2 * This file is part of the Palacios Virtual Machine Monitor developed
3 * by the V3VEE Project with funding from the United States National
4 * Science Foundation and the Department of Energy.
6 * The V3VEE Project is a joint project between Northwestern University
7 * and the University of New Mexico. You can find out more at
10 * Copyright (c) 2011, Kyle C. Hale <kh@u.norhtwestern.edu>
11 * Copyright (c) 2011, The V3VEE Project <http://www.v3vee.org>
12 * All rights reserved.
14 * Author: Kyle C. Hale <kh@u.northwestern.edu>
16 * This is free software. You are permitted to use,
17 * redistribute, and modify it as specified in the file "V3VEE_LICENSE".
20 #include <palacios/vmm.h>
21 #include <palacios/vm_guest_mem.h>
22 #include <palacios/vm_guest.h>
23 #include <palacios/vmm_intr.h>
24 #include <palacios/vmm_decoder.h>
25 #include <palacios/vmm_string.h>
26 #include <palacios/vmm_shadow_paging.h>
27 #include <palacios/vmm_extensions.h>
28 #include <palacios/vmm_paging.h>
29 #include <palacios/vmcb.h>
30 #include <palacios/vmm_hypercall.h>
33 #include <gears/syscall_hijack.h>
34 #include <gears/sw_intr.h>
35 #include <gears/syscall_ref.h>
37 #ifdef V3_CONFIG_EXT_CODE_INJECT
38 #include <gears/code_inject.h>
39 #include <palacios/vmm_list.h>
40 extern struct v3_code_injects code_injects;
43 #ifndef V3_CONFIG_DEBUG_EXT_SYSCALL_HIJACK
45 #define PrintDebug(fmt, args...)
49 struct v3_syscall_hook {
50 int (*handler)(struct guest_info * core, uint_t syscall_nr, void * priv_data);
54 static struct v3_syscall_hook * syscall_hooks[512];
56 #if defined(V3_CONFIG_EXT_SELECTIVE_SYSCALL_EXIT) || defined(V3_CONFIG_EXT_SYSCALL_INSTR)
57 static struct v3_syscall_info syscall_info;
60 static void print_arg (struct guest_info * core, v3_reg_t reg, uint8_t argnum) {
65 PrintDebug(core->vm_info, core, "\t ARG%d: INT - %ld\n", argnum, (long) reg);
67 if (core->mem_mode == PHYSICAL_MEM) {
68 ret = v3_gpa_to_hva(core, get_addr_linear(core, reg, &(core->segments.ds)), &hva);
71 ret = v3_gva_to_hva(core, get_addr_linear(core, reg, &(core->segments.ds)), &hva);
74 PrintDebug(core->vm_info, core, "\t STR - ");
76 PrintDebug(core->vm_info, core, "\n");
80 uint32_t c = max(MAX_CHARS, 4096 - (hva % 4096));
82 for (; i < c && *((char*)(hva + i)) != 0; i++) {
83 PrintDebug(core->vm_info, core, "%c", *((char*)(hva + i)));
85 PrintDebug(core->vm_info, core, "\n");
89 static void print_syscall (uint8_t is64, struct guest_info * core) {
92 PrintDebug(core->vm_info, core, "Syscall #%ld: \"%s\"\n", (long)core->vm_regs.rax, get_linux_syscall_name64(core->vm_regs.rax));
94 PrintDebug(core->vm_info, core, "Syscall #%ld: \"%s\"\n", (long)core->vm_regs.rax, get_linux_syscall_name32(core->vm_regs.rax));
97 print_arg(core, core->vm_regs.rbx, 1);
98 print_arg(core, core->vm_regs.rcx, 2);
99 print_arg(core, core->vm_regs.rdx, 3);
103 int v3_syscall_handler (struct guest_info * core, uint8_t vector, void * priv_data) {
105 uint_t syscall_nr = (uint_t) core->vm_regs.rax;
108 struct v3_syscall_hook * hook = syscall_hooks[syscall_nr];
110 #ifdef V3_CONFIG_EXT_SYSCALL_INSTR
111 // address originally written to LSTAR
113 core->rip = syscall_info.target_addr;
117 #ifdef V3_CONFIG_EXT_SYSCALL_PASSTHROUGH
118 if (v3_hook_passthrough_syscall(core, syscall_nr) == -1) {
119 PrintDebug(core->vm_info, core, "Error hooking passthrough syscall\n");
122 hook = syscall_hooks[syscall_nr];
126 * if this syscall isn't hooked, pop off a pending inject
129 #ifdef V3_CONFIG_EXT_CODE_INJECT
130 struct v3_code_injects * injects = &code_injects;
131 struct v3_code_inject_info * inject = NULL;
133 if (list_empty(&(injects->code_inject_list))) {
137 inject = (struct v3_code_inject_info*) list_first_entry(
138 &(injects->code_inject_list),
139 struct v3_code_inject_info,
142 if (inject == NULL) {
143 PrintError(core->vm_info, core, "Problem getting inject from inject list\n");
147 if (inject->in_progress)
150 // do the inject and don't fall over if there's an inject already in
152 if ((ret = v3_handle_guest_inject(core, (void*)inject)) == -1) {
153 PrintError(core->vm_info, core, "Could not run code injection: v3_syscall_handler\n");
164 err = hook->handler(core, syscall_nr, hook->priv_data);
166 PrintDebug(core->vm_info, core, "V3 Syscall Handler: Error in syscall hook\n");
170 #ifdef V3_CONFIG_EXT_CODE_INJECT
171 if (err == E_NEED_PF)
178 #ifdef V3_CONFIG_EXT_SELECTIVE_SYSCALL_EXIT
179 static int v3_handle_lstar_write (struct guest_info * core, uint_t msr, struct v3_msr src, void * priv_data) {
180 syscall_info.target_addr = (uint64_t) ((((uint64_t)src.hi) << 32) | src.lo);
