diff --git a/driver/ppm_events_public.h b/driver/ppm_events_public.h index 5fb5340215..7b6e272c38 100644 --- a/driver/ppm_events_public.h +++ b/driver/ppm_events_public.h @@ -1199,344 +1199,375 @@ enum extra_event_prog_code /* * System-independent syscall codes */ + +#define PPM_SC_FIELDS \ + PPM_SC_X(UNKNOWN, 0) \ + PPM_SC_X(RESTART_SYSCALL, 1) \ + PPM_SC_X(EXIT, 2) \ + PPM_SC_X(READ, 3) \ + PPM_SC_X(WRITE, 4) \ + PPM_SC_X(OPEN, 5) \ + PPM_SC_X(CLOSE, 6) \ + PPM_SC_X(CREAT, 7) \ + PPM_SC_X(LINK, 8) \ + PPM_SC_X(UNLINK, 9) \ + PPM_SC_X(CHDIR, 10) \ + PPM_SC_X(TIME, 11) \ + PPM_SC_X(MKNOD, 12) \ + PPM_SC_X(CHMOD, 13) \ + PPM_SC_X(STAT, 14) \ + PPM_SC_X(LSEEK, 15) \ + PPM_SC_X(GETPID, 16) \ + PPM_SC_X(MOUNT, 17) \ + PPM_SC_X(PTRACE, 18) \ + PPM_SC_X(ALARM, 19) \ + PPM_SC_X(FSTAT, 20) \ + PPM_SC_X(PAUSE, 21) \ + PPM_SC_X(UTIME, 22) \ + PPM_SC_X(ACCESS, 23) \ + PPM_SC_X(SYNC, 24) \ + PPM_SC_X(KILL, 25) \ + PPM_SC_X(RENAME, 26) \ + PPM_SC_X(MKDIR, 27) \ + PPM_SC_X(RMDIR, 28) \ + PPM_SC_X(DUP, 29) \ + PPM_SC_X(PIPE, 30) \ + PPM_SC_X(TIMES, 31) \ + PPM_SC_X(BRK, 32) \ + PPM_SC_X(ACCT, 33) \ + PPM_SC_X(IOCTL, 34) \ + PPM_SC_X(FCNTL, 35) \ + PPM_SC_X(SETPGID, 36) \ + PPM_SC_X(UMASK, 37) \ + PPM_SC_X(CHROOT, 38) \ + PPM_SC_X(USTAT, 39) \ + PPM_SC_X(DUP2, 40) \ + PPM_SC_X(GETPPID, 41) \ + PPM_SC_X(GETPGRP, 42) \ + PPM_SC_X(SETSID, 43) \ + PPM_SC_X(SETHOSTNAME, 44) \ + PPM_SC_X(SETRLIMIT, 45) \ + PPM_SC_X(GETRUSAGE, 46) \ + PPM_SC_X(GETTIMEOFDAY, 47) \ + PPM_SC_X(SETTIMEOFDAY, 48) \ + PPM_SC_X(SYMLINK, 49) \ + PPM_SC_X(LSTAT, 50) \ + PPM_SC_X(READLINK, 51) \ + PPM_SC_X(USELIB, 52) \ + PPM_SC_X(SWAPON, 53) \ + PPM_SC_X(REBOOT, 54) \ + PPM_SC_X(MMAP, 55) \ + PPM_SC_X(MUNMAP, 56) \ + PPM_SC_X(TRUNCATE, 57) \ + PPM_SC_X(FTRUNCATE, 58) \ + PPM_SC_X(FCHMOD, 59) \ + PPM_SC_X(GETPRIORITY, 60) \ + PPM_SC_X(SETPRIORITY, 61) \ + PPM_SC_X(STATFS, 62) \ + PPM_SC_X(FSTATFS, 63) \ + PPM_SC_X(SYSLOG, 64) \ + PPM_SC_X(SETITIMER, 65) \ + PPM_SC_X(GETITIMER, 66) \ + PPM_SC_X(UNAME, 67) \ + PPM_SC_X(VHANGUP, 68) \ + PPM_SC_X(WAIT4, 69) \ + PPM_SC_X(SWAPOFF, 70) \ + PPM_SC_X(SYSINFO, 71) \ + PPM_SC_X(FSYNC, 72) \ + PPM_SC_X(SETDOMAINNAME, 73) \ + PPM_SC_X(ADJTIMEX, 74) \ + PPM_SC_X(MPROTECT, 75) \ + PPM_SC_X(INIT_MODULE, 76) \ + PPM_SC_X(DELETE_MODULE, 77) \ + PPM_SC_X(QUOTACTL, 78) \ + PPM_SC_X(GETPGID, 79) \ + PPM_SC_X(FCHDIR, 80) \ + PPM_SC_X(SYSFS, 81) \ + PPM_SC_X(PERSONALITY, 82) \ + PPM_SC_X(GETDENTS, 83) \ + PPM_SC_X(SELECT, 84) \ + PPM_SC_X(FLOCK, 85) \ + PPM_SC_X(MSYNC, 86) \ + PPM_SC_X(READV, 87) \ + PPM_SC_X(WRITEV, 88) \ + PPM_SC_X(GETSID, 89) \ + PPM_SC_X(FDATASYNC, 90) \ + PPM_SC_X(MLOCK, 91) \ + PPM_SC_X(MUNLOCK, 92) \ + PPM_SC_X(MLOCKALL, 93) \ + PPM_SC_X(MUNLOCKALL, 94) \ + PPM_SC_X(SCHED_SETPARAM, 95) \ + PPM_SC_X(SCHED_GETPARAM, 96) \ + PPM_SC_X(SCHED_SETSCHEDULER, 97) \ + PPM_SC_X(SCHED_GETSCHEDULER, 98) \ + PPM_SC_X(SCHED_YIELD, 99) \ + PPM_SC_X(SCHED_GET_PRIORITY_MAX, 100) \ + PPM_SC_X(SCHED_GET_PRIORITY_MIN, 101) \ + PPM_SC_X(SCHED_RR_GET_INTERVAL, 102) \ + PPM_SC_X(NANOSLEEP, 103) \ + PPM_SC_X(MREMAP, 104) \ + PPM_SC_X(POLL, 105) \ + PPM_SC_X(PRCTL, 106) \ + PPM_SC_X(RT_SIGACTION, 107) \ + PPM_SC_X(RT_SIGPROCMASK, 108) \ + PPM_SC_X(RT_SIGPENDING, 109) \ + PPM_SC_X(RT_SIGTIMEDWAIT, 110) \ + PPM_SC_X(RT_SIGQUEUEINFO, 111) \ + PPM_SC_X(RT_SIGSUSPEND, 112) \ + PPM_SC_X(GETCWD, 113) \ + PPM_SC_X(CAPGET, 114) \ + PPM_SC_X(CAPSET, 115) \ + PPM_SC_X(SENDFILE, 116) \ + PPM_SC_X(GETRLIMIT, 117) \ + PPM_SC_X(LCHOWN, 118) \ + PPM_SC_X(GETUID, 119) \ + PPM_SC_X(GETGID, 120) \ + PPM_SC_X(GETEUID, 121) \ + PPM_SC_X(GETEGID, 122) \ + PPM_SC_X(SETREUID, 123) \ + PPM_SC_X(SETREGID, 124) \ + PPM_SC_X(GETGROUPS, 125) \ + PPM_SC_X(SETGROUPS, 126) \ + PPM_SC_X(FCHOWN, 127) \ + PPM_SC_X(SETRESUID, 128) \ + PPM_SC_X(GETRESUID, 129) \ + PPM_SC_X(SETRESGID, 130) \ + PPM_SC_X(GETRESGID, 131) \ + PPM_SC_X(CHOWN, 132) \ + PPM_SC_X(SETUID, 133) \ + PPM_SC_X(SETGID, 134) \ + PPM_SC_X(SETFSUID, 135) \ + PPM_SC_X(SETFSGID, 136) \ + PPM_SC_X(PIVOT_ROOT, 137) \ + PPM_SC_X(MINCORE, 138) \ + PPM_SC_X(MADVISE, 139) \ + PPM_SC_X(GETTID, 140) \ + PPM_SC_X(SETXATTR, 141) \ + PPM_SC_X(LSETXATTR, 142) \ + PPM_SC_X(FSETXATTR, 143) \ + PPM_SC_X(GETXATTR, 144) \ + PPM_SC_X(LGETXATTR, 145) \ + PPM_SC_X(FGETXATTR, 146) \ + PPM_SC_X(LISTXATTR, 147) \ + PPM_SC_X(LLISTXATTR, 148) \ + PPM_SC_X(FLISTXATTR, 149) \ + PPM_SC_X(REMOVEXATTR, 150) \ + PPM_SC_X(LREMOVEXATTR, 151) \ + PPM_SC_X(FREMOVEXATTR, 152) \ + PPM_SC_X(TKILL, 153) \ + PPM_SC_X(FUTEX, 154) \ + PPM_SC_X(SCHED_SETAFFINITY, 155) \ + PPM_SC_X(SCHED_GETAFFINITY, 156) \ + PPM_SC_X(SET_THREAD_AREA, 157) \ + PPM_SC_X(GET_THREAD_AREA, 158) \ + PPM_SC_X(IO_SETUP, 159) \ + PPM_SC_X(IO_DESTROY, 160) \ + PPM_SC_X(IO_GETEVENTS, 161) \ + PPM_SC_X(IO_SUBMIT, 162) \ + PPM_SC_X(IO_CANCEL, 163) \ + PPM_SC_X(EXIT_GROUP, 164) \ + PPM_SC_X(EPOLL_CREATE, 165) \ + PPM_SC_X(EPOLL_CTL, 166) \ + PPM_SC_X(EPOLL_WAIT, 167) \ + PPM_SC_X(REMAP_FILE_PAGES, 168) \ + PPM_SC_X(SET_TID_ADDRESS, 169) \ + PPM_SC_X(TIMER_CREATE, 170) \ + PPM_SC_X(TIMER_SETTIME, 171) \ + PPM_SC_X(TIMER_GETTIME, 172) \ + PPM_SC_X(TIMER_GETOVERRUN, 173) \ + PPM_SC_X(TIMER_DELETE, 174) \ + PPM_SC_X(CLOCK_SETTIME, 175) \ + PPM_SC_X(CLOCK_GETTIME, 176) \ + PPM_SC_X(CLOCK_GETRES, 177) \ + PPM_SC_X(CLOCK_NANOSLEEP, 178) \ + PPM_SC_X(TGKILL, 179) \ + PPM_SC_X(UTIMES, 180) \ + PPM_SC_X(MQ_OPEN, 181) \ + PPM_SC_X(MQ_UNLINK, 182) \ + PPM_SC_X(MQ_TIMEDSEND, 183) \ + PPM_SC_X(MQ_TIMEDRECEIVE, 184) \ + PPM_SC_X(MQ_NOTIFY, 185) \ + PPM_SC_X(MQ_GETSETATTR, 186) \ + PPM_SC_X(KEXEC_LOAD, 187) \ + PPM_SC_X(WAITID, 188) \ + PPM_SC_X(ADD_KEY, 189) \ + PPM_SC_X(REQUEST_KEY, 190) \ + PPM_SC_X(KEYCTL, 191) \ + PPM_SC_X(IOPRIO_SET, 192) \ + PPM_SC_X(IOPRIO_GET, 193) \ + PPM_SC_X(INOTIFY_INIT, 194) \ + PPM_SC_X(INOTIFY_ADD_WATCH, 195) \ + PPM_SC_X(INOTIFY_RM_WATCH, 196) \ + PPM_SC_X(OPENAT, 197) \ + PPM_SC_X(MKDIRAT, 198) \ + PPM_SC_X(MKNODAT, 199) \ + PPM_SC_X(FCHOWNAT, 200) \ + PPM_SC_X(FUTIMESAT, 201) \ + PPM_SC_X(UNLINKAT, 202) \ + PPM_SC_X(RENAMEAT, 203) \ + PPM_SC_X(LINKAT, 204) \ + PPM_SC_X(SYMLINKAT, 205) \ + PPM_SC_X(READLINKAT, 206) \ + PPM_SC_X(FCHMODAT, 207) \ + PPM_SC_X(FACCESSAT, 208) \ + PPM_SC_X(PSELECT6, 209) \ + PPM_SC_X(PPOLL, 210) \ + PPM_SC_X(UNSHARE, 211) \ + PPM_SC_X(SET_ROBUST_LIST, 212) \ + PPM_SC_X(GET_ROBUST_LIST, 213) \ + PPM_SC_X(SPLICE, 214) \ + PPM_SC_X(TEE, 215) \ + PPM_SC_X(VMSPLICE, 216) \ + PPM_SC_X(GETCPU, 217) \ + PPM_SC_X(EPOLL_PWAIT, 218) \ + PPM_SC_X(UTIMENSAT, 219) \ + PPM_SC_X(SIGNALFD, 220) \ + PPM_SC_X(TIMERFD_CREATE, 221) \ + PPM_SC_X(EVENTFD, 222) \ + PPM_SC_X(TIMERFD_SETTIME, 223) \ + PPM_SC_X(TIMERFD_GETTIME, 224) \ + PPM_SC_X(SIGNALFD4, 225) \ + PPM_SC_X(EVENTFD2, 226) \ + PPM_SC_X(EPOLL_CREATE1, 227) \ + PPM_SC_X(DUP3, 228) \ + PPM_SC_X(PIPE2, 229) \ + PPM_SC_X(INOTIFY_INIT1, 230) \ + PPM_SC_X(PREADV, 231) \ + PPM_SC_X(PWRITEV, 232) \ + PPM_SC_X(RT_TGSIGQUEUEINFO, 233) \ + PPM_SC_X(PERF_EVENT_OPEN, 234) \ + PPM_SC_X(FANOTIFY_INIT, 235) \ + PPM_SC_X(PRLIMIT64, 236) \ + PPM_SC_X(CLOCK_ADJTIME, 237) \ + PPM_SC_X(SYNCFS, 238) \ + PPM_SC_X(SETNS, 239) \ + PPM_SC_X(GETDENTS64, 240) \ + PPM_SC_X(SOCKET, 241) \ + PPM_SC_X(BIND, 242) \ + PPM_SC_X(CONNECT, 243) \ + PPM_SC_X(LISTEN, 244) \ + PPM_SC_X(ACCEPT, 245) \ + PPM_SC_X(GETSOCKNAME, 246) \ + PPM_SC_X(GETPEERNAME, 247) \ + PPM_SC_X(SOCKETPAIR, 248) \ + PPM_SC_X(SENDTO, 249) \ + PPM_SC_X(RECVFROM, 250) \ + PPM_SC_X(SHUTDOWN, 251) \ + PPM_SC_X(SETSOCKOPT, 252) \ + PPM_SC_X(GETSOCKOPT, 253) \ + PPM_SC_X(SENDMSG, 254) \ + PPM_SC_X(SENDMMSG, 255) \ + PPM_SC_X(RECVMSG, 256) \ + PPM_SC_X(RECVMMSG, 257) \ + PPM_SC_X(ACCEPT4, 258) \ + PPM_SC_X(SEMOP, 259) \ + PPM_SC_X(SEMGET, 260) \ + PPM_SC_X(SEMCTL, 261) \ + PPM_SC_X(MSGSND, 262) \ + PPM_SC_X(MSGRCV, 263) \ + PPM_SC_X(MSGGET, 264) \ + PPM_SC_X(MSGCTL, 265) \ + PPM_SC_X(SHMDT, 266) \ + PPM_SC_X(SHMGET, 267) \ + PPM_SC_X(SHMCTL, 268) \ + PPM_SC_X(STATFS64, 269) \ + PPM_SC_X(FSTATFS64, 270) \ + PPM_SC_X(FSTATAT64, 271) \ + PPM_SC_X(SENDFILE64, 272) \ + PPM_SC_X(UGETRLIMIT, 273) \ + PPM_SC_X(BDFLUSH, 274) \ + PPM_SC_X(SIGPROCMASK, 275) \ + PPM_SC_X(IPC, 276) \ + PPM_SC_X(SOCKETCALL, 277) \ + PPM_SC_X(STAT64, 278) \ + PPM_SC_X(LSTAT64, 279) \ + PPM_SC_X(FSTAT64, 280) \ + PPM_SC_X(FCNTL64, 281) \ + PPM_SC_X(MMAP2, 282) \ + PPM_SC_X(_NEWSELECT, 283) \ + PPM_SC_X(SGETMASK, 284) \ + PPM_SC_X(SSETMASK, 285) \ + PPM_SC_X(SIGPENDING, 286) \ + PPM_SC_X(OLDUNAME, 287) \ + PPM_SC_X(UMOUNT, 288) \ + PPM_SC_X(SIGNAL, 289) \ + PPM_SC_X(NICE, 290) \ + PPM_SC_X(STIME, 291) \ + PPM_SC_X(_LLSEEK, 292) \ + PPM_SC_X(WAITPID, 293) \ + PPM_SC_X(PREAD64, 294) \ + PPM_SC_X(PWRITE64, 295) \ + PPM_SC_X(ARCH_PRCTL, 296) \ + PPM_SC_X(SHMAT, 297) \ + PPM_SC_X(RT_SIGRETURN, 298) \ + PPM_SC_X(FALLOCATE, 299) \ + PPM_SC_X(NEWFSTATAT, 300) \ + PPM_SC_X(PROCESS_VM_READV, 301) \ + PPM_SC_X(PROCESS_VM_WRITEV, 302) \ + PPM_SC_X(FORK, 303) \ + PPM_SC_X(VFORK, 304) \ + PPM_SC_X(SETUID32, 305) \ + PPM_SC_X(GETUID32, 306) \ + PPM_SC_X(SETGID32, 307) \ + PPM_SC_X(GETEUID32, 308) \ + PPM_SC_X(GETGID32, 309) \ + PPM_SC_X(SETRESUID32, 310) \ + PPM_SC_X(SETRESGID32, 311) \ + PPM_SC_X(GETRESUID32, 312) \ + PPM_SC_X(GETRESGID32, 313) \ + PPM_SC_X(FINIT_MODULE, 314) \ + PPM_SC_X(BPF, 315) \ + PPM_SC_X(SECCOMP, 316) \ + PPM_SC_X(SIGALTSTACK, 317) \ + PPM_SC_X(GETRANDOM, 