SYSCALL(363, compat_sys_rt_tgsigqueueinfo) +-__SYSCALL(364, sys_perf_event_open) +-__SYSCALL(365, compat_sys_recvmmsg) +-__SYSCALL(366, sys_accept4) +-__SYSCALL(367, sys_fanotify_init) +-__SYSCALL(368, compat_sys_fanotify_mark) +-__SYSCALL(369, sys_prlimit64) +-__SYSCALL(370, sys_name_to_handle_at) +-__SYSCALL(371, compat_sys_open_by_handle_at) +-__SYSCALL(372, compat_sys_clock_adjtime) +-__SYSCALL(373, sys_syncfs) +-__SYSCALL(374, compat_sys_sendmmsg) +-__SYSCALL(375, sys_setns) +-__SYSCALL(376, compat_sys_process_vm_readv) +-__SYSCALL(377, compat_sys_process_vm_writev) +-__SYSCALL(378, sys_kcmp) +-__SYSCALL(379, sys_finit_module) +-__SYSCALL(380, sys_sched_setattr) +-__SYSCALL(381, sys_sched_getattr) +-__SYSCALL(382, sys_renameat2) +- +-#define __NR_compat_syscalls 383 +- +-/* +- * Compat syscall numbers used by the AArch64 kernel. +- */ +-#define __NR_compat_restart_syscall 0 +-#define __NR_compat_sigreturn 119 +-#define __NR_compat_rt_sigreturn 173 +- +- +-/* +- * The following SVCs are ARM private. +- */ +-#define __ARM_NR_COMPAT_BASE 0x0f0000 +-#define __ARM_NR_compat_cacheflush (__ARM_NR_COMPAT_BASE+2) +-#define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE+5) ++#define __NR_restart_syscall 0 ++__SYSCALL(__NR_restart_syscall, sys_restart_syscall) ++#define __NR_exit 1 ++__SYSCALL(__NR_exit, sys_exit) ++#define __NR_fork 2 ++__SYSCALL(__NR_fork, sys_fork) ++#define __NR_read 3 ++__SYSCALL(__NR_read, sys_read) ++#define __NR_write 4 ++__SYSCALL(__NR_write, sys_write) ++#define __NR_open 5 ++__SYSCALL(__NR_open, compat_sys_open) ++#define __NR_close 6 ++__SYSCALL(__NR_close, sys_close) ++ /* 7 was sys_waitpid */ ++__SYSCALL(7, sys_ni_syscall) ++#define __NR_creat 8 ++__SYSCALL(__NR_creat, sys_creat) ++#define __NR_link 9 ++__SYSCALL(__NR_link, sys_link) ++#define __NR_unlink 10 ++__SYSCALL(__NR_unlink, sys_unlink) ++#define __NR_execve 11 ++__SYSCALL(__NR_execve, compat_sys_execve) ++#define __NR_chdir 12 ++__SYSCALL(__NR_chdir, sys_chdir) ++ /* 13 was sys_time */ ++__SYSCALL(13, sys_ni_syscall) ++#define __NR_mknod 14 ++__SYSCALL(__NR_mknod, sys_mknod) ++#define __NR_chmod 15 ++__SYSCALL(__NR_chmod, sys_chmod) ++#define __NR_lchown 16 ++__SYSCALL(__NR_lchown, sys_lchown16) ++ /* 17 was sys_break */ ++__SYSCALL(17, sys_ni_syscall) ++ /* 18 was sys_stat */ ++__SYSCALL(18, sys_ni_syscall) ++#define __NR_lseek 19 ++__SYSCALL(__NR_lseek, compat_sys_lseek) ++#define __NR_getpid 20 ++__SYSCALL(__NR_getpid, sys_getpid) ++#define __NR_mount 21 ++__SYSCALL(__NR_mount, compat_sys_mount) ++ /* 22 was sys_umount */ ++__SYSCALL(22, sys_ni_syscall) ++#define __NR_setuid 23 ++__SYSCALL(__NR_setuid, sys_setuid16) ++#define __NR_getuid 24 ++__SYSCALL(__NR_getuid, sys_getuid16) ++ /* 25 was sys_stime */ ++__SYSCALL(25, sys_ni_syscall) ++#define __NR_ptrace 26 ++__SYSCALL(__NR_ptrace, compat_sys_ptrace) ++ /* 27 was sys_alarm */ ++__SYSCALL(27, sys_ni_syscall) ++ /* 28 was sys_fstat */ ++__SYSCALL(28, sys_ni_syscall) ++#define __NR_pause 29 ++__SYSCALL(__NR_pause, sys_pause) ++ /* 30 was sys_utime */ ++__SYSCALL(30, sys_ni_syscall) ++ /* 31 was sys_stty */ ++__SYSCALL(31, sys_ni_syscall) ++ /* 32 was sys_gtty */ ++__SYSCALL(32, sys_ni_syscall) ++#define __NR_access 33 ++__SYSCALL(__NR_access, sys_access) ++#define __NR_nice 34 ++__SYSCALL(__NR_nice, sys_nice) ++ /* 35 was sys_ftime */ ++__SYSCALL(35, sys_ni_syscall) ++#define __NR_sync 36 ++__SYSCALL(__NR_sync, sys_sync) ++#define __NR_kill 37 ++__SYSCALL(__NR_kill, sys_kill) ++#define __NR_rename 38 ++__SYSCALL(__NR_rename, sys_rename) ++#define __NR_mkdir 39 ++__SYSCALL(__NR_mkdir, sys_mkdir) ++#define __NR_rmdir 40 ++__SYSCALL(__NR_rmdir, sys_rmdir) ++#define __NR_dup 41 ++__SYSCALL(__NR_dup, sys_dup) ++#define __NR_pipe 42 ++__SYSCALL(__NR_pipe, sys_pipe) ++#define __NR_times 43 ++__SYSCALL(__NR_times, compat_sys_times) ++ /* 44 was sys_prof */ ++__SYSCALL(44, sys_ni_syscall) ++#define __NR_brk 45 ++__SYSCALL(__NR_brk, sys_brk) ++#define __NR_setgid 46 ++__SYSCALL(__NR_setgid, sys_setgid16) ++#define __NR_getgid 47 ++__SYSCALL(__NR_getgid, sys_getgid16) ++ /* 48 was sys_signal */ ++__SYSCALL(48, sys_ni_syscall) ++#define __NR_geteuid 49 ++__SYSCALL(__NR_geteuid, sys_geteuid16) ++#define __NR_getegid 50 ++__SYSCALL(__NR_getegid, sys_getegid16) ++#define __NR_acct 51 ++__SYSCALL(__NR_acct, sys_acct) ++#define __NR_umount2 52 ++__SYSCALL(__NR_umount2, sys_umount) ++ /* 53 was sys_lock */ ++__SYSCALL(53, sys_ni_syscall) ++#define __NR_ioctl 54 ++__SYSCALL(__NR_ioctl, compat_sys_ioctl) ++#define __NR_fcntl 55 ++__SYSCALL(__NR_fcntl, compat_sys_fcntl) ++ /* 56 was sys_mpx */ ++__SYSCALL(56, sys_ni_syscall) ++#define __NR_setpgid 57 ++__SYSCALL(__NR_setpgid, sys_setpgid) ++ /* 58 was sys_ulimit */ ++__SYSCALL(58, sys_ni_syscall) ++ /* 59 was sys_olduname */ ++__SYSCALL(59, sys_ni_syscall) ++#define __NR_umask 60 ++__SYSCALL(__NR_umask, sys_umask) ++#define __NR_chroot 61 ++__SYSCALL(__NR_chroot, sys_chroot) ++#define __NR_ustat 62 ++__SYSCALL(__NR_ustat, compat_sys_ustat) ++#define __NR_dup2 63 ++__SYSCALL(__NR_dup2, sys_dup2) ++#define __NR_getppid 64 ++__SYSCALL(__NR_getppid, sys_getppid) ++#define __NR_getpgrp 65 ++__SYSCALL(__NR_getpgrp, sys_getpgrp) ++#define __NR_setsid 66 ++__SYSCALL(__NR_setsid, sys_setsid) ++#define __NR_sigaction 67 ++__SYSCALL(__NR_sigaction, compat_sys_sigaction) ++ /* 68 was sys_sgetmask */ ++__SYSCALL(68, sys_ni_syscall) ++ /* 69 was sys_ssetmask */ ++__SYSCALL(69, sys_ni_syscall) ++#define __NR_setreuid 70 ++__SYSCALL(__NR_setreuid, sys_setreuid16) ++#define __NR_setregid 71 ++__SYSCALL(__NR_setregid, sys_setregid16) ++#define __NR_sigsuspend 72 ++__SYSCALL(__NR_sigsuspend, sys_sigsuspend) ++#define __NR_sigpending 73 ++__SYSCALL(__NR_sigpending, compat_sys_sigpending) ++#define __NR_sethostname 74 ++__SYSCALL(__NR_sethostname, sys_sethostname) ++#define __NR_setrlimit 75 ++__SYSCALL(__NR_setrlimit, compat_sys_setrlimit) ++ /* 76 was compat_sys_getrlimit */ ++__SYSCALL(76, sys_ni_syscall) ++#define __NR_getrusage 77 ++__SYSCALL(__NR_getrusage, compat_sys_getrusage) ++#define __NR_gettimeofday 78 ++__SYSCALL(__NR_gettimeofday, compat_sys_gettimeofday) ++#define __NR_settimeofday 79 ++__SYSCALL(__NR_settimeofday, compat_sys_settimeofday) ++#define __NR_getgroups 80 ++__SYSCALL(__NR_getgroups, sys_getgroups16) ++#define __NR_setgroups 81 ++__SYSCALL(__NR_setgroups, sys_setgroups16) ++ /* 82 was compat_sys_select */ ++__SYSCALL(82, sys_ni_syscall) ++#define __NR_symlink 83 ++__SYSCALL(__NR_symlink, sys_symlink) ++ /* 84 was sys_lstat */ ++__SYSCALL(84, sys_ni_syscall) ++#define __NR_readlink 85 ++__SYSCALL(__NR_readlink, sys_readlink) ++#define __NR_uselib 86 ++__SYSCALL(__NR_uselib, sys_uselib) ++#define __NR_swapon 87 ++__SYSCALL(__NR_swapon, sys_swapon) ++#define __NR_reboot 88 ++__SYSCALL(__NR_reboot, sys_reboot) ++ /* 89 was sys_readdir */ ++__SYSCALL(89, sys_ni_syscall) ++ /* 90 was sys_mmap */ ++__SYSCALL(90, sys_ni_syscall) ++#define __NR_munmap 91 ++__SYSCALL(__NR_munmap, sys_munmap) ++#define __NR_truncate 92 ++__SYSCALL(__NR_truncate, compat_sys_truncate) ++#define __NR_ftruncate 93 ++__SYSCALL(__NR_ftruncate, compat_sys_ftruncate) ++#define __NR_fchmod 94 ++__SYSCALL(__NR_fchmod, sys_fchmod) ++#define __NR_fchown 95 ++__SYSCALL(__NR_fchown, sys_fchown16) ++#define __NR_getpriority 96 ++__SYSCALL(__NR_getpriority, sys_getpriority) ++#define __NR_setpriority 97 ++__SYSCALL(__NR_setpriority, sys_setpriority) ++ /* 98 was sys_profil */ ++__SYSCALL(98, sys_ni_syscall) ++#define __NR_statfs 99 ++__SYSCALL(__NR_statfs, compat_sys_statfs) ++#define __NR_fstatfs 100 ++__SYSCALL(__NR_fstatfs, compat_sys_fstatfs) ++ /* 101 was sys_ioperm */ ++__SYSCALL(101, sys_ni_syscall) ++ /* 102 was sys_socketcall */ ++__SYSCALL(102, sys_ni_syscall) ++#define __NR_syslog 103 ++__SYSCALL(__NR_syslog, sys_syslog) ++#define __NR_setitimer 104 ++__SYSCALL(__NR_setitimer, compat_sys_setitimer) ++#define __NR_getitimer 105 ++__SYSCALL(__NR_getitimer, compat_sys_getitimer) ++#define __NR_stat 106 ++__SYSCALL(__NR_stat, compat_sys_newstat) ++#define __NR_lstat 107 ++__SYSCALL(__NR_lstat, compat_sys_newlstat) ++#define __NR_fstat 108 ++__SYSCALL(__NR_fstat, compat_sys_newfstat) ++ /* 109 was sys_uname */ ++__SYSCALL(109, sys_ni_syscall) ++ /* 110 was sys_iopl */ ++__SYSCALL(110, sys_ni_syscall) ++#define __NR_vhangup 111 ++__SYSCALL(__NR_vhangup, sys_vhangup) ++ /* 112 was sys_idle */ ++__SYSCALL(112, sys_ni_syscall) ++ /* 113 was sys_syscall */ ++__SYSCALL(113, sys_ni_syscall) ++#define __NR_wait4 114 ++__SYSCALL(__NR_wait4, compat_sys_wait4) ++#define __NR_swapoff 115 ++__SYSCALL(__NR_swapoff, sys_swapoff) ++#define __NR_sysinfo 116 ++__SYSCALL(__NR_sysinfo, compat_sys_sysinfo) ++ /* 117 was sys_ipc */ ++__SYSCALL(117, sys_ni_syscall) ++#define __NR_fsync 118 ++__SYSCALL(__NR_fsync, sys_fsync) ++#define __NR_sigreturn 119 ++__SYSCALL(__NR_sigreturn, compat_sys_sigreturn_wrapper) ++#define __NR_clone 120 ++__SYSCALL(__NR_clone, sys_clone) ++#define __NR_setdomainname 121 ++__SYSCALL(__NR_setdomainname, sys_setdomainname) ++#define __NR_uname 122 ++__SYSCALL(__NR_uname, sys_newuname) ++ /* 123 was sys_modify_ldt */ ++__SYSCALL(123, sys_ni_syscall) ++#define __NR_adjtimex 124 ++__SYSCALL(__NR_adjtimex, compat_sys_adjtimex) ++#define __NR_mprotect 125 ++__SYSCALL(__NR_mprotect, sys_mprotect) ++#define __NR_sigprocmask 126 ++__SYSCALL(__NR_sigprocmask, compat_sys_sigprocmask) ++ /* 127 was sys_create_module */ ++__SYSCALL(127, sys_ni_syscall) ++#define __NR_init_module 128 ++__SYSCALL(__NR_init_module, sys_init_module) ++#define __NR_delete_module 129 ++__SYSCALL(__NR_delete_module, sys_delete_module) ++ /* 130 was sys_get_kernel_syms */ ++__SYSCALL(130, sys_ni_syscall) ++#define __NR_quotactl 131 ++__SYSCALL(__NR_quotactl, sys_quotactl) ++#define __NR_getpgid 132 ++__SYSCALL(__NR_getpgid, sys_getpgid) ++#define __NR_fchdir 133 ++__SYSCALL(__NR_fchdir, sys_fchdir) ++#define __NR_bdflush 134 ++__SYSCALL(__NR_bdflush, sys_bdflush) ++#define __NR_sysfs 135 ++__SYSCALL(__NR_sysfs, sys_sysfs) ++#define __NR_personality 136 ++__SYSCALL(__NR_personality, sys_personality) ++ /* 137 was sys_afs_syscall */ ++__SYSCALL(137, sys_ni_syscall) ++#define __NR_setfsuid 138 ++__SYSCALL(__NR_setfsuid, sys_setfsuid16) ++#define __NR_setfsgid 139 ++__SYSCALL(__NR_setfsgid, sys_setfsgid16) ++#define __NR__llseek 140 ++__SYSCALL(__NR__llseek, sys_llseek) ++#define __NR_getdents 141 ++__SYSCALL(__NR_getdents, compat_sys_getdents) ++#define __NR__newselect 142 ++__SYSCALL(__NR__newselect, compat_sys_select) ++#define __NR_flock 143 ++__SYSCALL(__NR_flock, sys_flock) ++#define __NR_msync 144 ++__SYSCALL(__NR_msync, sys_msync) ++#define __NR_readv 145 ++__SYSCALL(__NR_readv, compat_sys_readv) ++#define __NR_writev 146 ++__SYSCALL(__NR_writev, compat_sys_writev) ++#define __NR_getsid 147 ++__SYSCALL(__NR_getsid, sys_getsid) ++#define __NR_fdatasync 148 ++__SYSCALL(__NR_fdatasync, sys_fdatasync) ++#define __NR__sysctl 149 ++__SYSCALL(__NR__sysctl, compat_sys_sysctl) ++#define __NR_mlock 150 ++__SYSCALL(__NR_mlock, sys_mlock) ++#define __NR_munlock 151 ++__SYSCALL(__NR_munlock, sys_munlock) ++#define __NR_mlockall 152 ++__SYSCALL(__NR_mlockall, sys_mlockall) ++#define __NR_munlockall 153 ++__SYSCALL(__NR_munlockall, sys_munlockall) ++#define __NR_sched_setparam 154 ++__SYSCALL(__NR_sched_setparam, sys_sched_setparam) ++#define __NR_sched_getparam 155 ++__SYSCALL(__NR_sched_getparam, sys_sched_getparam) ++#define __NR_sched_setscheduler 156 ++__SYSCALL(__NR_sched_setscheduler, sys_sched_setscheduler) ++#define __NR_sched_getscheduler 157 ++__SYSCALL(__NR_sched_getscheduler, sys_sched_getscheduler) ++#define __NR_sched_yield 158 ++__SYSCALL(__NR_sched_yield, sys_sched_yield) ++#define __NR_sched_get_priority_max 159 ++__SYSCALL(__NR_sched_get_priority_max, sys_sched_get_priority_max) ++#define __NR_sched_get_priority_min 160 ++__SYSCALL(__NR_sched_get_priority_min, sys_sched_get_priority_min) ++#define __NR_sched_rr_get_interval 161 ++__SYSCALL(__NR_sched_rr_get_interval, compat_sys_sched_rr_get_interval) ++#define __NR_nanosleep 162 ++__SYSCALL(__NR_nanosleep, compat_sys_nanosleep) ++#define __NR_mremap 163 ++__SYSCALL(__NR_mremap, sys_mremap) ++#define __NR_setresuid 164 ++__SYSCALL(__NR_setresuid, sys_setresuid16) ++#define __NR_getresuid 165 ++__SYSCALL(__NR_getresuid, sys_getresuid16) ++ /* 166 was sys_vm86 */ ++__SYSCALL(166, sys_ni_syscall) ++ /* 167 was sys_query_module */ ++__SYSCALL(167, sys_ni_syscall) ++#define __NR_poll 168 ++__SYSCALL(__NR_poll, sys_poll) ++#define __NR_nfsservctl 169 ++__SYSCALL(__NR_nfsservctl, sys_ni_syscall) ++#define __NR_setresgid 170 ++__SYSCALL(__NR_setresgid, sys_setresgid16) ++#define __NR_getresgid 171 ++__SYSCALL(__NR_getresgid, sys_getresgid16) ++#define __NR_prctl 172 ++__SYSCALL(__NR_prctl, sys_prctl) ++#define __NR_rt_sigreturn 173 ++__SYSCALL(__NR_rt_sigreturn, compat_sys_rt_sigreturn_wrapper) ++#define __NR_rt_sigaction 174 ++__SYSCALL(__NR_rt_sigaction, compat_sys_rt_sigaction) ++#define __NR_rt_sigprocmask 175 ++__SYSCALL(__NR_rt_sigprocmask, compat_sys_rt_sigprocmask) ++#define __NR_rt_sigpending 176 ++__SYSCALL(__NR_rt_sigpending, compat_sys_rt_sigpending) ++#define __NR_rt_sigtimedwait 177 ++__SYSCALL(__NR_rt_sigtimedwait, compat_sys_rt_sigtimedwait) ++#define __NR_rt_sigqueueinfo 178 ++__SYSCALL(__NR_rt_sigqueueinfo, compat_sys_rt_sigqueueinfo) ++#define __NR_rt_sigsuspend 179 ++__SYSCALL(__NR_rt_sigsuspend, compat_sys_rt_sigsuspend) ++#define __NR_pread64 180 ++__SYSCALL(__NR_pread64, compat_sys_pread64_wrapper) ++#define __NR_pwrite64 181 ++__SYSCALL(__NR_pwrite64, compat_sys_pwrite64_wrapper) ++#define __NR_chown 182 ++__SYSCALL(__NR_chown, sys_chown16) ++#define __NR_getcwd 183 ++__SYSCALL(__NR_getcwd, sys_getcwd) ++#define __NR_capget 184 ++__SYSCALL(__NR_capget, sys_capget) ++#define __NR_capset 185 ++__SYSCALL(__NR_capset, sys_capset) ++#define __NR_sigaltstack 186 ++__SYSCALL(__NR_sigaltstack, compat_sys_sigaltstack) ++#define __NR_sendfile 187 ++__SYSCALL(__NR_sendfile, compat_sys_sendfile) ++ /* 188 reserved */ ++__SYSCALL(188, sys_ni_syscall) ++ /* 189 reserved */ ++__SYSCALL(189, sys_ni_syscall) ++#define __NR_vfork 190 ++__SYSCALL(__NR_vfork, sys_vfork) ++#define __NR_ugetrlimit 191 /* SuS compliant getrlimit */ ++__SYSCALL(__NR_ugetrlimit, compat_sys_getrlimit) /* SuS compliant getrlimit */ ++#define __NR_mmap2 192 ++__SYSCALL(__NR_mmap2, sys_mmap_pgoff) ++#define __NR_truncate64 193 ++__SYSCALL(__NR_truncate64, compat_sys_truncate64_wrapper) ++#define __NR_ftruncate64 194 ++__SYSCALL(__NR_ftruncate64, compat_sys_ftruncate64_wrapper) ++#define __NR_stat64 195 ++__SYSCALL(__NR_stat64, sys_stat64) ++#define __NR_lstat64 196 ++__SYSCALL(__NR_lstat64, sys_lstat64) ++#define __NR_fstat64 197 ++__SYSCALL(__NR_fstat64, sys_fstat64) ++#define __NR_lchown32 198 ++__SYSCALL(__NR_lchown32, sys_lchown) ++#define __NR_getuid32 199 ++__SYSCALL(__NR_getuid32, sys_getuid) ++#define __NR_getgid32 200 ++__SYSCALL(__NR_getgid32, sys_getgid) ++#define __NR_geteuid32 201 ++__SYSCALL(__NR_geteuid32, sys_geteuid) ++#define __NR_getegid32 202 ++__SYSCALL(__NR_getegid32, sys_getegid) ++#define __NR_setreuid32 203 ++__SYSCALL(__NR_setreuid32, sys_setreuid) ++#define __NR_setregid32 204 ++__SYSCALL(__NR_setregid32, sys_setregid) ++#define __NR_getgroups32 205 ++__SYSCALL(__NR_getgroups32, sys_getgroups) ++#define __NR_setgroups32 206 ++__SYSCALL(__NR_setgroups32, sys_setgroups) ++#define __NR_fchown32 207 ++__SYSCALL(__NR_fchown32, sys_fchown) ++#define __NR_setresuid32 208 ++__SYSCALL(__NR_setresuid32, sys_setresuid) ++#define __NR_getresuid32 209 ++__SYSCALL(__NR_getresuid32, sys_getresuid) ++#define __NR_setresgid32 210 ++__SYSCALL(__NR_setresgid32, sys_setresgid) ++#define __NR_getresgid32 211 ++__SYSCALL(__NR_getresgid32, sys_getresgid) ++#define __NR_chown32 212 ++__SYSCALL(__NR_chown32, sys_chown) ++#define __NR_setuid32 213 ++__SYSCALL(__NR_setuid32, sys_setuid) ++#define __NR_setgid32 214 ++__SYSCALL(__NR_setgid32, sys_setgid) ++#define __NR_setfsuid32 215 ++__SYSCALL(__NR_setfsuid32, sys_setfsuid) ++#define __NR_setfsgid32 216 ++__SYSCALL(__NR_setfsgid32, sys_setfsgid) ++#define __NR_getdents64 217 ++__SYSCALL(__NR_getdents64, compat_sys_getdents64) ++#define __NR_pivot_root 218 ++__SYSCALL(__NR_pivot_root, sys_pivot_root) ++#define __NR_mincore 219 ++__SYSCALL(__NR_mincore, sys_mincore) ++#define __NR_madvise 220 ++__SYSCALL(__NR_madvise, sys_madvise) ++#define __NR_fcntl64 221 ++__SYSCALL(__NR_fcntl64, compat_sys_fcntl64) ++ /* 222 for tux */ ++__SYSCALL(222, sys_ni_syscall) ++ /* 223 is unused */ ++__SYSCALL(223, sys_ni_syscall) ++#define __NR_gettid 224 ++__SYSCALL(__NR_gettid, sys_gettid) ++#define __NR_readahead 225 ++__SYSCALL(__NR_readahead, compat_sys_readahead_wrapper) ++#define __NR_setxattr 226 ++__SYSCALL(__NR_setxattr, sys_setxattr) ++#define __NR_lsetxattr 227 ++__SYSCALL(__NR_lsetxattr, sys_lsetxattr) ++#define __NR_fsetxattr 228 ++__SYSCALL(__NR_fsetxattr, sys_fsetxattr) ++#define __NR_getxattr 229 ++__SYSCALL(__NR_getxattr, sys_getxattr) ++#define __NR_lgetxattr 230 ++__SYSCALL(__NR_lgetxattr, sys_lgetxattr) ++#define __NR_fgetxattr 231 ++__SYSCALL(__NR_fgetxattr, sys_fgetxattr) ++#define __NR_listxattr 232 ++__SYSCALL(__NR_listxattr, sys_listxattr) ++#define __NR_llistxattr 233 ++__SYSCALL(__NR_llistxattr, sys_llistxattr) ++#define __NR_flistxattr 234 ++__SYSCALL(__NR_flistxattr, sys_flistxattr) ++#define __NR_removexattr 235 ++__SYSCALL(__NR_removexattr, sys_removexattr) ++#define __NR_lremovexattr 236 ++__SYSCALL(__NR_lremovexattr, sys_lremovexattr) ++#define __NR_fremovexattr 237 ++__SYSCALL(__NR_fremovexattr, sys_fremovexattr) ++#define __NR_tkill 238 ++__SYSCALL(__NR_tkill, sys_tkill) ++#define __NR_sendfile64 239 ++__SYSCALL(__NR_sendfile64, sys_sendfile64) ++#define __NR_futex 240 ++__SYSCALL(__NR_futex, compat_sys_futex) ++#define __NR_sched_setaffinity 241 ++__SYSCALL(__NR_sched_setaffinity, compat_sys_sched_setaffinity) ++#define __NR_sched_getaffinity 242 ++__SYSCALL(__NR_sched_getaffinity, compat_sys_sched_getaffinity) ++#define __NR_io_setup 243 ++__SYSCALL(__NR_io_setup, compat_sys_io_setup) ++#define __NR_io_destroy 244 ++__SYSCALL(__NR_io_destroy, sys_io_destroy) ++#define __NR_io_getevents 245 ++__SYSCALL(__NR_io_getevents, compat_sys_io_getevents) ++#define __NR_io_submit 246 ++__SYSCALL(__NR_io_submit, compat_sys_io_submit) ++#define __NR_io_cancel 247 ++__SYSCALL(__NR_io_cancel, sys_io_cancel) ++#define __NR_exit_group 248 ++__SYSCALL(__NR_exit_group, sys_exit_group) ++#define __NR_lookup_dcookie 249 ++__SYSCALL(__NR_lookup_dcookie, compat_sys_lookup_dcookie) ++#define __NR_epoll_create 250 ++__SYSCALL(__NR_epoll_create, sys_epoll_create) ++#define __NR_epoll_ctl 251 ++__SYSCALL(__NR_epoll_ctl, sys_epoll_ctl) ++#define __NR_epoll_wait 252 ++__SYSCALL(__NR_epoll_wait, sys_epoll_wait) ++#define __NR_remap_file_pages 253 ++__SYSCALL(__NR_remap_file_pages, sys_remap_file_pages) ++ /* 254 for set_thread_area */ ++__SYSCALL(254, sys_ni_syscall) ++ /* 255 for get_thread_area */ ++__SYSCALL(255, sys_ni_syscall) ++#define __NR_set_tid_address 256 ++__SYSCALL(__NR_set_tid_address, sys_set_tid_address) ++#define __NR_timer_create 257 ++__SYSCALL(__NR_timer_create, compat_sys_timer_create) ++#define __NR_timer_settime 258 ++__SYSCALL(__NR_timer_settime, compat_sys_timer_settime) ++#define __NR_timer_gettime 259 ++__SYSCALL(__NR_timer_gettime, compat_sys_timer_gettime) ++#define __NR_timer_getoverrun 260 ++__SYSCALL(__NR_timer_getoverrun, sys_timer_getoverrun) ++#define __NR_timer_delete 261 ++__SYSCALL(__NR_timer_delete, sys_timer_delete) ++#define __NR_clock_settime 262 ++__SYSCALL(__NR_clock_settime, compat_sys_clock_settime) ++#define __NR_clock_gettime 263 ++__SYSCALL(__NR_clock_gettime, compat_sys_clock_gettime) ++#define __NR_clock_getres 264 ++__SYSCALL(__NR_clock_getres, compat_sys_clock_getres) ++#define __NR_clock_nanosleep 265 ++__SYSCALL(__NR_clock_nanosleep, compat_sys_clock_nanosleep) ++#define __NR_statfs64 266 ++__SYSCALL(__NR_statfs64, compat_sys_statfs64_wrapper) ++#define __NR_fstatfs64 267 ++__SYSCALL(__NR_fstatfs64, compat_sys_fstatfs64_wrapper) ++#define __NR_tgkill 268 ++__SYSCALL(__NR_tgkill, sys_tgkill) ++#define __NR_utimes 269 ++__SYSCALL(__NR_utimes, compat_sys_utimes) ++#define __NR_arm_fadvise64_64 270 ++__SYSCALL(__NR_arm_fadvise64_64, compat_sys_fadvise64_64_wrapper) ++#define __NR_pciconfig_iobase 271 ++__SYSCALL(__NR_pciconfig_iobase, sys_pciconfig_iobase) ++#define __NR_pciconfig_read 272 ++__SYSCALL(__NR_pciconfig_read, sys_pciconfig_read) ++#define __NR_pciconfig_write 273 ++__SYSCALL(__NR_pciconfig_write, sys_pciconfig_write) ++#define __NR_mq_open 274 ++__SYSCALL(__NR_mq_open, compat_sys_mq_open) ++#define __NR_mq_unlink 275 ++__SYSCALL(__NR_mq_unlink, sys_mq_unlink) ++#define __NR_mq_timedsend 276 ++__SYSCALL(__NR_mq_timedsend, compat_sys_mq_timedsend) ++#define __NR_mq_timedreceive 277 ++__SYSCALL(__NR_mq_timedreceive, compat_sys_mq_timedreceive) ++#define __NR_mq_notify 278 ++__SYSCALL(__NR_mq_notify, compat_sys_mq_notify) ++#define __NR_mq_getsetattr 279 ++__SYSCALL(__NR_mq_getsetattr, compat_sys_mq_getsetattr) ++#define __NR_waitid 280 ++__SYSCALL(__NR_waitid, compat_sys_waitid) ++#define __NR_socket 281 ++__SYSCALL(__NR_socket, sys_socket) ++#define __NR_bind 282 ++__SYSCALL(__NR_bind, sys_bind) ++#define __NR_connect 283 ++__SYSCALL(__NR_connect, sys_connect) ++#define __NR_listen 284 ++__SYSCALL(__NR_listen, sys_listen) ++#define __NR_accept 285 ++__SYSCALL(__NR_accept, sys_accept) ++#define __NR_getsockname 286 ++__SYSCALL(__NR_getsockname, sys_getsockname) ++#define __NR_getpeername 287 ++__SYSCALL(__NR_getpeername, sys_getpeername) ++#define __NR_socketpair 288 ++__SYSCALL(__NR_socketpair, sys_socketpair) ++#define __NR_send 289 ++__SYSCALL(__NR_send, sys_send) ++#define __NR_sendto 290 ++__SYSCALL(__NR_sendto, sys_sendto) ++#define __NR_recv 291 ++__SYSCALL(__NR_recv, compat_sys_recv) ++#define __NR_recvfrom 292 ++__SYSCALL(__NR_recvfrom, compat_sys_recvfrom) ++#define __NR_shutdown 293 ++__SYSCALL(__NR_shutdown, sys_shutdown) ++#define __NR_setsockopt 294 ++__SYSCALL(__NR_setsockopt, compat_sys_setsockopt) ++#define __NR_getsockopt 295 ++__SYSCALL(__NR_getsockopt, compat_sys_getsockopt) ++#define __NR_sendmsg 296 ++__SYSCALL(__NR_sendmsg, compat_sys_sendmsg) ++#define __NR_recvmsg 297 ++__SYSCALL(__NR_recvmsg, compat_sys_recvmsg) ++#define __NR_semop 298 ++__SYSCALL(__NR_semop, sys_semop) ++#define __NR_semget 299 ++__SYSCALL(__NR_semget, sys_semget) ++#define __NR_semctl 300 ++__SYSCALL(__NR_semctl, compat_sys_semctl) ++#define __NR_msgsnd 301 ++__SYSCALL(__NR_msgsnd, compat_sys_msgsnd) ++#define __NR_msgrcv 302 ++__SYSCALL(__NR_msgrcv, compat_sys_msgrcv) ++#define __NR_msgget 303 ++__SYSCALL(__NR_msgget, sys_msgget) ++#define __NR_msgctl 304 ++__SYSCALL(__NR_msgctl, compat_sys_msgctl) ++#define __NR_shmat 305 ++__SYSCALL(__NR_shmat, compat_sys_shmat) ++#define __NR_shmdt 306 ++__SYSCALL(__NR_shmdt, sys_shmdt) ++#define __NR_shmget 307 ++__SYSCALL(__NR_shmget, sys_shmget) ++#define __NR_shmctl 308 ++__SYSCALL(__NR_shmctl, compat_sys_shmctl) ++#define __NR_add_key 309 ++__SYSCALL(__NR_add_key, sys_add_key) ++#define __NR_request_key 310 ++__SYSCALL(__NR_request_key, sys_request_key) ++#define __NR_keyctl 311 ++__SYSCALL(__NR_keyctl, compat_sys_keyctl) ++#define __NR_semtimedop 312 ++__SYSCALL(__NR_semtimedop, compat_sys_semtimedop) ++#define __NR_vserver 313 ++__SYSCALL(__NR_vserver, sys_ni_syscall) ++#define __NR_ioprio_set 314 ++__SYSCALL(__NR_ioprio_set, sys_ioprio_set) ++#define __NR_ioprio_get 315 ++__SYSCALL(__NR_ioprio_get, sys_ioprio_get) ++#define __NR_inotify_init 316 ++__SYSCALL(__NR_inotify_init, sys_inotify_init) ++#define __NR_inotify_add_watch 317 ++__SYSCALL(__NR_inotify_add_watch, sys_inotify_add_watch) ++#define __NR_inotify_rm_watch 318 ++__SYSCALL(__NR_inotify_rm_watch, sys_inotify_rm_watch) ++#define __NR_mbind 319 ++__SYSCALL(__NR_mbind, compat_sys_mbind) ++#define __NR_get_mempolicy 320 ++__SYSCALL(__NR_get_mempolicy, compat_sys_get_mempolicy) ++#define __NR_set_mempolicy 321 ++__SYSCALL(__NR_set_mempolicy, compat_sys_set_mempolicy) ++#define __NR_openat 322 ++__SYSCALL(__NR_openat, compat_sys_openat) ++#define __NR_mkdirat 323 ++__SYSCALL(__NR_mkdirat, sys_mkdirat) ++#define __NR_mknodat 324 ++__SYSCALL(__NR_mknodat, sys_mknodat) ++#define __NR_fchownat 325 ++__SYSCALL(__NR_fchownat, sys_fchownat) ++#define __NR_futimesat 326 ++__SYSCALL(__NR_futimesat, compat_sys_futimesat) ++#define __NR_fstatat64 327 ++__SYSCALL(__NR_fstatat64, sys_fstatat64) ++#define __NR_unlinkat 328 ++__SYSCALL(__NR_unlinkat, sys_unlinkat) ++#define __NR_renameat 329 ++__SYSCALL(__NR_renameat, sys_renameat) ++#define __NR_linkat 330 ++__SYSCALL(__NR_linkat, sys_linkat) ++#define __NR_symlinkat 331 ++__SYSCALL(__NR_symlinkat, sys_symlinkat) ++#define __NR_readlinkat 332 ++__SYSCALL(__NR_readlinkat, sys_readlinkat) ++#define __NR_fchmodat 333 ++__SYSCALL(__NR_fchmodat, sys_fchmodat) ++#define __NR_faccessat 334 ++__SYSCALL(__NR_faccessat, sys_faccessat) ++#define __NR_pselect6 335 ++__SYSCALL(__NR_pselect6, compat_sys_pselect6) ++#define __NR_ppoll 336 ++__SYSCALL(__NR_ppoll, compat_sys_ppoll) ++#define __NR_unshare 337 ++__SYSCALL(__NR_unshare, sys_unshare) ++#define __NR_set_robust_list 338 ++__SYSCALL(__NR_set_robust_list, compat_sys_set_robust_list) ++#define __NR_get_robust_list 339 ++__SYSCALL(__NR_get_robust_list, compat_sys_get_robust_list) ++#define __NR_splice 340 ++__SYSCALL(__NR_splice, sys_splice) ++#define __NR_sync_file_range2 341 ++__SYSCALL(__NR_sync_file_range2, compat_sys_sync_file_range2_wrapper) ++#define __NR_tee 342 ++__SYSCALL(__NR_tee, sys_tee) ++#define __NR_vmsplice 343 ++__SYSCALL(__NR_vmsplice, compat_sys_vmsplice) ++#define __NR_move_pages 344 ++__SYSCALL(__NR_move_pages, compat_sys_move_pages) ++#define __NR_getcpu 345 ++__SYSCALL(__NR_getcpu, sys_getcpu) ++#define __NR_epoll_pwait 346 ++__SYSCALL(__NR_epoll_pwait, compat_sys_epoll_pwait) ++#define __NR_kexec_load 347 ++__SYSCALL(__NR_kexec_load, compat_sys_kexec_load) ++#define __NR_utimensat 348 ++__SYSCALL(__NR_utimensat, compat_sys_utimensat) ++#define __NR_signalfd 349 ++__SYSCALL(__NR_signalfd, compat_sys_signalfd) ++#define __NR_timerfd_create 350 ++__SYSCALL(__NR_timerfd_create, sys_timerfd_create) ++#define __NR_eventfd 351 ++__SYSCALL(__NR_eventfd, sys_eventfd) ++#define __NR_fallocate 352 ++__SYSCALL(__NR_fallocate, compat_sys_fallocate_wrapper) ++#define __NR_timerfd_settime 353 ++__SYSCALL(__NR_timerfd_settime, compat_sys_timerfd_settime) ++#define __NR_timerfd_gettime 354 ++__SYSCALL(__NR_timerfd_gettime, compat_sys_timerfd_gettime) ++#define __NR_signalfd4 355 ++__SYSCALL(__NR_signalfd4, compat_sys_signalfd4) ++#define __NR_eventfd2 356 ++__SYSCALL(__NR_eventfd2, sys_eventfd2) ++#define __NR_epoll_create1 357 ++__SYSCALL(__NR_epoll_create1, sys_epoll_create1) ++#define __NR_dup3 358 ++__SYSCALL(__NR_dup3, sys_dup3) ++#define __NR_pipe2 359 ++__SYSCALL(__NR_pipe2, sys_pipe2) ++#define __NR_inotify_init1 360 ++__SYSCALL(__NR_inotify_init1, sys_inotify_init1) ++#define __NR_preadv 361 ++__SYSCALL(__NR_preadv, compat_sys_preadv) ++#define __NR_pwritev 362 ++__SYSCALL(__NR_pwritev, compat_sys_pwritev) ++#define __NR_rt_tgsigqueueinfo 363 ++__SYSCALL(__NR_rt_tgsigqueueinfo, compat_sys_rt_tgsigqueueinfo) ++#define __NR_perf_event_open 364 ++__SYSCALL(__NR_perf_event_open, sys_perf_event_open) ++#define __NR_recvmmsg 365 ++__SYSCALL(__NR_recvmmsg, compat_sys_recvmmsg) ++#define __NR_accept4 366 ++__SYSCALL(__NR_accept4, sys_accept4) ++#define __NR_fanotify_init 367 ++__SYSCALL(__NR_fanotify_init, sys_fanotify_init) ++#define __NR_fanotify_mark 368 ++__SYSCALL(__NR_fanotify_mark, compat_sys_fanotify_mark) ++#define __NR_prlimit64 369 ++__SYSCALL(__NR_prlimit64, sys_prlimit64) ++#define __NR_name_to_handle_at 370 ++__SYSCALL(__NR_name_to_handle_at, sys_name_to_handle_at) ++#define __NR_open_by_handle_at 371 ++__SYSCALL(__NR_open_by_handle_at, compat_sys_open_by_handle_at) ++#define __NR_clock_adjtime 372 ++__SYSCALL(__NR_clock_adjtime, compat_sys_clock_adjtime) ++#define __NR_syncfs 373 ++__SYSCALL(__NR_syncfs, sys_syncfs) ++#define __NR_sendmmsg 374 ++__SYSCALL(__NR_sendmmsg, compat_sys_sendmmsg) ++#define __NR_setns 375 ++__SYSCALL(__NR_setns, sys_setns) ++#define __NR_process_vm_readv 376 ++__SYSCALL(__NR_process_vm_readv, compat_sys_process_vm_readv) ++#define __NR_process_vm_writev 377 ++__SYSCALL(__NR_process_vm_writev, compat_sys_process_vm_writev) ++#define __NR_kcmp 378 ++__SYSCALL(__NR_kcmp, sys_kcmp) ++#define __NR_finit_module 379 ++__SYSCALL(__NR_finit_module, sys_finit_module) ++#define __NR_sched_setattr 380 ++__SYSCALL(__NR_sched_setattr, sys_sched_setattr) ++#define __NR_sched_getattr 381 ++__SYSCALL(__NR_sched_getattr, sys_sched_getattr) ++#define __NR_renameat2 382 ++__SYSCALL(__NR_renameat2, sys_renameat2) +diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S +index 67738737be9d..a2cb67872c53 100644 +--- a/arch/arm64/kernel/entry.S ++++ b/arch/arm64/kernel/entry.S +@@ -27,7 +27,6 @@ + #include + #include + #include +-#include + + /* + * Bad Abort numbers +diff --git a/arch/arm64/kernel/kuser32.S b/arch/arm64/kernel/kuser32.S +index 7787208e8cc6..997e6b27ff6a 100644 +--- a/arch/arm64/kernel/kuser32.S ++++ b/arch/arm64/kernel/kuser32.S +@@ -28,7 +28,7 @@ + * See Documentation/arm/kernel_user_helpers.txt for formal definitions. + */ + +-#include ++#include + + .align 5 + .globl __kuser_helper_start +diff --git a/arch/arm64/kernel/signal32.c b/arch/arm64/kernel/signal32.c +index 03520c650701..327a68c915e2 100644 +--- a/arch/arm64/kernel/signal32.c ++++ b/arch/arm64/kernel/signal32.c +@@ -27,7 +27,7 @@ + #include + #include + #include +-#include ++#include + + struct compat_sigcontext { + /* We always set these two fields to 0 */ +diff --git a/arch/arm64/kernel/sys_compat.c b/arch/arm64/kernel/sys_compat.c +index 78039927c807..dc47e53e9e28 100644 +--- a/arch/arm64/kernel/sys_compat.c ++++ b/arch/arm64/kernel/sys_compat.c +@@ -26,7 +26,7 @@ + #include + + #include +-#include ++#include + + static inline void + do_compat_cache_op(unsigned long start, unsigned long end, int flags) +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0010-arm64-compat-wire-up-memfd_create-and-getrandom-sysc.patch b/core/linux-odroid-c2/0010-arm64-compat-wire-up-memfd_create-and-getrandom-sysc.patch new file mode 100644 index 000000000..708d40aa5 --- /dev/null +++ b/core/linux-odroid-c2/0010-arm64-compat-wire-up-memfd_create-and-getrandom-sysc.patch @@ -0,0 +1,44 @@ +From 5523645bcf35e6d3142bcbf91679d4523e689df5 Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Mon, 11 Aug 2014 14:23:37 +0100 +Subject: [PATCH 10/16] arm64: compat: wire up memfd_create and getrandom + syscalls for aarch32 + +arch/arm/ just grew support for the new memfd_create and getrandom +syscalls, so add them to our compat layer too. + +Signed-off-by: Will Deacon +--- + arch/arm64/include/asm/unistd.h | 2 +- + arch/arm64/include/asm/unistd32.h | 5 +++++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h +index 4bc95d27e063..6d2bf419431d 100644 +--- a/arch/arm64/include/asm/unistd.h ++++ b/arch/arm64/include/asm/unistd.h +@@ -41,7 +41,7 @@ + #define __ARM_NR_compat_cacheflush (__ARM_NR_COMPAT_BASE+2) + #define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE+5) + +-#define __NR_compat_syscalls 383 ++#define __NR_compat_syscalls 386 + #endif + + #define __ARCH_WANT_SYS_CLONE +diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h +index e242600c4046..da1f06b535e3 100644 +--- a/arch/arm64/include/asm/unistd32.h ++++ b/arch/arm64/include/asm/unistd32.h +@@ -787,3 +787,8 @@ __SYSCALL(__NR_sched_setattr, sys_sched_setattr) + __SYSCALL(__NR_sched_getattr, sys_sched_getattr) + #define __NR_renameat2 382 + __SYSCALL(__NR_renameat2, sys_renameat2) ++ /* 383 for seccomp */ ++#define __NR_getrandom 384 ++__SYSCALL(__NR_getrandom, sys_getrandom) ++#define __NR_memfd_create 385 ++__SYSCALL(__NR_memfd_create, sys_memfd_create) +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0011-arm64-ptrace-add-PTRACE_SET_SYSCALL.patch b/core/linux-odroid-c2/0011-arm64-ptrace-add-PTRACE_SET_SYSCALL.patch new file mode 100644 index 000000000..84bed9b18 --- /dev/null +++ b/core/linux-odroid-c2/0011-arm64-ptrace-add-PTRACE_SET_SYSCALL.patch @@ -0,0 +1,64 @@ +From 596747f36cc455e99f5e6d1b87177e4b208c0c2b Mon Sep 17 00:00:00 2001 +From: AKASHI Takahiro +Date: Thu, 21 Aug 2014 17:56:40 +0900 +Subject: [PATCH 11/16] arm64: ptrace: add PTRACE_SET_SYSCALL + +To allow tracer to be able to change/skip a system call by re-writing +a syscall number, there are several approaches: + +(1) modify x8 register with ptrace(PTRACE_SETREGSET), and handle this case + later on in syscall_trace_enter(), or +(2) support ptrace(PTRACE_SET_SYSCALL) as on arm + +Thinking of the fact that user_pt_regs doesn't expose 'syscallno' to +tracer as well as that secure_computing() expects a changed syscall number +to be visible, especially case of -1, before this function returns in +syscall_trace_enter(), we'd better take (2). + +Signed-off-by: AKASHI Takahiro +Reviewed-by: Kees Cook +--- + arch/arm64/include/uapi/asm/ptrace.h | 1 + + arch/arm64/kernel/ptrace.c | 14 +++++++++++++- + 2 files changed, 14 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h +index c136fd53c847..164e2bbe9afd 100644 +--- a/arch/arm64/include/uapi/asm/ptrace.h ++++ b/arch/arm64/include/uapi/asm/ptrace.h +@@ -23,6 +23,7 @@ + + #include + ++#define PTRACE_SET_SYSCALL 23 + + /* + * PSR bits +diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c +index 53bdc598d1c1..6ef1e17d9c5b 100644 +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -1093,7 +1093,19 @@ const struct user_regset_view *task_user_regset_view(struct task_struct *task) + long arch_ptrace(struct task_struct *child, long request, + unsigned long addr, unsigned long data) + { +- return ptrace_request(child, request, addr, data); ++ int ret; ++ ++ switch (request) { ++ case PTRACE_SET_SYSCALL: ++ task_pt_regs(child)->syscallno = data; ++ ret = 0; ++ break; ++ default: ++ ret = ptrace_request(child, request, addr, data); ++ break; ++ } ++ ++ return ret; + } + + enum ptrace_syscall_dir { +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0012-arm64-ptrace-allow-tracer-to-skip-a-system-call.patch