182 PrintDebug(core->vm_info, core, "LSTAR Write: %p\n", (void*)syscall_info.target_addr);
183 core->msrs.lstar = syscall_info.target_addr;
188 // virtualize the lstar
189 static int v3_handle_lstar_read (struct guest_info * core, uint_t msr, struct v3_msr * dst, void * priv_data) {
190 PrintDebug(core->vm_info, core, "LSTAR Read\n");
191 dst->value = syscall_info.target_addr;
196 static int syscall_setup (struct guest_info * core, unsigned int hcall_id, void * priv_data) {
197 addr_t syscall_stub, syscall_map_gva, syscall_map_hva, ssa_gva, ssa_hva;
199 syscall_stub = (addr_t)core->vm_regs.rbx;
200 syscall_map_gva = (addr_t)core->vm_regs.rcx;
201 ssa_gva = (addr_t)core->vm_regs.rdx;
203 PrintDebug(core->vm_info, core, "syscall setup hypercall:\n");
204 PrintDebug(core->vm_info, core, "\t&syscall_stub (rbx): %p\n\t&syscall_map (rcx): %p\n", (void*)syscall_stub, (void*)syscall_map_gva);
205 PrintDebug(core->vm_info, core, "\t&ssa (rdx): %p\n", (void*)ssa_gva);
207 // the guest vitual address of the asm syscall handling routine
208 syscall_info.syscall_stub = syscall_stub;
211 // now get the hva of the system call map so we can manipulate it in the VMM
212 if (v3_gva_to_hva(core, get_addr_linear(core, syscall_map_gva, &(core->segments.ds)), &syscall_map_hva) == 1) {
213 PrintError(core->vm_info, core, "Problem translating gva to hva for syscall map\n");
217 if (v3_gva_to_hva(core, get_addr_linear(core, ssa_gva, &(core->segments.ds)), &ssa_hva) == 1) {
218 PrintError(core->vm_info, core, "Problem translating gva to hva for syscall map\n");
222 PrintDebug(core->vm_info, core, "\t&syscall_map (hva): %p\n", (void*) syscall_map_hva);
223 PrintDebug(core->vm_info, core, "\t&ssa (hva): %p\n", (void*) ssa_hva);
225 syscall_info.syscall_map = (uint8_t*)syscall_map_hva;
226 syscall_info.ssa = ssa_hva;
228 /* return the original syscall entry point */
229 core->vm_regs.rax = syscall_info.target_addr;
231 /* redirect syscalls henceforth */
232 core->msrs.lstar = syscall_stub;
237 static int syscall_cleanup (struct guest_info * core, unsigned int hcall_id, void * priv_data) {
239 core->msrs.lstar = syscall_info.target_addr;
240 PrintDebug(core->vm_info, core, "original syscall entry point restored\n");
245 static int sel_syscall_handle (struct guest_info * core, unsigned int hcall_id, void * priv_data) {
248 PrintDebug(core->vm_info, core, "caught a selectively exited syscall\n");
250 /* setup registers for handler routines. They should be in the same state
251 * as when the system call was originally invoked */
252 memcpy((void*)®s, (void*)&core->vm_regs, sizeof(struct v3_gprs));
253 memcpy((void*)&core->vm_regs, (void*)syscall_info.ssa, sizeof(struct v3_gprs));
255 //v3_print_guest_state(core);
256 v3_syscall_handler(core, 0, NULL);
258 memcpy((void*)syscall_info.ssa, (void*)&core->vm_regs, sizeof(struct v3_gprs));
259 memcpy((void*)&core->vm_regs, (void*)®s,sizeof(struct v3_gprs));
264 // TODO: make these three functions guest-dependent
265 int v3_syscall_on (void * ginfo, uint8_t syscall_nr) {
266 PrintDebug(VM_NONE, VCORE_NONE, "Enabling exiting for syscall #%d\n", syscall_nr);
267 syscall_info.syscall_map[syscall_nr] = 1;
272 int v3_syscall_off (void * ginfo, uint8_t syscall_nr) {
273 PrintDebug(VM_NONE, VCORE_NONE, "Disabling exiting for syscall #%d\n", syscall_nr);
274 syscall_info.syscall_map[syscall_nr] = 0;
279 int v3_syscall_stat (void * ginfo, uint8_t syscall_nr) {
280 return syscall_info.syscall_map[syscall_nr];
285 static int init_syscall_hijack (struct v3_vm_info * vm, v3_cfg_tree_t * cfg, void ** priv_data) {
287 #ifdef V3_CONFIG_EXT_SELECTIVE_SYSCALL_EXIT
288 v3_register_hypercall(vm, SYSCALL_HANDLE_HCALL, sel_syscall_handle, NULL);
289 v3_register_hypercall(vm, SYSCALL_SETUP_HCALL, syscall_setup, NULL);
290 v3_register_hypercall(vm, SYSCALL_CLEANUP_HCALL, syscall_cleanup, NULL);
298 #ifdef V3_CONFIG_EXT_SYSCALL_INSTR
299 static int v3_handle_lstar_write (struct guest_info * core, uint_t msr, struct v3_msr src, void * priv_data) {
300 PrintDebug(core->vm_info, core, "KCH: LSTAR Write\n");
301 //PrintDebug(core->vm_info, core, "\tvalue: 0x%x%x\n", src.hi, src.lo);
302 syscall_info.target_addr = (uint64_t) ((((uint64_t)src.hi) << 32) | src.lo);
304 // Set LSTAR value seen by hardware while the guest is running
305 PrintDebug(core->vm_info, core, "replacing with %lx\n", SYSCALL_MAGIC_ADDR);
306 core->msrs.lstar = SYSCALL_MAGIC_ADDR;
310 static int v3_handle_lstar_read (struct guest_info * core, uint_t msr, struct v3_msr * dst, void * priv_data) {
311 PrintDebug(core->vm_info, core, "KCH: LSTAR Read\n");
312 dst->value = syscall_info.target_addr;