318) \ + PPM_SC_X(FADVISE64, 319) \ + PPM_SC_X(RENAMEAT2, 320) \ + PPM_SC_X(USERFAULTFD, 321) \ + PPM_SC_X(OPENAT2, 322) \ + PPM_SC_X(UMOUNT2, 323) \ + PPM_SC_X(EXECVE, 324) \ + PPM_SC_X(EXECVEAT, 325) \ + PPM_SC_X(COPY_FILE_RANGE, 326) \ + PPM_SC_X(CLONE, 327) \ + PPM_SC_X(CLONE3, 328) \ + PPM_SC_X(OPEN_BY_HANDLE_AT, 329) \ + PPM_SC_X(IO_URING_SETUP, 330) \ + PPM_SC_X(IO_URING_ENTER, 331) \ + PPM_SC_X(IO_URING_REGISTER, 332) \ + PPM_SC_X(MLOCK2, 333) \ + PPM_SC_X(GETEGID32, 334) \ + PPM_SC_X(FSCONFIG, 335) \ + PPM_SC_X(FSPICK, 336) \ + PPM_SC_X(FSMOUNT, 337) \ + PPM_SC_X(FSOPEN, 338) \ + PPM_SC_X(OPEN_TREE, 339) \ + PPM_SC_X(MOVE_MOUNT, 340) \ + PPM_SC_X(MOUNT_SETATTR, 341) \ + PPM_SC_X(MEMFD_CREATE, 342) \ + PPM_SC_X(MEMFD_SECRET, 343) \ + PPM_SC_X(IOPERM, 344) \ + PPM_SC_X(KEXEC_FILE_LOAD, 345) \ + PPM_SC_X(PIDFD_GET_FD, 346) \ + PPM_SC_X(PIDFD_OPEN, 347) \ + PPM_SC_X(PIDFD_SEND_SIGNAL, 348) \ + PPM_SC_X(PKEY_ALLOC, 349) \ + PPM_SC_X(PKEY_MPROTECT, 350) \ + PPM_SC_X(PKEY_FREE, 351) \ + PPM_SC_X(LANDLOCK_CREATE_RULESET, 352) \ + PPM_SC_X(QUOTACTL_FD, 353) \ + PPM_SC_X(LANDLOCK_RESTRICT_SELF, 354) \ + PPM_SC_X(LANDLOCK_ADD_RULE, 355) \ + PPM_SC_X(EPOLL_PWAIT2, 356) \ + PPM_SC_X(MIGRATE_PAGES, 357) \ + PPM_SC_X(MOVE_PAGES, 358) \ + PPM_SC_X(PREADV2, 359) \ + PPM_SC_X(PWRITEV2, 360) + enum ppm_syscall_code { - PPM_SC_UNKNOWN = 0, - PPM_SC_RESTART_SYSCALL = 1, - PPM_SC_EXIT = 2, - PPM_SC_READ = 3, - PPM_SC_WRITE = 4, - PPM_SC_OPEN = 5, - PPM_SC_CLOSE = 6, - PPM_SC_CREAT = 7, - PPM_SC_LINK = 8, - PPM_SC_UNLINK = 9, - PPM_SC_CHDIR = 10, - PPM_SC_TIME = 11, - PPM_SC_MKNOD = 12, - PPM_SC_CHMOD = 13, - PPM_SC_STAT = 14, - PPM_SC_LSEEK = 15, - PPM_SC_GETPID = 16, - PPM_SC_MOUNT = 17, - PPM_SC_PTRACE = 18, - PPM_SC_ALARM = 19, - PPM_SC_FSTAT = 20, - PPM_SC_PAUSE = 21, - PPM_SC_UTIME = 22, - PPM_SC_ACCESS = 23, - PPM_SC_SYNC = 24, - PPM_SC_KILL = 25, - PPM_SC_RENAME = 26, - PPM_SC_MKDIR = 27, - PPM_SC_RMDIR = 28, - PPM_SC_DUP = 29, - PPM_SC_PIPE = 30, - PPM_SC_TIMES = 31, - PPM_SC_BRK = 32, - PPM_SC_ACCT = 33, - PPM_SC_IOCTL = 34, - PPM_SC_FCNTL = 35, - PPM_SC_SETPGID = 36, - PPM_SC_UMASK = 37, - PPM_SC_CHROOT = 38, - PPM_SC_USTAT = 39, - PPM_SC_DUP2 = 40, - PPM_SC_GETPPID = 41, - PPM_SC_GETPGRP = 42, - PPM_SC_SETSID = 43, - PPM_SC_SETHOSTNAME = 44, - PPM_SC_SETRLIMIT = 45, - PPM_SC_GETRUSAGE = 46, - PPM_SC_GETTIMEOFDAY = 47, - PPM_SC_SETTIMEOFDAY = 48, - PPM_SC_SYMLINK = 49, - PPM_SC_LSTAT = 50, - PPM_SC_READLINK = 51, - PPM_SC_USELIB = 52, - PPM_SC_SWAPON = 53, - PPM_SC_REBOOT = 54, - PPM_SC_MMAP = 55, - PPM_SC_MUNMAP = 56, - PPM_SC_TRUNCATE = 57, - PPM_SC_FTRUNCATE = 58, - PPM_SC_FCHMOD = 59, - PPM_SC_GETPRIORITY = 60, - PPM_SC_SETPRIORITY = 61, - PPM_SC_STATFS = 62, - PPM_SC_FSTATFS = 63, - PPM_SC_SYSLOG = 64, - PPM_SC_SETITIMER = 65, - PPM_SC_GETITIMER = 66, - PPM_SC_UNAME = 67, - PPM_SC_VHANGUP = 68, - PPM_SC_WAIT4 = 69, - PPM_SC_SWAPOFF = 70, - PPM_SC_SYSINFO = 71, - PPM_SC_FSYNC = 72, - PPM_SC_SETDOMAINNAME = 73, - PPM_SC_ADJTIMEX = 74, - PPM_SC_MPROTECT = 75, - PPM_SC_INIT_MODULE = 76, - PPM_SC_DELETE_MODULE = 77, - PPM_SC_QUOTACTL = 78, - PPM_SC_GETPGID = 79, - PPM_SC_FCHDIR = 80, - PPM_SC_SYSFS = 81, - PPM_SC_PERSONALITY = 82, - PPM_SC_GETDENTS = 83, - PPM_SC_SELECT = 84, - PPM_SC_FLOCK = 85, - PPM_SC_MSYNC = 86, - PPM_SC_READV = 87, - PPM_SC_WRITEV = 88, - PPM_SC_GETSID = 89, - PPM_SC_FDATASYNC = 90, - PPM_SC_MLOCK = 91, - PPM_SC_MUNLOCK = 92, - PPM_SC_MLOCKALL = 93, - PPM_SC_MUNLOCKALL = 94, - PPM_SC_SCHED_SETPARAM = 95, - PPM_SC_SCHED_GETPARAM = 96, - PPM_SC_SCHED_SETSCHEDULER = 97, - PPM_SC_SCHED_GETSCHEDULER = 98, - PPM_SC_SCHED_YIELD = 99, - PPM_SC_SCHED_GET_PRIORITY_MAX = 100, - PPM_SC_SCHED_GET_PRIORITY_MIN = 101, - PPM_SC_SCHED_RR_GET_INTERVAL = 102, - PPM_SC_NANOSLEEP = 103, - PPM_SC_MREMAP = 104, - PPM_SC_POLL = 105, - PPM_SC_PRCTL = 106, - PPM_SC_RT_SIGACTION = 107, - PPM_SC_RT_SIGPROCMASK = 108, - PPM_SC_RT_SIGPENDING = 109, - PPM_SC_RT_SIGTIMEDWAIT = 110, - PPM_SC_RT_SIGQUEUEINFO = 111, - PPM_SC_RT_SIGSUSPEND = 112, - PPM_SC_GETCWD = 113, - PPM_SC_CAPGET = 114, - PPM_SC_CAPSET = 115, - PPM_SC_SENDFILE = 116, - PPM_SC_GETRLIMIT = 117, - PPM_SC_LCHOWN = 118, - PPM_SC_GETUID = 119, - PPM_SC_GETGID = 120, - PPM_SC_GETEUID = 121, - PPM_SC_GETEGID = 122, - PPM_SC_SETREUID = 123, - PPM_SC_SETREGID = 124, - PPM_SC_GETGROUPS = 125, - PPM_SC_SETGROUPS = 126, - PPM_SC_FCHOWN = 127, - PPM_SC_SETRESUID = 128, - PPM_SC_GETRESUID = 129, - PPM_SC_SETRESGID = 130, - PPM_SC_GETRESGID = 131, - PPM_SC_CHOWN = 132, - PPM_SC_SETUID = 133, - PPM_SC_SETGID = 134, - PPM_SC_SETFSUID = 135, - PPM_SC_SETFSGID = 136, - PPM_SC_PIVOT_ROOT = 137, - PPM_SC_MINCORE = 138, - PPM_SC_MADVISE = 139, - PPM_SC_GETTID = 140, - PPM_SC_SETXATTR = 141, - PPM_SC_LSETXATTR = 142, - PPM_SC_FSETXATTR = 143, - PPM_SC_GETXATTR = 144, - PPM_SC_LGETXATTR = 145, - PPM_SC_FGETXATTR = 146, - PPM_SC_LISTXATTR = 147, - PPM_SC_LLISTXATTR = 148, - PPM_SC_FLISTXATTR = 149, - PPM_SC_REMOVEXATTR = 150, - PPM_SC_LREMOVEXATTR = 151, - PPM_SC_FREMOVEXATTR = 152, - PPM_SC_TKILL = 153, - PPM_SC_FUTEX = 154, - PPM_SC_SCHED_SETAFFINITY = 155, - PPM_SC_SCHED_GETAFFINITY = 156, - PPM_SC_SET_THREAD_AREA = 157, - PPM_SC_GET_THREAD_AREA = 158, - PPM_SC_IO_SETUP = 159, - PPM_SC_IO_DESTROY = 160, - PPM_SC_IO_GETEVENTS = 161, - PPM_SC_IO_SUBMIT = 162, - PPM_SC_IO_CANCEL = 163, - PPM_SC_EXIT_GROUP = 164, - PPM_SC_EPOLL_CREATE = 165, - PPM_SC_EPOLL_CTL = 166, - PPM_SC_EPOLL_WAIT = 167, - PPM_SC_REMAP_FILE_PAGES = 168, - PPM_SC_SET_TID_ADDRESS = 169, - PPM_SC_TIMER_CREATE = 170, - PPM_SC_TIMER_SETTIME = 171, - PPM_SC_TIMER_GETTIME = 172, - PPM_SC_TIMER_GETOVERRUN = 173, - PPM_SC_TIMER_DELETE = 174, - PPM_SC_CLOCK_SETTIME = 175, - PPM_SC_CLOCK_GETTIME = 176, - PPM_SC_CLOCK_GETRES = 177, - PPM_SC_CLOCK_NANOSLEEP = 178, - PPM_SC_TGKILL = 179, - PPM_SC_UTIMES = 180, - PPM_SC_MQ_OPEN = 181, - PPM_SC_MQ_UNLINK = 182, - PPM_SC_MQ_TIMEDSEND = 183, - PPM_SC_MQ_TIMEDRECEIVE = 184, - PPM_SC_MQ_NOTIFY = 185, - PPM_SC_MQ_GETSETATTR = 186, - PPM_SC_KEXEC_LOAD = 187, - PPM_SC_WAITID = 188, - PPM_SC_ADD_KEY = 189, - PPM_SC_REQUEST_KEY = 190, - PPM_SC_KEYCTL = 191, - PPM_SC_IOPRIO_SET = 192, - PPM_SC_IOPRIO_GET = 193, - PPM_SC_INOTIFY_INIT = 194, - PPM_SC_INOTIFY_ADD_WATCH = 195, - PPM_SC_INOTIFY_RM_WATCH = 196, - PPM_SC_OPENAT = 197, - PPM_SC_MKDIRAT = 198, - PPM_SC_MKNODAT = 199, - PPM_SC_FCHOWNAT = 200, - PPM_SC_FUTIMESAT = 201, - PPM_SC_UNLINKAT = 202, - PPM_SC_RENAMEAT = 203, - PPM_SC_LINKAT = 204, - PPM_SC_SYMLINKAT = 205, - PPM_SC_READLINKAT = 206, - PPM_SC_FCHMODAT = 207, - PPM_SC_FACCESSAT = 208, - PPM_SC_PSELECT6 = 209, - PPM_SC_PPOLL = 210, - PPM_SC_UNSHARE = 211, - PPM_SC_SET_ROBUST_LIST = 212, - PPM_SC_GET_ROBUST_LIST = 213, - PPM_SC_SPLICE = 214, - PPM_SC_TEE = 215, - PPM_SC_VMSPLICE = 216, - PPM_SC_GETCPU = 217, - PPM_SC_EPOLL_PWAIT = 218, - PPM_SC_UTIMENSAT = 219, - PPM_SC_SIGNALFD = 220, - PPM_SC_TIMERFD_CREATE = 221, - PPM_SC_EVENTFD = 222, - PPM_SC_TIMERFD_SETTIME = 223, - PPM_SC_TIMERFD_GETTIME = 224, - PPM_SC_SIGNALFD4 = 225, - PPM_SC_EVENTFD2 = 226, - PPM_SC_EPOLL_CREATE1 = 227, - PPM_SC_DUP3 = 228, - PPM_SC_PIPE2 = 229, - PPM_SC_INOTIFY_INIT1 = 230, - PPM_SC_PREADV = 231, - PPM_SC_PWRITEV = 232, - PPM_SC_RT_TGSIGQUEUEINFO = 233, - PPM_SC_PERF_EVENT_OPEN = 234, - PPM_SC_FANOTIFY_INIT = 235, - PPM_SC_PRLIMIT64 = 236, - PPM_SC_CLOCK_ADJTIME = 237, - PPM_SC_SYNCFS = 238, - PPM_SC_SETNS = 239, - PPM_SC_GETDENTS64 = 240, - PPM_SC_SOCKET = 241, - PPM_SC_BIND = 242, - PPM_SC_CONNECT = 243, - PPM_SC_LISTEN = 244, - PPM_SC_ACCEPT = 245, - PPM_SC_GETSOCKNAME = 246, - PPM_SC_GETPEERNAME = 247, - PPM_SC_SOCKETPAIR = 248, - PPM_SC_SENDTO = 249, - PPM_SC_RECVFROM = 250, - PPM_SC_SHUTDOWN = 251, - PPM_SC_SETSOCKOPT = 252, - PPM_SC_GETSOCKOPT = 253, - PPM_SC_SENDMSG = 254, - PPM_SC_SENDMMSG = 255, - PPM_SC_RECVMSG = 256, - PPM_SC_RECVMMSG = 257, - PPM_SC_ACCEPT4 = 258, - PPM_SC_SEMOP = 259, - PPM_SC_SEMGET = 260, - PPM_SC_SEMCTL = 261, - PPM_SC_MSGSND = 262, - PPM_SC_MSGRCV = 263, - PPM_SC_MSGGET = 264, - PPM_SC_MSGCTL = 265, - PPM_SC_SHMDT = 266, - PPM_SC_SHMGET = 267, - PPM_SC_SHMCTL = 268, - PPM_SC_STATFS64 = 269, - PPM_SC_FSTATFS64 = 270, - PPM_SC_FSTATAT64 = 271, - PPM_SC_SENDFILE64 = 272, - PPM_SC_UGETRLIMIT = 273, - PPM_SC_BDFLUSH = 274, - PPM_SC_SIGPROCMASK = 275, - PPM_SC_IPC = 276, - PPM_SC_SOCKETCALL = 277, - PPM_SC_STAT64 = 278, - PPM_SC_LSTAT64 = 279, - PPM_SC_FSTAT64 = 280, - PPM_SC_FCNTL64 = 281, - PPM_SC_MMAP2 = 282, - PPM_SC__NEWSELECT = 283, - PPM_SC_SGETMASK = 284, - PPM_SC_SSETMASK = 285, - PPM_SC_SIGPENDING = 286, - PPM_SC_OLDUNAME = 287, - PPM_SC_UMOUNT = 288, - PPM_SC_SIGNAL = 289, - PPM_SC_NICE = 290, - PPM_SC_STIME = 291, - PPM_SC__LLSEEK = 292, - PPM_SC_WAITPID = 293, - PPM_SC_PREAD64 = 294, - PPM_SC_PWRITE64 = 295, - PPM_SC_ARCH_PRCTL = 296, - PPM_SC_SHMAT = 297, - PPM_SC_SIGRETURN = 298, - PPM_SC_FALLOCATE = 299, - PPM_SC_NEWFSSTAT = 300, - PPM_SC_PROCESS_VM_READV = 301, - PPM_SC_PROCESS_VM_WRITEV = 302, - PPM_SC_FORK = 303, - PPM_SC_VFORK = 304, - PPM_SC_SETUID32 = 305, - PPM_SC_GETUID32 = 306, - PPM_SC_SETGID32 = 307, - PPM_SC_GETEUID32 = 308, - PPM_SC_GETGID32 = 309, - PPM_SC_SETRESUID32 = 310, - PPM_SC_SETRESGID32 = 311, - PPM_SC_GETRESUID32 = 312, - PPM_SC_GETRESGID32 = 313, - PPM_SC_FINIT_MODULE = 