b/core/linux-odroid-c2/0012-arm64-ptrace-allow-tracer-to-skip-a-system-call.patch new file mode 100644 index 000000000..a975e1934 --- /dev/null +++ b/core/linux-odroid-c2/0012-arm64-ptrace-allow-tracer-to-skip-a-system-call.patch @@ -0,0 +1,122 @@ +From 5581ff348660d98cfa0348492a0ee89749829460 Mon Sep 17 00:00:00 2001 +From: AKASHI Takahiro +Date: Thu, 21 Aug 2014 17:56:41 +0900 +Subject: [PATCH 12/16] arm64: ptrace: allow tracer to skip a system call + +If tracer specifies -1 as a syscall number, this traced system call should +be skipped with a value in x0 used as a return value. +This patch enables this semantics, but there is a restriction here: + + when syscall(-1) is issued by user, tracer cannot skip this system call + and modify a return value at syscall entry. + +In order to ease this flavor, we need to treat whatever value in x0 as +a return value, but this might result in a bogus value being returned, +especially when tracer doesn't do anything at this syscall. +So we always return ENOSYS instead, while we have another chance to change +a return value at syscall exit. + +Please also note: +* syscall entry tracing and syscall exit tracing (ftrace tracepoint and + audit) are always executed, if enabled, even when skipping a system call + (that is, -1). + In this way, we can avoid a potential bug where audit_syscall_entry() + might be called without audit_syscall_exit() at the previous system call + being called, that would cause OOPs in audit_syscall_entry(). + +* syscallno may also be set to -1 if a fatal signal (SIGKILL) is detected + in tracehook_report_syscall_entry(), but since a value set to x0 (ENOSYS) + is not used in this case, we may neglect the case. + +Signed-off-by: AKASHI Takahiro +--- + arch/arm64/include/asm/ptrace.h | 8 ++++++++ + arch/arm64/kernel/entry.S | 4 ++++ + arch/arm64/kernel/ptrace.c | 20 ++++++++++++++++++++ + 3 files changed, 32 insertions(+) + +diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h +index 300a382ed88f..8e4445719e92 100644 +--- a/arch/arm64/include/asm/ptrace.h ++++ b/arch/arm64/include/asm/ptrace.h +@@ -67,6 +67,14 @@ + #define COMPAT_PT_TEXT_ADDR 0x10000 + #define COMPAT_PT_DATA_ADDR 0x10004 + #define COMPAT_PT_TEXT_END_ADDR 0x10008 ++ ++/* ++ * used to skip a system call when tracer changes its number to -1 ++ * with ptrace(PTRACE_SET_SYSCALL) ++ */ ++#define RET_SKIP_SYSCALL -1 ++#define IS_SKIP_SYSCALL(no) ((int)(no & 0xffffffff) == -1) ++ + #ifndef __ASSEMBLY__ + + /* sizeof(struct user) for AArch32 */ +diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S +index a2cb67872c53..88fc4f84c39a 100644 +--- a/arch/arm64/kernel/entry.S ++++ b/arch/arm64/kernel/entry.S +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -627,6 +628,8 @@ ENDPROC(el0_svc) + __sys_trace: + mov x0, sp + bl syscall_trace_enter ++ cmp w0, #RET_SKIP_SYSCALL // skip syscall? ++ b.eq __sys_trace_return_skipped + adr lr, __sys_trace_return // return address + uxtw scno, w0 // syscall number (possibly new) + mov x1, sp // pointer to regs +@@ -641,6 +644,7 @@ __sys_trace: + + __sys_trace_return: + str x0, [sp] // save returned x0 ++__sys_trace_return_skipped: // x0 already in regs[0] + mov x0, sp + bl syscall_trace_exit + b ret_to_user +diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c +index 6ef1e17d9c5b..b29b82576f82 100644 +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -1137,9 +1137,29 @@ static void tracehook_report_syscall(struct pt_regs *regs, + + asmlinkage int syscall_trace_enter(struct pt_regs *regs) + { ++ unsigned int saved_syscallno = regs->syscallno; ++ + if (test_thread_flag(TIF_SYSCALL_TRACE)) + tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); + ++ if (IS_SKIP_SYSCALL(regs->syscallno)) { ++ /* ++ * RESTRICTION: we can't modify a return value of user ++ * issued syscall(-1) here. In order to ease this flavor, ++ * we need to treat whatever value in x0 as a return value, ++ * but this might result in a bogus value being returned. ++ */ ++ /* ++ * NOTE: syscallno may also be set to -1 if fatal signal is ++ * detected in tracehook_report_syscall_entry(), but since ++ * a value set to x0 here is not used in this case, we may ++ * neglect the case. ++ */ ++ if (!test_thread_flag(TIF_SYSCALL_TRACE) || ++ (IS_SKIP_SYSCALL(saved_syscallno))) ++ regs->regs[0] = -ENOSYS; ++ } ++ + if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) + trace_sys_enter(regs, regs->syscallno); + +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0013-asm-generic-add-generic-seccomp.h-for-secure-computi.patch b/core/linux-odroid-c2/0013-asm-generic-add-generic-seccomp.h-for-secure-computi.patch new file mode 100644 index 000000000..23a58b488 --- /dev/null +++ b/core/linux-odroid-c2/0013-asm-generic-add-generic-seccomp.h-for-secure-computi.patch @@ -0,0 +1,55 @@ +From b8315a43bf6d555219e1e1f3120ce9a43127f6f2 Mon Sep 17 00:00:00 2001 +From: AKASHI Takahiro +Date: Thu, 21 Aug 2014 17:56:42 +0900 +Subject: [PATCH 13/16] asm-generic: add generic seccomp.h for secure computing + mode 1 + +Those values (__NR_seccomp_*) are used solely in secure_computing() +to identify mode 1 system calls. If compat system calls have different +syscall numbers, asm/seccomp.h may override them. + +Acked-by: Arnd Bergmann +Signed-off-by: AKASHI Takahiro +Reviewed-by: Kees Cook +--- + include/asm-generic/seccomp.h | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + create mode 100644 include/asm-generic/seccomp.h + +diff --git a/include/asm-generic/seccomp.h b/include/asm-generic/seccomp.h +new file mode 100644 +index 000000000000..5e9702219646 +--- /dev/null ++++ b/include/asm-generic/seccomp.h +@@ -0,0 +1,28 @@ ++/* ++ * include/asm-generic/seccomp.h ++ * ++ * Copyright (C) 2014 Linaro Limited ++ * Author: AKASHI Takahiro ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++#ifndef _ASM_GENERIC_SECCOMP_H ++#define _ASM_GENERIC_SECCOMP_H ++ ++#include ++ ++#if defined(CONFIG_COMPAT) && !defined(__NR_seccomp_read_32) ++#define __NR_seccomp_read_32 __NR_read ++#define __NR_seccomp_write_32 __NR_write ++#define __NR_seccomp_exit_32 __NR_exit ++#define __NR_seccomp_sigreturn_32 __NR_rt_sigreturn ++#endif /* CONFIG_COMPAT && ! already defined */ ++ ++#define __NR_seccomp_read __NR_read ++#define __NR_seccomp_write __NR_write ++#define __NR_seccomp_exit __NR_exit ++#define __NR_seccomp_sigreturn __NR_rt_sigreturn ++ ++#endif /* _ASM_GENERIC_SECCOMP_H */ +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0014-arm64-add-seccomp-syscall-for-compat-task.patch b/core/linux-odroid-c2/0014-arm64-add-seccomp-syscall-for-compat-task.patch new file mode 100644 index 000000000..6c6b3ade7 --- /dev/null +++ b/core/linux-odroid-c2/0014-arm64-add-seccomp-syscall-for-compat-task.patch @@ -0,0 +1,30 @@ +From 62586df3e9ea30c886028731b1c34f21da367b99 Mon Sep 17 00:00:00 2001 +From: AKASHI Takahiro +Date: Thu, 21 Aug 2014 17:56:43 +0900 +Subject: [PATCH 14/16] arm64: add seccomp syscall for compat task + +This patch allows compat task to issue seccomp() system call. + +Signed-off-by: AKASHI Takahiro +Reviewed-by: Kees Cook +--- + arch/arm64/include/asm/unistd32.