318 static int init_syscall_hijack_core (struct guest_info * core, void * priv_data, void ** core_data) {
320 #ifdef V3_CONFIG_EXT_SW_INTERRUPTS
321 v3_hook_swintr(core, SYSCALL_INT_VECTOR, v3_syscall_handler, NULL);
324 #if defined(V3_CONFIG_EXT_SYSCALL_INSTR) || defined(V3_CONFIG_EXT_SELECTIVE_SYSCALL_EXIT)
325 v3_hook_msr(core->vm_info, LSTAR_MSR,
326 &v3_handle_lstar_read,
327 &v3_handle_lstar_write,
334 static int deinit_syscall_hijack (struct v3_vm_info * vm, void * priv_data) {
339 static struct v3_extension_impl syscall_impl = {
340 .name = "syscall_intercept",
341 .vm_init = init_syscall_hijack,
342 .vm_deinit = deinit_syscall_hijack,
343 .core_init = init_syscall_hijack_core,
349 register_extension(&syscall_impl);
352 static inline struct v3_syscall_hook * get_syscall_hook (struct guest_info * core, uint_t syscall_nr) {
353 return syscall_hooks[syscall_nr];
357 int v3_hook_syscall (struct guest_info * core,
359 int (*handler)(struct guest_info * core, uint_t syscall_nr, void * priv_data),
362 struct v3_syscall_hook * hook = (struct v3_syscall_hook *)V3_Malloc(sizeof(struct v3_syscall_hook));
366 PrintError(core->vm_info, core, "Cannot allocate for syscall hook\n");
370 if (get_syscall_hook(core, syscall_nr) != NULL) {
371 PrintError(core->vm_info, core, "System Call #%d already hooked\n", syscall_nr);
375 hook->handler = handler;
376 hook->priv_data = priv_data;
378 syscall_hooks[syscall_nr] = hook;
380 PrintDebug(core->vm_info, core, "Hooked Syscall #%d\n", syscall_nr);
386 static int passthrough_syscall_handler (struct guest_info * core, uint_t syscall_nr, void * priv_data) {
387 print_syscall(core->cpu_mode == LONG, core);
392 int v3_hook_passthrough_syscall (struct guest_info * core, uint_t syscall_nr) {
394 int rc = v3_hook_syscall(core, syscall_nr, passthrough_syscall_handler, NULL);
397 PrintError(core->vm_info, core, "failed to hook syscall 0x%x for passthrough (guest=0x%p)\n", syscall_nr, (void *)core);
400 PrintDebug(core->vm_info, core, "hooked syscall 0x%x for passthrough (guest=0x%p)\n", syscall_nr, (void *)core);
404 /* shouldn't get here */
410 char * get_linux_syscall_name32 (uint_t syscall_nr) {
412 switch (syscall_nr) {
414 case 0: return "restart_syscall"; break;
415 case 1: return "exit"; break;
416 case 2: return "fork"; break;
417 case 3: return "read"; break;
418 case 4: return "write"; break;
419 case 5: return "open"; break;
420 case 6: return "close"; break;
421 case 7: return "waitpid"; break;
422 case 8: return "creat"; break;
423 case 9: return "link"; break;
424 case 10: return "unlink"; break;
425 case 11: return "execve"; break;
426 case 12: return "chdir"; break;
427 case 13: return "time"; break;
428 case 14: return "mknod"; break;
429 case 15: return "chmod"; break;
430 case 16: return "lchown"; break;
431 case 17: return "break"; break;
432 case 18: return "oldstat"; break;
433 case 19: return "lseek"; break;
434 case 20: return "getpid"; break;
435 case 21: return "mount"; break;
436 case 22: return "umount"; break;
437 case 23: return "setuid"; break;
438 case 24: return "getuid"; break;
439 case 25: return "stime"; break;
440 case 26: return "ptrace"; break;
441 case 27: return "alarm"; break;
442 case 28: return "oldfstat"; break;
443 case 29: return "pause"; break;
444 case 30: return "utime"; break;
445 case 31: return "stty"; break;
446 case 32: return "gtty"; break;
447 case 33: return "access"; break;
448 case 34: return "nice"; break;
449 case 35: return "ftime"; break;
450 case 36: return "sync"; break;
451 case 37: return "kill"; break;
452 case 38: return "rename"; break;
453 case 39: return "mkdir"; break;
454 case 40: return "rmdir"; break;
455 case 41: return "dup"; break;
456 case 42: return "pipe"; break;
457 case 43: return "times"; break;
458 case 44: return "prof"; break;
459 case 45: return "brk"; break;
460 case 46: return "setgid"; break;
461 case 47: return "getgid"; break;
462 case 48: return "signal"; break;
463 case 49: return "geteuid"; break;
464 case 50: return "getegid"; break;
465 case 51: return "acct"; break;
466 case 52: return "umount2"; break;
467 case 53: return "lock"; break;
468 case 54: return "ioctl"; break;
469 case 55: return "fcntl"; break;
470 case 56: return "mpx"; break;
471 case 57: return "setpgid"; break;
472 case 58: return "ulimit"; break;
473 case 59: return "oldolduname"; break;
474 case 60: return "umask"; break;
475 case 61: return "chroot"; break;
476 case 62: return "ustat"; break;
477 case 63: return "dup2"; break;
478 case 64: return "getppid"; break;
479 case 65: return "getpgrp"; break;
480 case 66: return "setsid"; break;
481 case 67: return "sigaction"; break;