314, - PPM_SC_BPF = 315, - PPM_SC_SECCOMP = 316, - PPM_SC_SIGALTSTACK = 317, - PPM_SC_GETRANDOM = 318, - PPM_SC_FADVISE64 = 319, - PPM_SC_RENAMEAT2 = 320, - PPM_SC_USERFAULTFD = 321, - PPM_SC_OPENAT2 = 322, - PPM_SC_UMOUNT2 = 323, - PPM_SC_EXECVE = 324, - PPM_SC_EXECVEAT = 325, - PPM_SC_COPY_FILE_RANGE = 326, - PPM_SC_CLONE = 327, - PPM_SC_CLONE3 = 328, - PPM_SC_OPEN_BY_HANDLE_AT = 329, - PPM_SC_IO_URING_SETUP = 330, - PPM_SC_IO_URING_ENTER = 331, - PPM_SC_IO_URING_REGISTER = 332, - PPM_SC_MLOCK2 = 333, - PPM_SC_GETEGID32 = 334, - PPM_SC_FSCONFIG = 335, - PPM_SC_MAX = 336, +#define PPM_SC_X(name, value) PPM_SC_##name = value, + PPM_SC_FIELDS +#undef PPM_SC_X + PPM_SC_MAX, }; /* diff --git a/driver/syscall_table.c b/driver/syscall_table.c index 7279fc53da..49b7b9a11d 100644 --- a/driver/syscall_table.c +++ b/driver/syscall_table.c @@ -697,13 +697,13 @@ const struct syscall_evt_pair g_syscall_table[SYSCALL_TABLE_SIZE] = { [__NR_shmat - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_SHMAT}, #endif #ifdef __NR_rt_sigreturn - [__NR_rt_sigreturn - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_SIGRETURN}, + [__NR_rt_sigreturn - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_RT_SIGRETURN}, #endif #ifdef __NR_fallocate [__NR_fallocate - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_FALLOCATE}, #endif #ifdef __NR_newfstatat - [__NR_newfstatat - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_NEWFSSTAT}, + [__NR_newfstatat - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_NEWFSTATAT}, #endif #ifdef __NR_finit_module [__NR_finit_module - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_FINIT_MODULE}, @@ -720,6 +720,81 @@ const struct syscall_evt_pair g_syscall_table[SYSCALL_TABLE_SIZE] = { #ifdef __NR_socketcall [__NR_socketcall - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_SOCKETCALL }, #endif +#ifdef __NR_fspick + [__NR_fspick - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_FSPICK}, +#endif +#ifdef __NR_fsmount + [__NR_fsmount - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_FSMOUNT}, +#endif +#ifdef __NR_fsopen + [__NR_fsopen - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_FSOPEN}, +#endif +#ifdef __NR_open_tree + [__NR_open_tree - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_OPEN_TREE}, +#endif +#ifdef __NR_move_mount + [__NR_move_mount - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MOVE_MOUNT}, +#endif +#ifdef __NR_mount_setattr + [__NR_mount_setattr - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MOUNT_SETATTR}, +#endif +#ifdef __NR_memfd_create + [__NR_memfd_create - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MEMFD_CREATE}, +#endif +#ifdef __NR_memfd_secret + [__NR_memfd_secret - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MEMFD_SECRET}, +#endif +#ifdef __NR_ioperm + [__NR_ioperm - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_IOPERM}, +#endif +#ifdef __NR_kexec_file_load + [__NR_kexec_file_load - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_KEXEC_FILE_LOAD}, +#endif +#ifdef __NR_pidfd_getfd + [__NR_pidfd_getfd - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PIDFD_GET_FD}, +#endif +#ifdef __NR_pidfd_open + [__NR_pidfd_open - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PIDFD_OPEN}, +#endif +#ifdef __NR_pidfd_send_signal + [__NR_pidfd_send_signal - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PIDFD_SEND_SIGNAL}, +#endif +#ifdef __NR_pkey_alloc + [__NR_pkey_alloc - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PKEY_ALLOC}, +#endif +#ifdef __NR_pkey_mprotect + [__NR_pkey_mprotect - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PKEY_MPROTECT}, +#endif +#ifdef __NR_pkey_free + [__NR_pkey_free - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PKEY_FREE}, +#endif +#ifdef __NR_landlock_create_ruleset + [__NR_landlock_create_ruleset - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_LANDLOCK_CREATE_RULESET}, +#endif +#ifdef __NR_quotactl_fd + [__NR_quotactl_fd - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_QUOTACTL_FD}, +#endif +#ifdef __NR_landlock_restrict_self + [__NR_landlock_restrict_self - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_LANDLOCK_RESTRICT_SELF}, +#endif +#ifdef __NR_landlock_add_rule + [__NR_landlock_add_rule - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_LANDLOCK_ADD_RULE}, +#endif +#ifdef __NR_epoll_pwait2 + [__NR_epoll_pwait2 - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_EPOLL_PWAIT2}, +#endif +#ifdef __NR_migrate_pages + [__NR_migrate_pages - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MIGRATE_PAGES}, +#endif +#ifdef __NR_move_pages + [__NR_move_pages - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MOVE_PAGES}, +#endif +#ifdef __NR_preadv2 + [__NR_preadv2 - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PREADV2}, +#endif +#ifdef __NR_pwritev2 + [__NR_pwritev2 - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PWRITEV2}, +#endif }; #ifdef CONFIG_IA32_EMULATION @@ -1319,13 +1394,13 @@ const struct syscall_evt_pair g_syscall_ia32_table[SYSCALL_TABLE_SIZE] = { [__NR_ia32_shmat - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_SHMAT}, #endif #ifdef __NR_ia32_rt_sigreturn - [__NR_ia32_rt_sigreturn - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_SIGRETURN}, + [__NR_ia32_rt_sigreturn - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_RT_SIGRETURN}, #endif #ifdef __NR_ia32_fallocate [__NR_ia32_fallocate - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_FALLOCATE}, #endif #ifdef __NR_ia32_newfstatat - [__NR_ia32_newfstatat - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_NEWFSSTAT}, + [__NR_ia32_newfstatat - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_NEWFSTATAT}, #endif #ifdef __NR_ia32_finit_module [__NR_ia32_finit_module - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_FINIT_MODULE}, @@ -1339,6 +1414,81 @@ const struct syscall_evt_pair g_syscall_ia32_table[SYSCALL_TABLE_SIZE] = { #ifdef __NR_ia32_fadvise64 [__NR_ia32_fadvise64 - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_FADVISE64}, #endif +#ifdef __NR_ia32_fspick + [__NR_ia32_fspick - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_FSPICK}, +#endif +#ifdef __NR_ia32_fsmount + [__NR_ia32_fsmount - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_FSMOUNT}, +#endif +#ifdef __NR_ia32_fsopen + [__NR_ia32_fsopen - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_FSOPEN}, +#endif +#ifdef __NR_ia32_open_tree + [__NR_ia32_open_tree - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_OPEN_TREE}, +#endif +#ifdef __NR_ia32_move_mount + [__NR_ia32_move_mount - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MOVE_MOUNT}, +#endif +#ifdef __NR_ia32_mount_setattr + [__NR_ia32_mount_setattr - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MOUNT_SETATTR}, +#endif +#ifdef __NR_ia32_memfd_create + [__NR_ia32_memfd_create - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MEMFD_CREATE}, +#endif +#ifdef __NR_ia32_memfd_secret + [__NR_ia32_memfd_secret - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MEMFD_SECRET}, +#endif +#ifdef __NR_ia32_ioperm + [__NR_ia32_ioperm - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_IOPERM}, +#endif +#ifdef __NR_ia32_kexec_file_load + [__NR_ia32_kexec_file_load - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_KEXEC_FILE_LOAD}, +#endif +#ifdef __NR_ia32_pidfd_getfd + [__NR_ia32_pidfd_getfd - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PIDFD_GET_FD}, +#endif +#ifdef __NR_ia32_pidfd_open + [__NR_ia32_pidfd_open - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PIDFD_OPEN}, +#endif +#ifdef __NR_ia32_pidfd_send_signal + [__NR_ia32_pidfd_send_signal - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PIDFD_SEND_SIGNAL}, +#endif +#ifdef __NR_ia32_pkey_alloc + [__NR_ia32_pkey_alloc - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PKEY_ALLOC}, +#endif +#ifdef __NR_ia32_pkey_mprotect + [__NR_ia32_pkey_mprotect - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PKEY_MPROTECT}, +#endif +#ifdef __NR_ia32_pkey_free + [__NR_ia32_pkey_free - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PKEY_FREE}, +#endif +#ifdef __NR_ia32_landlock_create_ruleset + [__NR_ia32_landlock_create_ruleset - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_LANDLOCK_CREATE_RULESET}, +#endif +#ifdef __NR_ia32_quotactl_fd + [__NR_ia32_quotactl_fd - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_QUOTACTL_FD}, +#endif +#ifdef __NR_ia32_landlock_restrict_self + [__NR_ia32_landlock_restrict_self - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_LANDLOCK_RESTRICT_SELF}, +#endif +#ifdef __NR_ia32_landlock_add_rule + [__NR_ia32_landlock_add_rule - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_LANDLOCK_ADD_RULE}, +#endif +#ifdef __NR_ia32_epoll_pwait2 + [__NR_ia32_epoll_pwait2 - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_EPOLL_PWAIT2}, +#endif +#ifdef __NR_ia32_migrate_pages + [__NR_ia32_migrate_pages - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MIGRATE_PAGES}, +#endif +#ifdef __NR_ia32_move_pages + [__NR_ia32_move_pages - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_MOVE_PAGES}, +#endif +#ifdef __NR_ia32_preadv2 + [__NR_ia32_preadv2 - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PREADV2}, +#endif +#ifdef __NR_ia32_pwritev2 + [__NR_ia32_pwritev2 - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PWRITEV2}, +#endif }; #endif /* CONFIG_IA32_EMULATION */ diff --git a/userspace/libscap/examples/01-open/scap_open.c b/userspace/libscap/examples/01-open/scap_open.c index 9df0dd2c09..52a7fe5723 100644 --- a/userspace/libscap/examples/01-open/scap_open.c +++ b/userspace/libscap/examples/01-open/scap_open.c @@ -44,24 +44,25 @@ limitations under the License. #define PRINT_SYSCALLS_OPTION "--print_syscalls" #define PRINT_HELP_OPTION "--help" -extern const struct ppm_syscall_desc g_syscall_info_table[PPM_SC_MAX]; extern const struct ppm_event_info g_event_info[PPM_EVENT_MAX]; extern const struct syscall_evt_pair g_syscall_table[SYSCALL_TABLE_SIZE]; +static const struct ppm_syscall_desc *g_syscall_info_table; + /* Engine params */ -struct scap_bpf_engine_params bpf_params = {0}; -struct scap_kmod_engine_params kmod_params = {0}; -struct scap_modern_bpf_engine_params modern_bpf_params = {0}; -struct scap_savefile_engine_params savefile_params = {0}; +static struct scap_bpf_engine_params bpf_params; +static struct scap_kmod_engine_params kmod_params; +static struct scap_modern_bpf_engine_params modern_bpf_params; +static struct scap_savefile_engine_params savefile_params; /* Configuration variables set through CLI. */ -uint64_t num_events = UINT64_MAX; /* max number of events to catch. */ -int evt_type = -1; /* event type to print. */ -bool ppm_sc_is_set = 0; -bool tp_is_set = 0; -unsigned long buffer_bytes_dim = DEFAULT_DRIVER_BUFFER_BYTES_DIM; +static uint64_t num_events = UINT64_MAX; /* max number of events to catch. */ +static int evt_type = -1; /* event type to print. */ +static bool ppm_sc_is_set = 0; +static bool tp_is_set = 0; +static unsigned long buffer_bytes_dim = DEFAULT_DRIVER_BUFFER_BYTES_DIM; -int simple_set[] = { +static int simple_set[] = { PPM_SC_ACCEPT, PPM_SC_ACCEPT4, PPM_SC_BIND, @@ -146,14 +147,14 @@ int simple_set[] = { }; /* Generic global variables. */ -scap_open_args oargs = {.engine_name = UNKNOWN_ENGINE}; /* scap oargs used in `scap_open`. */ -uint64_t g_nevts = 0; /* total number of events captured. */ -scap_t* g_h = NULL; /* global scap handler. */ -uint16_t* lens16 = NULL; /* pointer used to print the length of event params. */ -char* valptr = NULL; /* pointer used to print the value of event params. */ /* pointer used to print the value of event params. */ -struct timeval tval_start, tval_end, tval_result; -unsigned long number_of_timeouts = 0; /* Times in which there were no events in the buffer. */ -unsigned long number_of_scap_next = 0; /* Times in which the 'scap-next' method is called. */ +static scap_open_args oargs = {.engine_name = UNKNOWN_ENGINE}; /* scap oargs used in `scap_open`. */ +static uint64_t g_nevts = 0; /* total number of events captured. */ +static scap_t* g_h = NULL; /* global scap handler. */ +static uint16_t* lens16 = NULL; /* pointer used to print the length of event params. */ +static char* valptr = NULL; /* pointer used to print the value of event params. */ /* pointer used to print the value of event params. */ +static struct timeval tval_start, tval_end, tval_result; +static unsigned long number_of_timeouts; /* Times in which there were no events in the buffer. */ +static unsigned long number_of_scap_next; /* Times in which the 'scap-next' method is called. */ /*=============================== PRINT SUPPORTED SYSCALLS ===========================*/ @@ -302,7 +303,7 @@ bool validate_syscalls() /* If the syscall has `UF_NEVER_DROP` flag we must have its name inside the * `g_syscall_info_table`. */ - if((g_syscall_table[syscall_id].flags & UF_NEVER_DROP) && !g_syscall_info_table[ppm_syscall_code].name) + if((g_syscall_table[syscall_id].flags & UF_NEVER_DROP) && g_syscall_info_table[ppm_syscall_code].name[0] == 0) { printf("ERROR: the syscall with real id `%d` has a `UF_NEVER_DROP` syscall in `g_syscall_table` but not a name in the `g_syscall_info_table`.\n", syscall_id); success = false; @@ -990,6 +991,8 @@ int main(int argc, char** argv) return EXIT_FAILURE; } + g_syscall_info_table = scap_get_syscall_info_table(); + parse_CLI_options(argc, argv); print_scap_source(); diff --git a/userspace/libscap/scap-int.h b/userspace/libscap/scap-int.h index 7b95ca542f..b97f250f7e 100644 --- a/userspace/libscap/scap-int.h +++ b/userspace/libscap/scap-int.h @@ -302,9 +302,7 @@ int32_t scap_os_getpid_global(struct scap_engine_handle engine, int64_t *pid, ch extern const struct syscall_evt_pair g_syscall_table[]; extern const struct ppm_event_info g_event_info[]; -extern const struct ppm_syscall_desc g_syscall_info_table[]; extern const struct ppm_event_entry g_ppm_events[]; -extern bool validate_info_table_size(); // // udig stuff diff --git a/userspace/libscap/scap.c b/userspace/libscap/scap.c index cea361b284..5afb09fc15 100644 --- a/userspace/libscap/scap.c +++ b/userspace/libscap/scap.c @@ -1248,6 +1248,19 @@ int scap_get_events_from_ppm_sc(IN uint32_t ppm_sc_array[PPM_SC_MAX], OUT uint32 return SCAP_SUCCESS; } +int scap_native_id_to_ppm_sc(int native_id) +{ +#ifdef __linux__ + if (native_id < 0 || native_id >= SYSCALL_TABLE_SIZE) + { + return -1; + } + return g_syscall_table[native_id].ppm_sc; +#else + return -1; +#endif +} + int scap_get_modifies_state_tracepoints(OUT uint32_t tp_array[TP_VAL_MAX]) { if(tp_array == NULL) diff --git a/userspace/libscap/scap.h b/userspace/libscap/scap.h index e385e0d586..a04c759cd0 100644 --- a/userspace/libscap/scap.h +++ b/userspace/libscap/scap.h @@ -522,8 +522,7 @@ typedef struct scap_dumper scap_dumper_t; */ struct ppm_syscall_desc { enum ppm_event_category category; /**< System call category. */ - enum ppm_event_flags flags; - char *name; /**< System call name, e.g. 'open'. */ + char name[PPM_MAX_NAME_LEN]; /**< System call name, e.g. 'open'. */ }; /*! @@ -848,6 +847,11 @@ int scap_get_modifies_state_ppm_sc(OUT uint32_t ppm_sc_array[PPM_SC_MAX]); */ int scap_get_events_from_ppm_sc(IN uint32_t ppm_sc_array[PPM_SC_MAX], OUT uint32_t events_array[PPM_EVENT_MAX]); +/*! + \brief Convert a native syscall nr to ppm_sc +*/ +int scap_native_id_to_ppm_sc(int native_id); + /*! \brief Returns the set of minimum tracepoints required by `libsinsp` state. */ diff --git a/userspace/libscap/scap_event.c b/userspace/libscap/scap_event.c index 872beb7eb7..2c12d79ed6 100644 --- a/userspace/libscap/scap_event.c +++ b/userspace/libscap/scap_event.c @@ -35,7 +35,6 @@ limitations under the License. // const struct ppm_event_info* scap_get_event_info_table() { - ASSERT(validate_info_table_size()); return g_event_info; } diff --git a/userspace/libscap/syscall_info_table.c b/userspace/libscap/syscall_info_table.c index bbfee391dc..e2586978e3 100644 --- a/userspace/libscap/syscall_info_table.c +++ b/userspace/libscap/syscall_info_table.c @@ -18,358 +18,45 @@ limitations under the License. #include "../common/types.h" #include "../../driver/ppm_events_public.h" #include "scap.h" +#include "scap-int.h" +#include "../common/strlcpy.h" +#include /* * SYSCALL INFO TABLE */ -const struct ppm_syscall_desc g_syscall_info_table[PPM_SC_MAX] = { - /*dummy*/ { EC_OTHER, (enum ppm_event_flags)(EF_NONE), "" }, - /*PPM_SC_RESTART_SYSCALL*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "restart_syscall" }, - /*PPM_SC_EXIT*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "exit" }, - /*PPM_SC_READ*/ { EC_IO_READ, (enum ppm_event_flags)(EF_NONE), "read" }, - /*PPM_SC_WRITE*/ { EC_IO_WRITE, (enum ppm_event_flags)(EF_NONE), "write" }, - /*PPM_SC_OPEN*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "open" }, - /*PPM_SC_CLOSE*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "close" }, - /*PPM_SC_CREAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "creat" }, - /*PPM_SC_LINK*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "link" }, - /*PPM_SC_UNLINK*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "unlink" }, - /*PPM_SC_CHDIR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "chdir" }, - /*PPM_SC_TIME*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "time" }, - /*PPM_SC_MKNOD*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "mknod" }, - /*PPM_SC_CHMOD*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "chmod" }, - /*PPM_SC_STAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "stat" }, - /*PPM_SC_LSEEK*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "lseek" }, - /*PPM_SC_GETPID*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "getpid" }, - /*PPM_SC_MOUNT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "mount" }, - /*PPM_SC_PTRACE*/ { EC_OTHER, (enum ppm_event_flags)(EF_NONE), "ptrace" }, - /*PPM_SC_ALARM*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "alarm" }, - /*PPM_SC_FSTAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fstat" }, - /*PPM_SC_PAUSE*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "pause" }, /* WAIT UNTIL A SIGNAL ARRIVES */ - /*PPM_SC_UTIME*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "utime" }, - /*PPM_SC_ACCESS*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "access" }, /* checks whether the calling process can access the file pathname */ - /*PPM_SC_SYNC*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "sync" }, /* causes