RFE: Update syscalls.csv to kernel version v7.0-rc7#485
Open
drakenclimber wants to merge 5 commits intoseccomp:mainfrom
Open
RFE: Update syscalls.csv to kernel version v7.0-rc7#485drakenclimber wants to merge 5 commits intoseccomp:mainfrom
drakenclimber wants to merge 5 commits intoseccomp:mainfrom
Conversation
Add enumerations for kernels 6.18, 6.19, and 7.0 Signed-off-by: Tom Hromatka (Oracle) <tom.hromatka@gmail.com>
A few minor improvements to the script that builds the kernel version tables: * Improve the copy logic from the syscalls-table tool so that the the syscall tables are copied directly to target directory and not to a child directory * Convert relative paths to absolute path. The syscalls-table tool does not support relative paths * Add the latest kernel version numbers to the built-in list. (This isn't strictly required as the tool can handle arbitrary input from the user, but it's an easy update while we're already modifying the script.) Signed-off-by: Tom Hromatka (Oracle) <tom.hromatka@gmail.com>
A few minor improvements to the script that updates the syscalls.csv file: * Remove file_getattr() and file_setattr() from the ignored syscalls list * Properly initialize a new row (when a syscall is added) with PNR,SCMP_KV_UNDEF,... rather than PNR,PNR,... * Add support for release candidate kernels * Convert relative paths to absolute paths Signed-off-by: Tom Hromatka (Oracle) <tom.hromatka@gmail.com>
Member
Author
|
Fixes: #480 |
Member
Author
Signed-off-by: Tom Hromatka (Oracle) <tom.hromatka@gmail.com>
Add documentation on how to update syscalls.csv. NOTE - since we haven't fully converted syscalls.csv over to containing valid kernel version numbers, I have intentionally set all kernel version fields to SCMP_KV_UNDEF. We'll update the kernel versions in pull request seccomp#457. Here are the exact steps and results for updating syscalls.csv to kernels v6.14 through v7.0-rc7 $ apt install libc6-dev-x32 $ git clone https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git $ git clone https://github.com/hrw/syscalls-table.git $ git clone git@github.com:<yourrepo>/libseccomp.git $ cd libseccomp $ vim include/seccomp-kvers.h --> add new syscall enumerations $ time ./src/arch-build-kver-tables.py -d ../syscalls-table -k ../linux -V 6.14,6.15,6.16,6.17,6.18,6.19,7.0-rc7 Building version table for kernel 6.14 Building version table for kernel 6.15 Building version table for kernel 6.16 Building version table for kernel 6.17 Building version table for kernel 6.18 Building version table for kernel 6.19 Building version table for kernel 7.0-rc7 real 2m47.672s user 1m22.094s sys 1m23.954s $ time ./src/arch-update-syscalls-csv.py -a -d ./ -k ../linux -c src/syscalls.csv -V 6.14,6.15,6.16,6.17,6.18,6.19,7.0-rc7 Updating src/syscalls.csv version table for kernel 6.14 Updating src/syscalls.csv version table for kernel 6.15 Updating src/syscalls.csv version table for kernel 6.16 Updating src/syscalls.csv version table for kernel 6.17 Updating src/syscalls.csv version table for kernel 6.18 Updating src/syscalls.csv version table for kernel 6.19 Updating src/syscalls.csv version table for kernel 7.0-rc7 real 0m30.112s user 0m20.716s sys 0m9.547s $ vim include-seccomp-syscalls.h --> add new syscall __SNR and __PNR entries as appropriate $ ./src/arch-syscall-check --> Make changes as recommended by this script --> Re-run this script until there are no more changes to be made $ cd src $ ./arch-syscall-validate -c syscalls-prev.csv ../../linux/ $ git diff HEAD syscalls.csv $ diff syscalls-prev.csv with syscalls.csv Signed-off-by: Tom Hromatka (Oracle) <tom.hromatka@gmail.com>
Member
Author
|
v2 changes:
|
pcmoore
reviewed
Apr 17, 2026
| #define __PNR_riscv_hwprobe -10250 | ||
| #define __PNR_uretprobe -10251 | ||
| #define __PNR_uprobe -10252 | ||
| #define __PNR_rseq_slice_yield -10253 |
Member
There was a problem hiding this comment.
Based on the macros below it looks like __PNR_rseq_slice_yield isn't necessary as __NR_rseq_slice_yield is defined for all arches/ABIs?
pcmoore
reviewed
Apr 17, 2026
| #define __PNR_uretprobe -10251 | ||
| #define __PNR_uprobe -10252 | ||
| #define __PNR_rseq_slice_yield -10253 | ||
| #define __PNR_listns -10254 |
Member
There was a problem hiding this comment.
Same here, it looks like __NR_listns is defined for all arches/ABIs? If not, we need to so the __SNR to __NR or __PNR macro dance down below.
pcmoore
reviewed
Apr 17, 2026
| apt install libc6-dev-x32 | ||
| ``` | ||
|
|
||
| 1. Download source packages |
Member
There was a problem hiding this comment.
All of the list items are numbered "1." :)
pcmoore
reviewed
Apr 17, 2026
|
|
||
| ## How to Update the syscalls.csv Table | ||
|
|
||
| *** NOTE - This currently can only be done on Ubuntu *** |
Member
There was a problem hiding this comment.
Is this just because of the package dependencies in step 1? If so, perhaps we add unordered sub-list there for various distros, e.g. Fedora/RHEL, Arch, etc.
Member
I think we need to keep S390 around for a few more years since it was only just removed in Linux v6.19. I'll add a GH issue so we don't forget about it, but I suspect we may even want to keep it around for the v2.7.z stream too. The good news is that from our perspective it's just a matter of PNR'ing any new syscall that comes along for S390. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In this patchset:
For the libseccomp v2.6.x releases, I think we won't want to backport the s390-removal patch.
Here's a comparison of the HEAD syscalls.csv (with the s390 columns removed) and the proposed syscalls.csv.
https://www.textcompare.org/csv/?id=69dead128329b015e57a0320