482 case 68: return "sgetmask"; break;
483 case 69: return "ssetmask"; break;
484 case 70: return "setreuid"; break;
485 case 71: return "setregid"; break;
486 case 72: return "sigsuspend"; break;
487 case 73: return "sigpending"; break;
488 case 74: return "sethostname"; break;
489 case 75: return "setrlimit"; break;
490 case 76: return "getrlimit"; break;
491 case 77: return "getrusage"; break;
492 case 78: return "gettimeofday"; break;
493 case 79: return "settimeofday"; break;
494 case 80: return "getgroups"; break;
495 case 81: return "setgroups"; break;
496 case 82: return "select"; break;
497 case 83: return "symlink"; break;
498 case 84: return "oldlstat"; break;
499 case 85: return "readlink"; break;
500 case 86: return "uselib"; break;
501 case 87: return "swapon"; break;
502 case 88: return "reboot"; break;
503 case 89: return "readdir"; break;
504 case 90: return "mmap"; break;
505 case 91: return "munmap"; break;
506 case 92: return "truncate"; break;
507 case 93: return "ftruncate"; break;
508 case 94: return "fchmod"; break;
509 case 95: return "fchown"; break;
510 case 96: return "getpriority"; break;
511 case 97: return "setpriority"; break;
512 case 98: return "profil"; break;
513 case 99: return "statfs"; break;
514 case 100: return "fstatfs"; break;
515 case 101: return "ioperm"; break;
516 case 102: return "socketcall"; break;
517 case 103: return "syslog"; break;
518 case 104: return "setitimer"; break;
519 case 105: return "getitimer"; break;
520 case 106: return "stat"; break;
521 case 107: return "lstat"; break;
522 case 108: return "fstat"; break;
523 case 109: return "olduname"; break;
524 case 110: return "iopl"; break;
525 case 111: return "vhangup"; break;
526 case 112: return "idle"; break;
527 case 113: return "vm86old"; break;
528 case 114: return "wait4"; break;
529 case 115: return "swapoff"; break;
530 case 116: return "sysinfo"; break;
531 case 117: return "ipc"; break;
532 case 118: return "fsync"; break;
533 case 119: return "sigreturn"; break;
534 case 120: return "clone"; break;
535 case 121: return "setdomainname"; break;
536 case 122: return "uname"; break;
537 case 123: return "modify_ldt"; break;
538 case 124: return "adjtimex"; break;
539 case 125: return "mprotect"; break;
540 case 126: return "sigprocmask"; break;
541 case 127: return "create_module"; break;
542 case 128: return "init_module"; break;
543 case 129: return "delete_module"; break;
544 case 130: return "get_kernel_syms"; break;
545 case 131: return "quotactl"; break;
546 case 132: return "getpgid"; break;
547 case 133: return "fchdir"; break;
548 case 134: return "bdflush"; break;
549 case 135: return "sysfs"; break;
550 case 136: return "personality"; break;
551 case 137: return "afs_syscall"; break;
552 case 138: return "setfsuid"; break;
553 case 139: return "setfsgid"; break;
554 case 140: return "_llseek"; break;
555 case 141: return "getdents"; break;
556 case 142: return "_newselect"; break;
557 case 143: return "flock"; break;
558 case 144: return "msync"; break;
559 case 145: return "readv"; break;
560 case 146: return "writev"; break;
561 case 147: return "getsid"; break;
562 case 148: return "fdatasync"; break;
563 case 149: return "_sysctl"; break;
564 case 150: return "mlock"; break;
565 case 151: return "munlock"; break;
566 case 152: return "mlockall"; break;
567 case 153: return "munlockall"; break;
568 case 154: return "sched_setparam"; break;
569 case 155: return "sched_getparam"; break;
570 case 156: return "sched_setscheduler"; break;
571 case 157: return "sched_getscheduler"; break;
572 case 158: return "sched_yield"; break;
573 case 159: return "sched_get_priority_max"; break;
574 case 160: return "sched_get_priority_min"; break;
575 case 161: return "sched_rr_get_interval"; break;
576 case 162: return "nanosleep"; break;
577 case 163: return "mremap"; break;
578 case 164: return "setresuid"; break;
579 case 165: return "getresuid"; break;
580 case 166: return "vm86"; break;
581 case 167: return "query_module"; break;
582 case 168: return "poll"; break;
583 case 169: return "nfsservctl"; break;
584 case 170: return "setresgid"; break;
585 case 171: return "getresgid"; break;
586 case 172: return "prctl"; break;
587 case 173: return "rt_sigreturn"; break;
588 case 174: return "rt_sigaction"; break;
589 case 175: return "rt_sigprocmask"; break;
590 case 176: return "rt_sigpending"; break;
591 case 177: return "rt_sigtimedwait"; break;
592 case 178: return "rt_sigqueueinfo"; break;
593 case 179: return "rt_sigsuspend"; break;
594 case 180: return "pread64"; break;
595 case 181: return "pwrite64"; break;
596 case 182: return "chown"; break;