all buffered modifications to file metadata and data to be written to the underlying file systems. */ - /*PPM_SC_KILL*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "kill" }, - /*PPM_SC_RENAME*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "rename" }, - /*PPM_SC_MKDIR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "mkdir" }, - /*PPM_SC_RMDIR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "rmdir" }, - /*PPM_SC_DUP*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "dup" }, - /*PPM_SC_PIPE*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "pipe" }, - /*PPM_SC_TIMES*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "times" }, - /*PPM_SC_BRK*/ { EC_MEMORY, (enum ppm_event_flags)(EF_NONE), "brk" }, - /*PPM_SC_ACCT*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "acct" }, - /*PPM_SC_IOCTL*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "ioctl" }, - /*PPM_SC_FCNTL*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "fcntl" }, - /*PPM_SC_SETPGID*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "setpgid" }, - /*PPM_SC_UMASK*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "umask" }, /* sets the calling process's file mode creation mask */ - /*PPM_SC_CHROOT*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "chroot" }, /* changes the root directory of the calling process to that specified in path. This directory will be used for path names beginning with /. The root directory is inherited by all children of the calling process. */ - /*PPM_SC_USTAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "ustat" }, /* returns information about a mounted file system. */ - /*PPM_SC_DUP2*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "dup2" }, - /*PPM_SC_GETPPID*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "getppid" }, - /*PPM_SC_GETPGRP*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "getpgrp" }, - /*PPM_SC_SETSID*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "setsid" }, /* creates a session and sets the process group ID */ - /*PPM_SC_SETHOSTNAME*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "sethostname" }, - /*PPM_SC_SETRLIMIT*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "setrlimit" }, /* get/set resource (CPU, FDs, memory...) limits */ - /*PPM_SC_GETRUSAGE*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "getrusage" }, /* returns resource usage measures for who */ - /*PPM_SC_GETTIMEOFDAY*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "gettimeofday" }, - /*PPM_SC_SETTIMEOFDAY*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "settimeofday" }, - /*PPM_SC_SYMLINK*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "symlink" }, - /*PPM_SC_LSTAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "lstat" }, - /*PPM_SC_READLINK*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "readlink" }, - /*PPM_SC_USELIB*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "uselib" }, /* load shared library */ - /*PPM_SC_SWAPON*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "swapon" }, /* start/stop swapping to file/device */ - /*PPM_SC_REBOOT*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "reboot" }, - /*PPM_SC_MMAP*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "mmap" }, - /*PPM_SC_MUNMAP*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "munmap" }, - /*PPM_SC_TRUNCATE*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "truncate" }, /* truncate a file to a specified length */ - /*PPM_SC_FTRUNCATE*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "ftruncate" }, /* truncate a file to a specified length */ - /*PPM_SC_FCHMOD*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fchmod" }, - /*PPM_SC_GETPRIORITY*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "getpriority" }, /* get/set program scheduling priority */ - /*PPM_SC_SETPRIORITY*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "setpriority" }, /* get/set program scheduling priority */ - /*PPM_SC_STATFS*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "statfs" }, /* returns information about a mounted file system */ - /*PPM_SC_FSTATFS*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fstatfs" }, /* returns information about a mounted file system */ - /*PPM_SC_SYSLOG*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "syslog" }, /* read and/or clear kernel message ring buffer; set console_loglevel */ - /*PPM_SC_SETITIMER*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "setitimer" }, - /*PPM_SC_GETITIMER*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "getitimer" }, - /*PPM_SC_UNAME*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "uname" }, /* get name and information about current kernel */ - /*PPM_SC_VHANGUP*/ { EC_OTHER , (enum ppm_event_flags)(EF_NONE), "vhangup" }, /* simulates a hangup on the current terminal. This call arranges for other users to have a "clean" terminal at login time. */ - /*PPM_SC_WAIT4*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "wait4" }, /* OBSOLETE */ - /*PPM_SC_SWAPOFF*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "swapoff" }, /* start/stop swapping to file/device */ - /*PPM_SC_SYSINFO*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "sysinfo" }, /* returns information on overall system statistics */ - /*PPM_SC_FSYNC*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "fsync" }, /* sync file content */ - /*PPM_SC_SETDOMAINNAME*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "setdomainname" }, - /*PPM_SC_ADJTIMEX*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "adjtimex" }, /* tune kernel clock */ - /*PPM_SC_MPROTECT*/ { EC_MEMORY, (enum ppm_event_flags)(EF_NONE), "mprotect" }, /* set protection on a region of memory */ - /*PPM_SC_INIT_MODULE*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "init_module" }, /* load a kernel module */ - /*PPM_SC_DELETE_MODULE*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "delete_module" }, - /*PPM_SC_QUOTACTL*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "quotactl" }, - /*PPM_SC_GETPGID*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "getpgid" }, - /*PPM_SC_FCHDIR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fchdir" }, - /*PPM_SC_SYSFS*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "sysfs" }, /* get file system type information */ - /*PPM_SC_PERSONALITY*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "personality" }, /* set the process execution domain */ - /*PPM_SC_GETDENTS*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "getdents" }, /* get directory entries */ - /*PPM_SC_SELECT*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "select" }, - /*PPM_SC_FLOCK*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "flock" }, /* apply or remove an advisory lock on an open file */ - /*PPM_SC_MSYNC*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "msync" }, /* synchronize a file with a memory map */ - /*PPM_SC_READV*/ { EC_IO_READ, (enum ppm_event_flags)(EF_NONE), "readv" }, - /*PPM_SC_WRITEV*/ { EC_IO_WRITE, (enum ppm_event_flags)(EF_NONE), "writev" }, - /*PPM_SC_GETSID*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "getsid" }, /* returns the session ID of the calling process */ - /*PPM_SC_FDATASYNC*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "fdatasync" }, /* synchronize a file's in-core state with storage device */ - /*PPM_SC_MLOCK*/ { EC_MEMORY, (enum ppm_event_flags)(EF_NONE), "mlock" }, /* mlock() and mlockall() respectively lock part or all of the calling process's virtual address space into RAM */ - /*PPM_SC_MUNLOCK*/ { EC_MEMORY, (enum ppm_event_flags)(EF_NONE), "munlock" }, /* mlock() and mlockall() respectively lock part or all of the calling process's virtual address space into RAM */ - /*PPM_SC_MLOCKALL*/ { EC_MEMORY, (enum ppm_event_flags)(EF_NONE), "mlockall" }, /* mlock() and mlockall() respectively lock part or all of the calling process's virtual address space into RAM */ - /*PPM_SC_MUNLOCKALL*/ { EC_MEMORY, (enum ppm_event_flags)(EF_NONE), "munlockall" }, /* mlock() and mlockall() respectively lock part or all of the calling process's virtual address space into RAM */ - /*PPM_SC_SCHED_SETPARAM*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "sched_setparam" }, - /*PPM_SC_SCHED_GETPARAM*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "sched_getparam" }, - /*PPM_SC_SCHED_SETSCHEDULER*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "sched_setscheduler" }, - /*PPM_SC_SCHED_GETSCHEDULER*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "sched_getscheduler" }, - /*PPM_SC_SCHED_YIELD*/ { EC_SLEEP, (enum ppm_event_flags)(EF_NONE), "sched_yield" }, - /*PPM_SC_SCHED_GET_PRIORITY_MAX*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "sched_get_priority_max" }, - /*PPM_SC_SCHED_GET_PRIORITY_MIN*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "sched_get_priority_min" }, - /*PPM_SC_SCHED_RR_GET_INTERVAL*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "sched_rr_get_interval" }, - /*PPM_SC_NANOSLEEP*/ { EC_SLEEP, (enum ppm_event_flags)(EF_NONE), "nanosleep" }, - /*PPM_SC_MREMAP*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "mremap" }, - /*PPM_SC_POLL*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "poll" }, - /*PPM_SC_PRCTL*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "prctl" }, /* operations