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h +index da1f06b535e3..812f19212b23 100644 +--- a/arch/arm64/include/asm/unistd32.h ++++ b/arch/arm64/include/asm/unistd32.h +@@ -787,7 +787,8 @@ __SYSCALL(__NR_sched_setattr, sys_sched_setattr) + __SYSCALL(__NR_sched_getattr, sys_sched_getattr) + #define __NR_renameat2 382 + __SYSCALL(__NR_renameat2, sys_renameat2) +- /* 383 for seccomp */ ++#define __NR_seccomp 383 ++__SYSCALL(__NR_seccomp, sys_seccomp) + #define __NR_getrandom 384 + __SYSCALL(__NR_getrandom, sys_getrandom) + #define __NR_memfd_create 385 +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0015-arm64-add-SIGSYS-siginfo-for-compat-task.patch b/core/linux-odroid-c2/0015-arm64-add-SIGSYS-siginfo-for-compat-task.patch new file mode 100644 index 000000000..645848190 --- /dev/null +++ b/core/linux-odroid-c2/0015-arm64-add-SIGSYS-siginfo-for-compat-task.patch @@ -0,0 +1,56 @@ +From ccf3528a3dae6bf48bd83b81068d1e2550b00519 Mon Sep 17 00:00:00 2001 +From: AKASHI Takahiro +Date: Thu, 21 Aug 2014 17:56:44 +0900 +Subject: [PATCH 15/16] arm64: add SIGSYS siginfo for compat task + +SIGSYS is primarily used in secure computing to notify tracer. +This patch allows signal handler on compat task to get correct information +with SA_SYSINFO specified when this signal is delivered. + +Signed-off-by: AKASHI Takahiro +Reviewed-by: Kees Cook +--- + arch/arm64/include/asm/compat.h | 7 +++++++ + arch/arm64/kernel/signal32.c | 8 ++++++++ + 2 files changed, 15 insertions(+) + +diff --git a/arch/arm64/include/asm/compat.h b/arch/arm64/include/asm/compat.h +index 56de5aadede2..e94e8dde78b4 100644 +--- a/arch/arm64/include/asm/compat.h ++++ b/arch/arm64/include/asm/compat.h +@@ -205,6 +205,13 @@ typedef struct compat_siginfo { + compat_long_t _band; /* POLL_IN, POLL_OUT, POLL_MSG */ + int _fd; + } _sigpoll; ++ ++ /* SIGSYS */ ++ struct { ++ compat_uptr_t _call_addr; /* calling user insn */ ++ int _syscall; /* triggering system call number */ ++ unsigned int _arch; /* AUDIT_ARCH_* of syscall */ ++ } _sigsys; + } _sifields; + } compat_siginfo_t; + +diff --git a/arch/arm64/kernel/signal32.c b/arch/arm64/kernel/signal32.c +index 327a68c915e2..2b53747bc87f 100644 +--- a/arch/arm64/kernel/signal32.c ++++ b/arch/arm64/kernel/signal32.c +@@ -186,6 +186,14 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from) + err |= __put_user(from->si_uid, &to->si_uid); + err |= __put_user(from->si_int, &to->si_int); + break; ++#ifdef __ARCH_SIGSYS ++ case __SI_SYS: ++ err |= __put_user((compat_uptr_t)(unsigned long) ++ from->si_call_addr, &to->si_call_addr); ++ err |= __put_user(from->si_syscall, &to->si_syscall); ++ err |= __put_user(from->si_arch, &to->si_arch); ++ break; ++#endif + default: /* this is just in case for now ... */ + err |= __put_user(from->si_pid, &to->si_pid); + err |= __put_user(from->si_uid, &to->si_uid); +-- +2.18.0 + diff --git a/core/linux-odroid-c2/0016-arm64-add-seccomp-support.patch b/core/linux-odroid-c2/0016-arm64-add-seccomp-support.patch new file mode 100644 index 000000000..b8264d62e --- /dev/null +++ b/core/linux-odroid-c2/0016-arm64-add-seccomp-support.patch @@ -0,0 +1,152 @@ +From b0654bbead447c3d21f9690ebb1f88cc176510f7 Mon Sep 17 00:00:00 2001 +From: AKASHI Takahiro +Date: Thu, 21 Aug 2014 17:56:45 +0900 +Subject: [PATCH 16/16] arm64: add seccomp support + +secure_computing() is called first in syscall_trace_enter() so that a system +call will be aborted quickly without doing succeeding syscall tracing, +contrary to other cases, if seccomp rules deny that system call. + +On compat task, syscall numbers for system calls allowed in seccomp mode 1 +are different from those on normal tasks, and so _NR_seccomp_xxx_32's need +to be redefined. + +Signed-off-by: AKASHI Takahiro +--- + arch/arm64/Kconfig | 14 ++++++++++++++ + arch/arm64/include/asm/ptrace.h | 1 + + arch/arm64/include/asm/seccomp.h | 25 +++++++++++++++++++++++++ + arch/arm64/include/asm/unistd.h | 3 +++ + arch/arm64/kernel/entry.S | 2 ++ + arch/arm64/kernel/ptrace.c | 5 +++++ + 6 files changed, 50 insertions(+) + create mode 100644 arch/arm64/include/asm/seccomp.h + +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index a3f9d227d179..2d90708b2c8c 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -34,6 +34,7 @@ config ARM64 + select HAVE_ARCH_AUDITSYSCALL + select HAVE_ARCH_JUMP_LABEL + select HAVE_ARCH_KGDB ++ select HAVE_ARCH_SECCOMP_FILTER + select HAVE_ARCH_TRACEHOOK + select HAVE_C_RECORDMCOUNT + select HAVE_DEBUG_BUGVERBOSE +@@ -325,6 +326,19 @@ config ARCH_HAS_CACHE_LINE_SIZE + + source "mm/Kconfig" + ++config SECCOMP ++ bool "Enable seccomp to safely compute untrusted bytecode" ++ ---help--- ++ This kernel feature is useful for number crunching applications ++ that may need to compute untrusted bytecode during their ++ execution. By using pipes or other transports made available to ++ the process as file descriptors supporting the read/write ++ syscalls, it's possible to isolate those applications in ++ their own address space using seccomp. Once seccomp is ++ enabled via prctl(PR_SET_SECCOMP), it cannot be disabled ++ and the task is only allowed to execute a few safe syscalls ++ defined by each seccomp mode. ++ + config XEN_DOM0 + def_bool y + depends on XEN +diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h +index 8e4445719e92..e9746486f860 100644 +--- a/arch/arm64/include/asm/ptrace.h ++++ b/arch/arm64/include/asm/ptrace.h +@@ -73,6 +73,7 @@ + * with ptrace(PTRACE_SET_SYSCALL) + */ + #define RET_SKIP_SYSCALL -1 ++#define RET_SKIP_SYSCALL_TRACE -2 + #define IS_SKIP_SYSCALL(no) ((int)(no & 0xffffffff) == -1) + + #ifndef __ASSEMBLY__ +diff --git a/arch/arm64/include/asm/seccomp.h b/arch/arm64/include/asm/seccomp.h +new file mode 100644 +index 000000000000..c76fac979629 +--- /dev/null ++++ b/arch/arm64/include/asm/seccomp.h +@@ -0,0 +1,25 @@ ++/* ++ * arch/arm64/include/asm/seccomp.h ++ * ++ * Copyright (C) 2014 Linaro Limited ++ * Author: AKASHI Takahiro ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++#ifndef _ASM_SECCOMP_H ++#define _ASM_SECCOMP_H ++ ++#include ++ ++#ifdef CONFIG_COMPAT ++#define __NR_seccomp_read_32 __NR_compat_read ++#define __NR_seccomp_write_32 __NR_compat_write ++#define __NR_seccomp_exit_32 __NR_compat_exit ++#define __NR_seccomp_sigreturn_32 __NR_compat_rt_sigreturn ++#endif /* CONFIG_COMPAT */ ++ ++#include ++ ++#endif /* _ASM_SECCOMP_H */ +diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h +index 6d2bf419431d..49c9aefd24a5 100644 +--- a/arch/arm64/include/asm/unistd.h ++++ b/arch/arm64/include/asm/unistd.h +@@ -31,6 +31,9 @@ + * Compat syscall numbers used by the AArch64 kernel. + */ + #define __NR_compat_restart_syscall 0 ++#define __NR_compat_exit 1 ++#define __NR_compat_read 3 ++#define __NR_compat_write 4 + #define __NR_compat_sigreturn 119 + #define __NR_compat_rt_sigreturn 173 + +diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S +index 88fc4f84c39a..3554d6feb7da 100644 +--- a/arch/arm64/kernel/entry.S ++++ b/arch/arm64/kernel/entry.S +@@ -628,6 +628,8 @@ ENDPROC(el0_svc) + __sys_trace: + mov x0, sp + bl syscall_trace_enter ++ cmp w0, #RET_SKIP_SYSCALL_TRACE // skip syscall and tracing? ++ b.eq ret_to_user + cmp w0, #RET_SKIP_SYSCALL // skip syscall? + b.eq __sys_trace_return_skipped + adr lr, __sys_trace_return // return address +diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c +index b29b82576f82..984efa14d2b0 100644 +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -1139,6 +1140,10 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) + { + unsigned int saved_syscallno = regs->syscallno; + ++ /* Do the secure computing check first; failures should be fast. */ ++ if (secure_computing(regs->syscallno) == -1) ++ return RET_SKIP_SYSCALL_TRACE; ++ + if (test_thread_flag(TIF_SYSCALL_TRACE)) + tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); + +-- +2.18.0 + diff --git a/core/linux-odroid-c2/PKGBUILD b/core/linux-odroid-c2/PKGBUILD index ff086ca86..c2196cb29 100644 --- a/core/linux-odroid-c2/PKGBUILD +++ b/core/linux-odroid-c2/PKGBUILD @@ -9,7 +9,7 @@ _srcname=linux-${_commit} _kernelname=${pkgbase#linux} _desc="ODROID-C2" pkgver=3.16.57 -pkgrel=1 +pkgrel=2 arch=('aarch64') url="https://github.com/hardkernel/linux/tree/odroidc2-v3.16.y" license=('GPL2') @@ -18,6 +18,21 @@ options=('!strip') source=("https://github.com/hardkernel/linux/archive/${_commit}.tar.gz" "git+https://github.com/mdrjr/c2_bootini.git" '0001-add-extra-errata-843419-build-flags.patch' + '0002-arm64-Add-audit-support.patch' + '0003-seccomp-create-internal-mode-setting-function.patch' + '0004-seccomp-extract-check-assign-mode-helpers.patch' + '0005-seccomp-split-mode-setting-routines.patch' + '0006-seccomp-add-seccomp-syscall.patch' + '0007-random-introduce-getrandom-2-system-call.patch' + '0008-Revert-arm64-compat-wire-up-memfd_create-syscall-for.patch' + '0009-arm64-Add-__NR_-definitions-for-compat-syscalls.patch' + '0010-arm64-compat-wire-up-memfd_create-and-getrandom-sysc.patch' + '0011-arm64-ptrace-add-PTRACE_SET_SYSCALL.patch' + '0012-arm64-ptrace-allow-tracer-to-skip-a-system-call.patch' + '0013-asm-generic-add-generic-seccomp.h-for-secure-computi.patch' + '0014-arm64-add-seccomp-syscall-for-compat-task.patch' + '0015-arm64-add-SIGSYS-siginfo-for-compat-task.patch' + '0016-arm64-add-seccomp-support.patch' 'config' 'linux.preset' 'amlogic.service' @@ -25,8 +40,23 @@ source=("https://github.com/hardkernel/linux/archive/${_commit}.tar.gz" '90-linux.hook') md5sums=('4ffd9e836370aea16f80e6798b969126' 'SKIP' - '4e11a812de6e7d749103b6a2e6bef301' - '9d0b2aafec410a06e3390a1c66800206' + '56a53a0d56aa3a5ce0216a3290330053' + '23faa3d2228df60055e6d97e469cda8a' + '76493c97d174f7335a06516f0a24963b' + '4b822e81df5b1fe73fdb41c9852acfcb' + '9c8ae0d353008865492127314f3d08c7' + '3917a53be38bc28bd0acb16e6b708cf2' + '9b7eaba53b7818755905520ecea48453' + '4c304791ebe3a6161607031b641d49cf' + 'd2df633f89b8e71d7d26333d70402d48' + '3baef2320266f060500de675b244948d' + '1b2cb9b6b817ca7e4854505248377197' + '250a0171b48c8e8b36667b211b3e6658' + '18675fe029a96d5c6191c5253a1ec1a5' + 'b575d1884647589eae89d7736d990744' + '00e5ddbaaac55e40a700c51a6756b8de' + 'cf59798a64257ce44c8b928e1abf4db2' + 'ea5d396fa0db628eb305eb15a72b64dc' '86d4a35722b5410e3b29fc92dae15d4b' 'b8956789318f49cec5b8bb0b41654a9b' 'ce6c81ad1ad1f8b333fd6077d47abdaf' @@ -43,7 +73,22 @@ prepare() { # don't run depmod on 'make install'. We'll do this ourselves in packaging sed -i '2iexit 0' scripts/depmod.sh - patch -p1 -i ../0001-add-extra-errata-843419-build-flags.patch + git apply ../0001-add-extra-errata-843419-build-flags.patch + git apply ../0002-arm64-Add-audit-support.patch + git apply ../0003-seccomp-create-internal-mode-setting-function.patch + git apply ../0004-seccomp-extract-check-assign-mode-helpers.patch + git apply ../0005-seccomp-split-mode-setting-routines.patch + git apply ../0006-seccomp-add-seccomp-syscall.patch + git apply ../0007-random-introduce-getrandom-2-system-call.patch + git apply ../0008-Revert-arm64-compat-wire-up-memfd_create-syscall-for.patch + git apply ../0009-arm64-Add-__NR_-definitions-for-compat-syscalls.patch + git apply ../0010-arm64-compat-wire-up-memfd_create-and-getrandom-sysc.patch + git apply ../0011-arm64-ptrace-add-PTRACE_SET_SYSCALL.patch + git apply ../0012-arm64-ptrace-allow-tracer-to-skip-a-system-call.patch + git apply ../0013-asm-generic-add-generic-seccomp.h-for-secure-computi.patch + git apply ../0014-arm64-add-seccomp-syscall-for-compat-task.patch + git apply ../0015-arm64-add-SIGSYS-siginfo-for-compat-task.patch + git apply ../0016-arm64-add-seccomp-support.patch } build() { diff --git a/core/linux-odroid-c2/config b/core/linux-odroid-c2/config index 52085f9d2..6af1402bc 100644 --- a/core/linux-odroid-c2/config +++ b/core/linux-odroid-c2/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 3.16.57-1 Kernel Configuration +# Linux/arm64 3.16.57-2 Kernel Configuration # CONFIG_ARM64=y CONFIG_ARM64_HAS_SG_CHAIN=y @@ -45,6 +45,8 @@ CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_FHANDLE=y CONFIG_USELIB=y CONFIG_AUDIT=y +CONFIG_HAVE_ARCH_AUDITSYSCALL=y +# CONFIG_AUDITSYSCALL is not set # # IRQ subsystem @@ -195,6 +197,8 @@ CONFIG_HAVE_PERF_REGS=y CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y # CONFIG_CC_STACKPROTECTOR is not set CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y @@ -342,6 +346,7 @@ CONFIG_CMA_AREAS=7 CONFIG_ZSMALLOC=y # CONFIG_PGTABLE_MAPPING is not set CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_SECCOMP=y # CONFIG_XEN is not set CONFIG_FORCE_MAX_ZONEORDER=11 @@ -4610,7 +4615,7 @@ CONFIG_CRYPTO_MANAGER2=y CONFIG_CRYPTO_USER=m CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y CONFIG_CRYPTO_GF128MUL=m -# CONFIG_CRYPTO_NULL is not set +CONFIG_CRYPTO_NULL=m # CONFIG_CRYPTO_PCRYPT is not set CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_CRYPTD=y @@ -4622,7 +4627,7 @@ CONFIG_CRYPTO_ABLK_HELPER=y # Authenticated Encryption with Associated Data # CONFIG_CRYPTO_CCM=y -# CONFIG_CRYPTO_GCM is not set +CONFIG_CRYPTO_GCM=m CONFIG_CRYPTO_SEQIV=y # @@ -4650,7 +4655,7 @@ CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_CRC32 is not set CONFIG_CRYPTO_CRCT10DIF=y -# CONFIG_CRYPTO_GHASH is not set +CONFIG_CRYPTO_GHASH=m CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m @@ -4740,7 +4745,8 @@ CONFIG_CRC7=y CONFIG_LIBCRC32C=y # CONFIG_CRC8 is not set CONFIG_AUDIT_GENERIC=y -# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +CONFIG_AUDIT_ARCH_COMPAT_GENERIC=y +CONFIG_AUDIT_COMPAT_GENERIC=y # CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y