597 case 183: return "getcwd"; break;
598 case 184: return "capget"; break;
599 case 185: return "capset"; break;
600 case 186: return "sigaltstack"; break;
601 case 187: return "sendfile"; break;
602 case 188: return "getpmsg"; break;
603 case 189: return "putpmsg"; break;
604 case 190: return "vfork"; break;
605 case 191: return "ugetrlimit"; break;
606 case 192: return "mmap2"; break;
607 case 193: return "truncate64"; break;
608 case 194: return "ftruncate64"; break;
609 case 195: return "stat64"; break;
610 case 196: return "lstat64"; break;
611 case 197: return "fstat64"; break;
612 case 198: return "lchown32"; break;
613 case 199: return "getuid32"; break;
614 case 200: return "getgid32"; break;
615 case 201: return "geteuid32"; break;
616 case 202: return "getegid32"; break;
617 case 203: return "setreuid32"; break;
618 case 204: return "setregid32"; break;
619 case 205: return "getgroups32"; break;
620 case 206: return "setgroups32"; break;
621 case 207: return "fchown32"; break;
622 case 208: return "setresuid32"; break;
623 case 209: return "getresuid32"; break;
624 case 210: return "setresgid32"; break;
625 case 211: return "getresgid32"; break;
626 case 212: return "chown32"; break;
627 case 213: return "setuid32"; break;
628 case 214: return "setgid32"; break;
629 case 215: return "setfsuid32"; break;
630 case 216: return "setfsgid32"; break;
631 case 217: return "pivot_root"; break;
632 case 218: return "mincore"; break;
633 case 219: return "madvise1"; break;
634 case 220: return "getdents64"; break;
635 case 221: return "fcntl64"; break;
636 case 224: return "gettid"; break;
637 case 225: return "readahead"; break;
638 case 226: return "setxattr"; break;
639 case 227: return "lsetxattr"; break;
640 case 228: return "fsetxattr"; break;
641 case 229: return "getxattr"; break;
642 case 230: return "lgetxattr"; break;
643 case 231: return "fgetxattr"; break;
644 case 232: return "listxattr"; break;
645 case 233: return "llistxattr"; break;
646 case 234: return "flistxattr"; break;
647 case 235: return "removexattr"; break;
648 case 236: return "lremovexattr"; break;
649 case 237: return "fremovexattr"; break;
650 case 238: return "tkill"; break;
651 case 239: return "sendfile64"; break;
652 case 240: return "futex"; break;
653 case 241: return "sched_setaffinity"; break;
654 case 242: return "sched_getaffinity"; break;
655 case 243: return "set_thread_area"; break;
656 case 244: return "get_thread_area"; break;
657 case 245: return "io_setup"; break;
658 case 246: return "io_destroy"; break;
659 case 247: return "io_getevents"; break;
660 case 248: return "io_submit"; break;
661 case 249: return "io_cancel"; break;
662 case 250: return "fadvise64"; break;
663 case 252: return "exit_group"; break;
664 case 253: return "lookup_dcookie"; break;
665 case 254: return "epoll_create"; break;
666 case 255: return "epoll_ctl"; break;
667 case 256: return "epoll_wait"; break;
668 case 257: return "remap_file_pages"; break;
669 case 258: return "set_tid_address"; break;
670 case 259: return "timer_create"; break;
671 case 260: return "timer_settime"; break;
672 case 261: return "timer_gettime"; break;
673 case 262: return "timer_getoverrun"; break;
674 case 263: return "timer_delete"; break;
675 case 264: return "clock_settime"; break;
676 case 265: return "clock_gettime"; break;
677 case 266: return "clock_getres"; break;
678 case 267: return "clock_nanosleep"; break;
679 case 268: return "statfs64"; break;
680 case 269: return "fstatfs64"; break;
681 case 270: return "tgkill"; break;
682 case 271: return "utimes"; break;
683 case 272: return "fadvise64_64"; break;
684 case 273: return "vserver"; break;
685 case 274: return "mbind"; break;
686 case 275: return "get_mempolicy"; break;
687 case 276: return "set_mempolicy"; break;
688 case 277: return "mq_open"; break;
689 case 278: return "mq_unlink"; break;
690 case 279: return "mq_timedsend"; break;
691 case 280: return "mq_timedreceive"; break;
692 case 281: return "mq_notify"; break;
693 case 282: return "mq_getsetattr"; break;
694 case 283: return "kexec_load"; break;
695 case 284: return "waitid"; break;
696 case 285: return "sys_setaltroot"; break;
697 case 286: return "add_key"; break;
698 case 287: return "request_key"; break;
699 case 288: return "keyctl"; break;
700 case 289: return "ioprio_set"; break;
701 case 290: return "ioprio_get"; break;
702 case 291: return "inotify_init"; break;
703 case 292: return "inotify_add_watch"; break;
704 case 293: return "inotify_rm_watch"; break;
705 case 294: return "migrate_pages"; break;
706 case 295: return "openat"; break;