on a process */ - /*PPM_SC_RT_SIGACTION*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "rt_sigaction" }, - /*PPM_SC_RT_SIGPROCMASK*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "rt_sigprocmask" }, - /*PPM_SC_RT_SIGPENDING*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "rt_sigpending" }, - /*PPM_SC_RT_SIGTIMEDWAIT*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "rt_sigtimedwait" }, - /*PPM_SC_RT_SIGQUEUEINFO*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "rt_sigqueueinfo" }, - /*PPM_SC_RT_SIGSUSPEND*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "rt_sigsuspend" }, - /*PPM_SC_GETCWD*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "getcwd" }, - /*PPM_SC_CAPGET*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "capget" }, /* set/get capabilities of thread(s) */ - /*PPM_SC_CAPSET*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "capset" }, /* set/get capabilities of thread(s) */ - /*PPM_SC_SENDFILE*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "sendfile" }, /* transfer data between file descriptors */ - /*PPM_SC_GETRLIMIT*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "getrlimit" }, - /*PPM_SC_LCHOWN*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "lchown" }, - /*PPM_SC_GETUID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "getuid" }, - /*PPM_SC_GETGID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "getgid" }, - /*PPM_SC_GETEUID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "geteuid" }, - /*PPM_SC_GETEGID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "getegid" }, - /*PPM_SC_SETREUID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "setreuid" }, - /*PPM_SC_SETREGID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "setregid" }, - /*PPM_SC_GETGROUPS*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "getgroups" }, /* returns the supplementary group IDs of the calling process */ - /*PPM_SC_SETGROUPS*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "setgroups" }, /* returns the supplementary group IDs of the calling process */ - /*PPM_SC_FCHOWN*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fchown" }, - /*PPM_SC_SETRESUID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "setresuid" }, - /*PPM_SC_GETRESUID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "getresuid" }, - /*PPM_SC_SETRESGID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "setresgid" }, - /*PPM_SC_GETRESGID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "getresgid" }, - /*PPM_SC_CHOWN*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "chown" }, - /*PPM_SC_SETUID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "setuid" }, - /*PPM_SC_SETGID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "setgid" }, - /*PPM_SC_SETFSUID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "setfsuid" }, - /*PPM_SC_SETFSGID*/ { EC_USER, (enum ppm_event_flags)(EF_NONE), "setfsgid" }, - /*PPM_SC_PIVOT_ROOT*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "pivot_root" }, - /*PPM_SC_MINCORE*/ { EC_MEMORY, (enum ppm_event_flags)(EF_NONE), "mincore" }, /* determine whether pages are resident in memory */ - /*PPM_SC_MADVISE*/ { EC_MEMORY, (enum ppm_event_flags)(EF_NONE), "madvise" }, /* give advice about use of memory */ - /*PPM_SC_GETTID*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "gettid" }, /* returns the caller's thread ID (TID) */ - /*PPM_SC_SETXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "setxattr" }, /* set inode attribute */ - /*PPM_SC_LSETXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "lsetxattr" }, - /*PPM_SC_FSETXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fsetxattr" }, - /*PPM_SC_GETXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "getxattr" }, - /*PPM_SC_LGETXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "lgetxattr" }, - /*PPM_SC_FGETXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fgetxattr" }, - /*PPM_SC_LISTXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "listxattr" }, - /*PPM_SC_LLISTXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "llistxattr" }, - /*PPM_SC_FLISTXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "flistxattr" }, - /*PPM_SC_REMOVEXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "removexattr" }, - /*PPM_SC_LREMOVEXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "lremovexattr" }, - /*PPM_SC_FREMOVEXATTR*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fremovexattr" }, - /*PPM_SC_TKILL*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "tkill" }, /* send a signal to a thread */ - /*PPM_SC_FUTEX*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "futex" }, - /*PPM_SC_SCHED_SETAFFINITY*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "sched_setaffinity" }, - /*PPM_SC_SCHED_GETAFFINITY*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "sched_getaffinity" }, - /*PPM_SC_SET_THREAD_AREA*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "set_thread_area" }, - /*PPM_SC_GET_THREAD_AREA*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "get_thread_area" }, - /*PPM_SC_IO_SETUP*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "io_setup" }, /* create an asynchronous I/O context (for libaio) */ - /*PPM_SC_IO_DESTROY*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "io_destroy" }, - /*PPM_SC_IO_GETEVENTS*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "io_getevents" }, - /*PPM_SC_IO_SUBMIT*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "io_submit" }, - /*PPM_SC_IO_CANCEL*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "io_cancel" }, - /*PPM_SC_EXIT_GROUP*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "exit_group" }, - /*PPM_SC_EPOLL_CREATE*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "epoll_create" }, - /*PPM_SC_EPOLL_CTL*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "epoll_ctl" }, - /*PPM_SC_EPOLL_WAIT*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "epoll_wait" }, - /*PPM_SC_REMAP_FILE_PAGES*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "remap_file_pages" }, /* create a nonlinear file mapping */ - /*PPM_SC_SET_TID_ADDRESS*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "set_tid_address" }, /* set pointer to thread ID */ - /*PPM_SC_TIMER_CREATE*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "timer_create" }, - /*PPM_SC_TIMER_SETTIME*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "timer_settime" }, - /*PPM_SC_TIMER_GETTIME*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "timer_gettime" }, - /*PPM_SC_TIMER_GETOVERRUN*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "timer_getoverrun" }, - /*PPM_SC_TIMER_DELETE*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "timer_delete" }, - /*PPM_SC_CLOCK_SETTIME*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "clock_settime" }, - /*PPM_SC_CLOCK_GETTIME*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "clock_gettime" }, - /*PPM_SC_CLOCK_GETRES*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "clock_getres" }, - /*PPM_SC_CLOCK_NANOSLEEP*/ { EC_SLEEP, (enum ppm_event_flags)(EF_NONE), "clock_nanosleep" }, - /*PPM_SC_TGKILL*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "tgkill" }, - /*PPM_SC_UTIMES*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "utimes" }, /* change file last access and modification times */ - /*PPM_SC_MQ_OPEN*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "mq_open" }, /* Message queues. See http://linux.die.net/man/7/mq_overview. */ - /*PPM_SC_MQ_UNLINK*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "mq_unlink" }, - /*PPM_SC_MQ_TIMEDSEND*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "mq_timedsend" }, - /*PPM_SC_MQ_TIMEDRECEIVE*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "mq_timedreceive" }, - /*PPM_SC_MQ_NOTIFY*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "mq_notify" }, - /*PPM_SC_MQ_GETSETATTR*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "mq_getsetattr" }, - /*PPM_SC_KEXEC_LOAD*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "kexec_load" }, /* load a new kernel for later execution */ - /*PPM_SC_WAITID*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "waitid" }, - /*PPM_SC_ADD_KEY*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "add_key" }, /* add a key to the kernel's key management facility */ - /*PPM_SC_REQUEST_KEY*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "request_key" }, - /*PPM_SC_KEYCTL*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "keyctl" }, - /*PPM_SC_IOPRIO_SET*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "ioprio_set" }, /* get/set I/O scheduling class and priority */ - /*PPM_SC_IOPRIO_GET*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "ioprio_get" }, /* get/set I/O scheduling class and priority */ - /*PPM_SC_INOTIFY_INIT*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "inotify_init" }, /* initialize an inotify event queue instance. See http://en.wikipedia.org/wiki/Inotify. */ - /*PPM_SC_INOTIFY_ADD_WATCH*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "inotify_add_watch" }, - /*PPM_SC_INOTIFY_RM_WATCH*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "inotify_rm_watch" }, - /*PPM_SC_OPENAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "openat" }, - /*PPM_SC_MKDIRAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "mkdirat" }, - /*PPM_SC_MKNODAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "mknodat" }, - /*PPM_SC_FCHOWNAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fchownat" }, - /*PPM_SC_FUTIMESAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "futimesat" }, - /*PPM_SC_UNLINKAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "unlinkat" }, - /*PPM_SC_RENAMEAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "renameat" }, - /*PPM_SC_LINKAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "linkat" }, - /*PPM_SC_SYMLINKAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "symlinkat" }, - /*PPM_SC_READLINKAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "readlinkat" }, - /*PPM_SC_FCHMODAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fchmodat" }, - /*PPM_SC_FACCESSAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "faccessat" }, - /*PPM_SC_PSELECT6*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "pselect6" }, - /*PPM_SC_PPOLL*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "ppoll" }, - /*PPM_SC_UNSHARE*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "unshare" }, /* disassociate parts of the process execution context */ - /*PPM_SC_SET_ROBUST_LIST*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "set_robust_list" }, /* get/set list of robust futexes */ - /*PPM_SC_GET_ROBUST_LIST*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "get_robust_list" }, /* get/set list of robust futexes */ - /*PPM_SC_SPLICE*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "splice" }, /* transfers up to len bytes of data from the file descriptor fd_in to the file descriptor fd_out, where one of the descriptors must refer to a pipe. */ - /*PPM_SC_TEE*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "tee" }, /* tee() duplicates up to len bytes of data from the pipe referred to by the file descriptor fd_in to the pipe referred to by the file descriptor fd_out. It does not consume the data that is duplicated from fd_in. */ - /*PPM_SC_VMSPLICE*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "vmsplice" }, /* splice user pages into a pipe */ - /*PPM_SC_GETCPU*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "getcpu" }, /* determine CPU and NUMA node on which the calling thread is running */ - /*PPM_SC_EPOLL_PWAIT*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "epoll_pwait" }, - /*PPM_SC_UTIMENSAT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "utimensat" }, /* change file timestamps with nanosecond precision */ - /*PPM_SC_SIGNALFD*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "signalfd" }, /* create a pollable file descriptor for accepting signals */ - /*PPM_SC_TIMERFD_CREATE*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "timerfd_create" }, /* // create and operate on a timer that delivers timer expiration notifications via a file descriptor */ - /*PPM_SC_EVENTFD*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "eventfd" }, /* create a file descriptor for event notification */ - /*PPM_SC_TIMERFD_SETTIME*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "timerfd_settime" }, /* create and operate on a timer that delivers timer expiration notifications via a file descriptor */ - /*PPM_SC_TIMERFD_GETTIME*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "timerfd_gettime" }, /* create and operate on a timer that delivers timer expiration notifications via a file descriptor */ - /*PPM_SC_SIGNALFD4*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "signalfd4" }, /* create a pollable file descriptor for accepting signals */ - /*PPM_SC_EVENTFD2*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "eventfd2" }, /* create a file descriptor for event notification */ - /*PPM_SC_EPOLL_CREATE1*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "epoll_create1" }, /* variant of epoll_create */ - /*PPM_SC_DUP3*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "dup3" }, - /*PPM_SC_PIPE2*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "pipe2" }, - /*PPM_SC_INOTIFY_INIT1*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "inotify_init1" }, - /*PPM_SC_PREADV*/ { EC_IO_READ, (enum ppm_event_flags)(EF_NONE), "preadv" }, - /*PPM_SC_PWRITEV*/ { EC_IO_WRITE, (enum ppm_event_flags)(EF_NONE), "pwritev" }, - /*PPM_SC_RT_TGSIGQUEUEINFO*/ { EC_OTHER, (enum ppm_event_flags)(EF_NONE), "rt_tgsigqueueinfo" }, - /*PPM_SC_PERF_EVENT_OPEN*/ { EC_OTHER, (enum ppm_event_flags)(EF_NONE), "perf_event_open" }, - /*PPM_SC_FANOTIFY_INIT*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "fanotify_init" }, - /*PPM_SC_PRLIMIT64*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "prlimit64" }, - /*PPM_SC_CLOCK_ADJTIME*/ { EC_OTHER, (enum ppm_event_flags)(EF_NONE), "clock_adjtime" }, - /*PPM_SC_SYNCFS*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "syncfs" }, - /*PPM_SC_SETNS*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "setns" }, /* reassociate thread with a namespace */ - /*PPM_SC_GETDENTS64*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "getdents64" }, - /* */ - /* Non-multiplexed socket family */ - /* */ - /*PPM_SC_SOCKET*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "socket" }, - /*PPM_SC_BIND*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "bind" }, - /*PPM_SC_CONNECT*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "connect" }, - /*PPM_SC_LISTEN*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "listen" }, - /*PPM_SC_ACCEPT*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "accept" }, - /*PPM_SC_GETSOCKNAME*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "getsockname" }, - /*PPM_SC_GETPEERNAME*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "getpeername" }, - /*PPM_SC_SOCKETPAIR*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "socketpair" }, - /*PPM_SC_SENDTO*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "sendto" }, - /*PPM_SC_RECVFROM*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "recvfrom" }, - /*PPM_SC_SHUTDOWN*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "shutdown" }, - /*PPM_SC_SETSOCKOPT*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "setsockopt" }, - /*PPM_SC_GETSOCKOPT*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "getsockopt" }, - /*PPM_SC_SENDMSG*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "sendmsg" }, - /*PPM_SC_SENDMMSG*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "sendmmsg" }, - /*PPM_SC_RECVMSG*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "recvmsg" }, - /*PPM_SC_RECVMMSG*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "recvmmsg" }, - /*PPM_SC_ACCEPT4*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "accept4" }, - /* - * Non-multiplexed IPC family - */ - /*PPM_SC_SEMOP*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "semop" }, - /*PPM_SC_SEMGET*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "semget" }, - /*PPM_SC_SEMCTL*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "semctl" }, - /*PPM_SC_MSGSND*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "msgsnd" }, - /*PPM_SC_MSGRCV*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "msgrcv" }, - /*PPM_SC_MSGGET*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "msgget" }, - /*PPM_SC_MSGCTL*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "msgctl" }, - /*PPM_SC_SHMDT*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "shmdt" }, - /*PPM_SC_SHMGET*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "shmget" }, - /*PPM_SC_SHMCTL*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "shmctl" }, - /*PPM_SC_STATFS64*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "statfs64" }, - /*PPM_SC_FSTATFS64*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fstatfs64" }, - /*PPM_SC_FSTATAT64*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fstatat64" }, - /*PPM_SC_SENDFILE64*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "sendfile64" }, - /*PPM_SC_UGETRLIMIT*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "ugetrlimit" }, - /*PPM_SC_BDFLUSH*/ { EC_OTHER, (enum ppm_event_flags)(EF_NONE), "bdflush" }, /* deprecated */ - /*PPM_SC_SIGPROCMASK*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "sigprocmask" }, /* examine and change blocked signals */ - /*PPM_SC_IPC*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "ipc" }, - /*PPM_SC_SOCKETCALL*/ { EC_NET, (enum ppm_event_flags)(EF_NONE), "socketcall" }, - /*PPM_SC_STAT64*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "stat64" }, - /*PPM_SC_LSTAT64*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "lstat64" }, - /*PPM_SC_FSTAT64*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fstat64" }, - /*PPM_SC_FCNTL64*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "fcntl64" }, - /*PPM_SC_MMAP2*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "mmap2" }, - /*PPM_SC__NEWSELECT*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "newselect" }, - /*PPM_SC_SGETMASK*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "sgetmask" }, /* manipulation of signal mask (obsolete) */ - /*PPM_SC_SSETMASK*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "ssetmask" }, /* manipulation of signal mask (obsolete) */ - /*PPM_SC_SIGPENDING*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "sigpending" }, /* examine pending signals */ - /*PPM_SC_OLDUNAME*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "olduname" }, - /*PPM_SC_UMOUNT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "umount" }, - /*PPM_SC_SIGNAL*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "signal" }, - /*PPM_SC_NICE*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "nice" }, /* change process priority */ - /*PPM_SC_STIME*/ { EC_TIME, (enum ppm_event_flags)(EF_NONE), "stime" }, - /*PPM_SC__LLSEEK*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "llseek" }, - /*PPM_SC_WAITPID*/ { EC_WAIT, (enum ppm_event_flags)(EF_NONE), "waitpid" }, - /*PPM_SC_PREAD64*/ { EC_IO_READ, (enum ppm_event_flags)(EF_NONE), "pread64" }, - /*PPM_SC_PWRITE64*/ { EC_IO_WRITE, (enum ppm_event_flags)(EF_NONE), "pwrite64" }, - /*PPM_SC_ARCH_PRCTL*/ { EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "arch_prctl" }, - /*PPM_SC_SHMAT*/ { EC_IPC, (enum ppm_event_flags)(EF_NONE), "shmat" }, - /*PPM_SC_SIGRETURN*/ { EC_SIGNAL, (enum ppm_event_flags)(EF_NONE), "sigreturn" }, /* return from signal handler and cleanup stack frame */ - /*PPM_SC_FALLOCATE*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "fallocate" }, /* manipulate file space */ - /*PPM_SC_NEWFSSTAT*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "newfstatat" }, - /*PPM_SC_PROCESS_VM_READV*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "process_vm_readv" }, - /*PPM_SC_PROCESS_VM_WRITEV*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "process_vm_writev" }, - /*PPM_SC_FORK*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "fork" }, - /*PPM_SC_VFORK*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "vfork" }, - /*PPM_SC_SETUID32*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "setuid" }, - /*PPM_SC_GETUID32*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "getuid" }, - /*PPM_SC_SETGID32*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "setgid" }, - /*PPM_SC_GETEUID32*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "geteuid" }, - /*PPM_SC_GETGID32*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "getgid" }, - /*PPM_SC_SETRESUID32*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "setresuid" }, - /*PPM_SC_SETRESGID32*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "setresgid" }, - /*PPM_SC_GETRESUID32*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "getresuid" }, - /*PPM_SC_GETRESGID32*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "getresgid" }, - /*PPM_SC_FINIT_MODULE*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "finit_module" }, /* load a kernel module */ - /*PPM_SC_BPF*/ { EC_OTHER, (enum ppm_event_flags)(EF_NONE), "bpf" }, - /*PPM_SC_SECCOMP*/ { EC_OTHER, (enum ppm_event_flags)(EF_NONE), "seccomp" }, - /*PPM_SC_SIGALTSTACK*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "sigaltstack" }, - /*PPM_SC_GETRANDOM*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "getrandom" }, - /*PPM_SC_FADVISE64*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "fadvise64" }, - /*PPM_SC_RENAMEAT2*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "renameat2" }, - /*PPM_SC_USERFAULTFD*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "userfaultfd" }, - /*PPM_SC_OPENAT2*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "openat2" }, - /*PPM_SC_UMOUNT2*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "umount2" }, - /*PPM_SC_EXECVE*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "execve" }, - /*PPM_SC_EXECVEAT*/ { EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "execveat" }, - /*PPM_SC_COPY_FILE_RANGE*/ {EC_FILE, (enum ppm_event_flags)(EF_NONE), "copy_file_range" }, - /*PPM_SC_CLONE*/ {EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "clone" }, - /*PPM_SC_CLONE3*/ {EC_PROCESS, (enum ppm_event_flags)(EF_NONE), "clone3" }, - /*PPM_SC_OPEN_BY_HANDLE_AT*/ { EC_FILE, (enum ppm_event_flags)(EF_NONE), "open_by_handle_at" }, - /*PPM_SC_IO_URING_SETUP*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "io_uring_setup" }, - /*PPM_SC_IO_URING_ENTER*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "io_uring_enter" }, - /*PPM_SC_IO_URING_REGISTER*/ { EC_IO_OTHER, (enum ppm_event_flags)(EF_NONE), "io_uring_register" }, - /*PPM_SC_MLOCK2*/ {EC_MEMORY, (enum ppm_event_flags)(EF_NONE), "mlock2"}, /* mlock2 locks part of the calling process's virtual address space int RAM*/ - /*PPM_SC_GETEGID32*/ {EC_USER, (enum ppm_event_flags)(EF_NONE), "getegid32"}, - /*PPM_SC_FSCONFIG*/ {EC_SYSTEM, (enum ppm_event_flags)(EF_NONE), "fsconfig"}, -}; +static struct ppm_syscall_desc g_syscall_info_table[PPM_SC_MAX]; -bool validate_info_table_size() -{ - return (sizeof(g_syscall_info_table) / sizeof(g_syscall_info_table[0]) == PPM_SC_MAX); +static void load_syscall_info_table() { + const char *sc_names[PPM_SC_MAX] = { +#define PPM_SC_X(name, value) #name, + PPM_SC_FIELDS +#undef PPM_SC_X + }; + + int i; + for (i = 0; i < PPM_SC_MAX; i++) + { + strlcpy(g_syscall_info_table[i].name, sc_names[i], PPM_MAX_NAME_LEN); + // tolower on name string + char *p = g_syscall_info_table[i].name; + for (; *p; ++p) + { + *p = tolower(*p); + } + // try to load category from event_table, else EC_UNKNOWN + g_syscall_info_table[i].category = EC_UNKNOWN | EC_SYSCALL; +#ifdef __linux__ + // Syscall table is only present on linux + int j; + for (j = 0; j < SYSCALL_TABLE_SIZE; j++) { + if (g_syscall_table[j].ppm_sc == i) { + g_syscall_info_table[i].category = g_event_info[g_syscall_table[j].enter_event_type].category; + break; + } + } +#endif + } } // @@ -377,5 +64,9 @@ bool validate_info_table_size() // const struct ppm_syscall_desc* scap_get_syscall_info_table() { + // Lazy load syscall info table + if (g_syscall_info_table[0].name[0] == 0) { + load_syscall_info_table(); + } return g_syscall_info_table; } diff --git a/userspace/libsinsp/examples/test.cpp b/userspace/libsinsp/examples/test.cpp index 0a47092c7a..97c91dec41 100644 --- a/userspace/libsinsp/examples/test.cpp +++ b/userspace/libsinsp/examples/test.cpp @@ -394,7 +394,7 @@ void plaintext_dump(sinsp& inspector) cout << "[PPID=" << parent_pid << "]:" << "[PID=" << thread->m_pid << "]:" - << "[TYPE=" << get_event_type_name(ev->get_type()) << "]:" + << "[TYPE=" << get_event_type_name(inspector, ev) << "]:" << "[EXE=" << thread->get_exepath() << "]:" << "[CMD=" << cmdline << "]" << endl; diff --git a/userspace/libsinsp/examples/util.cpp b/userspace/libsinsp/examples/util.cpp index 913bfcf265..0e2273b5de 100644 --- a/userspace/libsinsp/examples/util.cpp +++ b/userspace/libsinsp/examples/util.cpp @@ -50,11 +50,20 @@ std::string get_event_category_name(ppm_event_category category) // // Get the string representation of a ppm_event_type // -std::string get_event_type_name(uint16_t type) +std::string get_event_type_name(sinsp& inspector, sinsp_evt* ev) { - if (type < PPM_EVENT_MAX && type != PPME_GENERIC_E && type != PPME_GENERIC_X) + uint16_t type = ev->get_type(); + if (type >= PPM_EVENT_MAX) + { + return "UNKNOWN " + to_string(type); + } + if (type != PPME_GENERIC_E && type != PPME_GENERIC_X) { return g_infotables.m_event_info[type].name; } - return "UNKNOWN " + to_string(type); + + auto tables = inspector.get_event_info_tables(); + sinsp_evt_param *parinfo = ev->get_param(0); + uint16_t ppm_sc = *(uint16_t *)parinfo->m_val; + return tables->m_syscall_info_table[ppm_sc].name; } diff --git a/userspace/libsinsp/examples/util.h b/userspace/libsinsp/examples/util.h index dc0b631b2a..5e64cddc07 100644 --- a/userspace/libsinsp/examples/util.h +++ b/userspace/libsinsp/examples/util.h @@ -25,4 +25,4 @@ std::string get_event_category_name(ppm_event_category category); // // Get the string representation of a ppm_event_type // -std::string get_event_type_name(uint16_t type); +std::string get_event_type_name(sinsp& inspector, sinsp_evt* ev); \ No newline at end of file diff --git a/userspace/libsinsp/filterchecks.cpp b/userspace/libsinsp/filterchecks.cpp index f0536ebd98..6db58bb9c2 100644 --- a/userspace/libsinsp/filterchecks.cpp +++ b/userspace/libsinsp/filterchecks.cpp @@ -3891,6 +3891,19 @@ uint8_t* sinsp_filter_check_event::extract(sinsp_evt *evt, OUT uint32_t* len, bo ASSERT(parinfo->m_len == sizeof(uint16_t)); uint16_t evid = *(uint16_t *)parinfo->m_val; + // Only generic enter event has the nativeID as second param + if (m_inspector->is_capture() && evid == PPM_SC_UNKNOWN && etype == PPME_GENERIC_E) + { + // try to enforce a forward compatibility for syscalls added + // after a scap file was generated, + // by looking up using nativeID. + // Of course, this will only reliably work for + // same architecture scap capture->replay. + parinfo = evt->get_param(1); + ASSERT(parinfo->m_len == sizeof(uint16_t)); + uint16_t nativeid = *(uint16_t *)parinfo->m_val; + evid = scap_native_id_to_ppm_sc(nativeid); + } evname = (uint8_t*)g_infotables.m_syscall_info_table[evid].name; } else diff --git a/userspace/libsinsp/parsers.cpp b/userspace/libsinsp/parsers.cpp index 1159f4dea5..29bb209d43 100644 --- a/userspace/libsinsp/parsers.cpp +++ b/userspace/libsinsp/parsers.cpp @@ -159,7 +159,7 @@ void sinsp_parser::process_event(sinsp_evt *evt) { sinsp_evt_param *parinfo = evt->get_param(0); uint16_t evid = *(uint16_t *)parinfo->m_val; - flags = g_infotables.m_syscall_info_table[evid].flags; + flags = EF_NONE; } else {