707 case 296: return "mkdirat"; break;
708 case 297: return "mknodat"; break;
709 case 298: return "fchownat"; break;
710 case 299: return "futimesat"; break;
711 case 300: return "fstatat64"; break;
712 case 301: return "unlinkat"; break;
713 case 302: return "renameat"; break;
714 case 303: return "linkat"; break;
715 case 304: return "symlinkat"; break;
716 case 305: return "readlinkat"; break;
717 case 306: return "fchmodat"; break;
718 case 307: return "faccessat"; break;
719 case 308: return "pselect6"; break;
720 case 309: return "ppoll"; break;
721 case 310: return "unshare"; break;
722 case 311: return "set_robust_list"; break;
723 case 312: return "get_robust_list"; break;
724 case 313: return "splice"; break;
725 case 314: return "sync_file_range"; break;
726 case 315: return "tee"; break;
727 case 316: return "vmsplice"; break;
728 case 317: return "move_pages"; break;
729 case 318: return "getcpu"; break;
730 case 319: return "epoll_pwait"; break;
731 case 320: return "utimensat"; break;
732 case 321: return "signalfd"; break;
733 case 322: return "timerfd_create"; break;
734 case 323: return "eventfd"; break;
735 case 324: return "fallocate"; break;
736 case 325: return "timerfd_settime"; break;
737 case 326: return "timerfd_gettime"; break;
738 case 327: return "signalfd4"; break;
739 case 328: return "eventfd2"; break;
740 case 329: return "epoll_create1"; break;
741 case 330: return "dup3"; break;
742 case 331: return "pipe2"; break;
743 case 332: return "inotify_init1"; break;
744 case 333: return "preadv"; break;
745 case 334: return "pwritev"; break;
746 case 335: return "rt_tgsigqueueinfo"; break;
747 case 336: return "perf_event_open"; break;
748 default: return "UNKNOWN"; break;
753 char * get_linux_syscall_name64 (uint_t syscall_nr) {
755 switch (syscall_nr) {
757 case 0: return "read"; break;
758 case 1: return "write"; break;
759 case 2: return "open"; break;
760 case 3: return "close"; break;
761 case 4: return "stat"; break;
762 case 5: return "fstat"; break;
763 case 6: return "lstat"; break;
764 case 7: return "poll"; break;
765 case 8: return "lseek"; break;
766 case 9: return "mmap"; break;
767 case 10: return "mprotect"; break;
768 case 11: return "munmap"; break;
769 case 12: return "brk"; break;
770 case 13: return "rt_sigaction"; break;
771 case 14: return "rt_sigprocmask"; break;
772 case 15: return "rt_sigreturn"; break;
773 case 16: return "ioctl"; break;
774 case 17: return "pread64"; break;
775 case 18: return "pwrite64"; break;
776 case 19: return "readv"; break;
777 case 20: return "writev"; break;
778 case 21: return "access"; break;
779 case 22: return "pipe"; break;
780 case 23: return "select"; break;
781 case 24: return "sched_yield"; break;
782 case 25: return "mremap"; break;
783 case 26: return "msync"; break;
784 case 27: return "mincore"; break;
785 case 28: return "madvise"; break;
786 case 29: return "shmget"; break;
787 case 30: return "shmat"; break;
788 case 31: return "shmctl"; break;
789 case 32: return "dup"; break;
790 case 33: return "dup2"; break;
791 case 34: return "pause"; break;
792 case 35: return "nanosleep"; break;
793 case 36: return "getitimer"; break;
794 case 37: return "alarm"; break;
795 case 38: return "setitimer"; break;
796 case 39: return "getpid"; break;
797 case 40: return "sendfile"; break;
798 case 41: return "socket"; break;
799 case 42: return "connect"; break;
800 case 43: return "accept"; break;
801 case 44: return "sendto"; break;
802 case 45: return "recvfrom"; break;
803 case 46: return "sendmsg"; break;
804 case 47: return "recvmsg"; break;
805 case 48: return "shutdown"; break;
806 case 49: return "bind"; break;
807 case 50: return "listen"; break;
808 case 51: return "getsockname"; break;
809 case 52: return "getpeername"; break;
810 case 53: return "socketpair"; break;
811 case 54: return "setsockopt"; break;
812 case 55: return "getsockopt"; break;
813 case 56: return "clone"; break;
814 case 57: return "fork"; break;
815 case 58: return "vfork"; break;
816 case 59: return "execve"; break;
817 case 60: return "exit"; break;
818 case 61: return "wait4"; break;
819 case 62: return "kill"; break;
820 case 63: return "uname"; break;
821 case 64: return "semget"; break;
822 case 65: return "semop"; break;
823 case 66: return "semctl"; break;
824 case 67: return "shmdt"; break;
825 case 68: return "msgget"; break;
826 case 69: return "msgsnd"; break;
827 case 70: return "msgrcv"; break;
828 case 71: return "msgctl"; break;
829 case 72: return "fcntl"; break;
830 case 73: return "flock"; break;
831 case 74: return "fsync"; break;
832 case 75: return "fdatasync"; break;
833 case 76: return "truncate"; break;
834 case 77: return "ftruncate"; break;
835 case 78: return "getdents"; break;
836 case 79: return "getcwd"; break;
837 case 80: return "chdir"; break;
838 case 81: return "fchdir"; break;
839 case 82: return "rename"; break;
840 case 83: return "mkdir"; break;
841 case 84: return "rmdir"; break;
842 case 85: return "creat"; break;
843 case 86: return "link"; break;
844 case 87: return "unlink"; break;
845 case 88: return "symlink"; break;
846 case 89: return "readlink"; break;
847 case 90: return "chmod"; break;
848 case 91: return "fchmod"; break;
849 case 92: return "chown"; break;
850 case 93: return "fchown"; break;
851 case 94: return "lchown"; break;
852 case 95: return "umask"; break;
853 case 96: return "gettimeofday"; break;
854 case 97: return "getrlimit"; break;
855 case 98: return "getrusage"; break;
856 case 99: return "sysinfo"; break;
857 case 100: return "times"; break;
858 case 101: return "ptrace"; break;
859 case 102: return "getuid"; break;
860 case 103: return "syslog"; break;
861 case 104: return "getgid"; break;
862 case 105: return "setuid"; break;
863 case 106: return "setgid"; break;
864 case 107: return "geteuid"; break;
865 case 108: return "getegid"; break;
866 case 109: return "setpgid"; break;
867 case 110: return "getppid"; break;
868 case 111: return "getpgrp"; break;
869 case 112: return "setsid"; break;
870 case 113: return "setreuid"; break;
871 case 114: return "setregid"; break;
872 case 115: return "getgroups"; break;
873 case 116: return "setgroups"; break;
874 case 117: return "setresuid"; break;
875 case 118: return "getresuid"; break;
876 case 119: return "setresgid"; break;
877 case 120: return "getresgid"; break;
878 case 121: return "getpgid"; break;
879 case 122: return "setfsuid"; break;
880 case 123: return "setfsgid"; break;
881 case 124: return "getsid"; break;
882 case 125: return "capget"; break;
883 case 126: return "capset"; break;
884 case 127: return "rt_sigpending"; break;
885 case 128: return "rt_sigtimedwait"; break;
886 case 129: return "rt_sigqueueinfo"; break;
887 case 130: return "rt_sigsuspend"; break;
888 case 131: return "sigaltstack"; break;
889 case 132: return "utime"; break;
890 case 133: return "mknod"; break;
891 case 134: return "uselib"; break;
892 case 135: return "personality"; break;
893 case 136: return "ustat"; break;
894 case 137: return "statfs"; break;
895 case 138: return "fstatfs"; break;
896 case 139: return "sysfs"; break;
897 case 140: return "getpriority"; break;
898 case 141: return "setpriority"; break;
899 case 142: return "sched_setparam"; break;
900 case 143: return "sched_getparam"; break;
901 case 144: return "sched_setscheduler"; break;
902 case 145: return "sched_getscheduler"; break;
903 case 146: return "sched_get_priority_max"; break;
904 case 147: return "sched_get_priority_min"; break;
905 case 148: return "sched_rr_get_interval"; break;
906 case 149: return "mlock"; break;
907 case 150: return "munlock"; break;
908 case 151: return "mlockall"; break;
909 case 152: return "munlockall"; break;
910 case 153: return "vhangup"; break;
911 case 154: return "modify_ldt"; break;
912 case 155: return "pivot_root"; break;
913 case 156: return "_sysctl"; break;
914 case 157: return "prctl"; break;
915 case 158: return "arch_prctl"; break;
916 case 159: return "adjtimex"; break;
917 case 160: return "setrlimit"; break;
918 case 161: return "chroot"; break;
919 case 162: return "sync"; break;
920 case 163: return "acct"; break;
921 case 164: return "settimeofday"; break;
922 case 165: return "mount"; break;
923 case 166: return "umount2"; break;
924 case 167: return "swapon"; break;
925 case 168: return "swapoff"; break;
926 case 169: return "reboot"; break;
927 case 170: return "sethostname"; break;
928 case 171: return "setdomainname"; break;
929 case 172: return "iopl"; break;
930 case 173: return "ioperm"; break;
931 case 174: return "create_module"; break;
932 case 175: return "init_module"; break;
933 case 176: return "delete_module"; break;
934 case 177: return "get_kernel_syms"; break;
935 case 178: return "query_module"; break;
936 case 179: return "quotactl"; break;
937 case 180: return "nfsservctl"; break;
938 case 181: return "getpmsg"; break;
939 case 182: return "putpmsg"; break;
940 case 183: return "afs_syscall"; break;
941 case 184: return "tuxcall"; break;
942 case 185: return "security"; break;
943 case 186: return "gettid"; break;
944 case 187: return "readahead"; break;
945 case 188: return "setxattr"; break;
946 case 189: return "lsetxattr"; break;
947 case 190: return "fsetxattr"; break;
948 case 191: return "getxattr"; break;
949 case 192: return "lgetxattr"; break;
950 case 193: return "fgetxattr"; break;
951 case 194: return "listxattr"; break;
952 case 195: return "llistxattr"; break;
953 case 196: return "flistxattr"; break;
954 case 197: return "removexattr"; break;
955 case 198: return "lremovexattr"; break;
956 case 199: return "fremovexattr"; break;
957 case 200: return "tkill"; break;
958 case 201: return "time"; break;
959 case 202: return "futex"; break;
960 case 203: return "sched_setaffinity"; break;
961 case 204: return "sched_getaffinity"; break;
962 case 205: return "set_thread_area"; break;
963 case 206: return "io_setup"; break;
964 case 207: return "io_destroy"; break;
965 case 208: return "io_getevents"; break;
966 case 209: return "io_submit"; break;
967 case 210: return "io_cancel"; break;
968 case 211: return "get_thread_area"; break;
969 case 212: return "lookup_dcookie"; break;
970 case 213: return "epoll_create"; break;
971 case 214: return "epoll_ctl_old"; break;
972 case 215: return "epoll_wait_old"; break;
973 case 216: return "remap_file_pages"; break;
974 case 217: return "getdents64"; break;
975 case 218: return "set_tid_address"; break;
976 case 219: return "restart_syscall"; break;
977 case 220: return "semtimedop"; break;
978 case 221: return "fadvise64"; break;
979 case 222: return "timer_create"; break;
980 case 223: return "timer_settime"; break;
981 case 224: return "timer_gettime"; break;
982 case 225: return "timer_getoverrun"; break;
983 case 226: return "timer_delete"; break;
984 case 227: return "clock_settime"; break;
985 case 228: return "clock_gettime"; break;
986 case 229: return "clock_getres"; break;
987 case 230: return "clock_nanosleep"; break;
988 case 231: return "exit_group"; break;
989 case 232: return "epoll_wait"; break;
990 case 233: return "epoll_ctl"; break;
991 case 234: return "tgkill"; break;
992 case 235: return "utimes"; break;
993 case 236: return "vserver"; break;
994 case 237: return "mbind"; break;
995 case 238: return "set_mempolicy"; break;
996 case 239: return "get_mempolicy"; break;
997 case 240: return "mq_open"; break;
998 case 241: return "mq_unlink"; break;
999 case 242: return "mq_timedsend"; break;
1000 case 243: return "mq_timedreceive"; break;
1001 case 244: return "mq_notify"; break;
1002 case 246: return "kexec_load"; break;
1003 case 247: return "waitid"; break;
1004 case 248: return "add_key"; break;
1005 case 249: return "request_key"; break;
1006 case 250: return "keyctl"; break;
1007 case 251: return "ioprio_set"; break;
1008 case 252: return "ioprio_get"; break;
1009 case 253: return "inotify_init"; break;
1010 case 254: return "inotify_add_watch"; break;
1011 case 255: return "inotify_rm_watch"; break;
1012 case 256: return "migrate_pages"; break;
1013 case 257: return "openat"; break;
1014 case 258: return "mkdirat"; break;
1015 case 259: return "mknodat"; break;
1016 case 260: return "fchownat"; break;
1017 case 261: return "futimesat"; break;
1018 case 262: return "newfstatat"; break;
1019 case 263: return "unlinkat"; break;
1020 case 264: return "renameat"; break;
1021 case 265: return "linkat"; break;
1022 case 266: return "symlinkat"; break;
1023 case 267: return "readlinkat"; break;
1024 case 268: return "fchmodat"; break;
1025 case 269: return "faccessat"; break;
1026 case 270: return "pselect6"; break;
1027 case 271: return "ppoll"; break;
1028 case 272: return "unshare"; break;
1029 case 273: return "set_robust_list"; break;
1030 case 274: return "get_robust_list"; break;
1031 case 275: return "splice"; break;
1032 case 276: return "tee"; break;
1033 case 277: return "sync_file_range"; break;
1034 case 278: return "vmsplice"; break;
1035 case 279: return "move_pages"; break;
1036 case 280: return "utimensat"; break;
1037 case 281: return "epoll_pwait"; break;
1038 case 282: return "signalfd"; break;
1039 case 283: return "timerfd_create"; break;
1040 case 284: return "eventfd"; break;
1041 case 285: return "fallocate"; break;
1042 case 286: return "timerfd_settime"; break;
1043 case 287: return "timerfd_gettime"; break;
1044 case 288: return "accept4"; break;
1045 case 289: return "signalfd4"; break;
1046 case 290: return "eventfd2"; break;
1047 case 291: return "epoll_create1"; break;
1048 case 292: return "dup3"; break;
1049 case 293: return "pipe2"; break;
1050 case 294: return "inotify_init1"; break;
1051 case 295: return "preadv"; break;
1052 case 296: return "pwritev"; break;
1053 case 297: return "rt_tgsigqueueinfo"; break;
1054 case 298: return "perf_event_open"; break;
1055 default: return "UNKNOWN"; break;
