2 * This file is part of the Palacios Virtual Machine Monitor developed
3 * by the V3VEE Project with funding from the United States National
4 * Science Foundation and the Department of Energy.
6 * The V3VEE Project is a joint project between Northwestern University
7 * and the University of New Mexico. You can find out more at
10 * Copyright (c) 2011, Kyle C. Hale <kh@u.norhtwestern.edu>
11 * Copyright (c) 2011, The V3VEE Project <http://www.v3vee.org>
12 * All rights reserved.
14 * Author: Kyle C. Hale <kh@u.northwestern.edu>
16 * This is free software. You are permitted to use,
17 * redistribute, and modify it as specified in the file "V3VEE_LICENSE".
20 #include <palacios/vmm.h>
21 #include <palacios/vm_guest_mem.h>
22 #include <palacios/vm_guest.h>
23 #include <palacios/vmm_intr.h>
24 #include <palacios/vmm_decoder.h>
25 #include <palacios/vmm_string.h>
26 #include <palacios/vmm_shadow_paging.h>
27 #include <palacios/vmm_extensions.h>
28 #include <palacios/vmm_paging.h>
29 #include <palacios/vmcb.h>
30 #include <palacios/vmm_hypercall.h>
33 #include <gears/syscall_hijack.h>
34 #include <gears/sw_intr.h>
35 #include <gears/syscall_ref.h>
37 #ifdef V3_CONFIG_EXT_CODE_INJECT
38 #include <gears/code_inject.h>
39 #include <palacios/vmm_list.h>
40 extern struct v3_code_injects code_injects;
43 #ifndef V3_CONFIG_DEBUG_EXT_SYSCALL_HIJACK
45 #define PrintDebug(fmt, args...)
49 struct v3_syscall_hook {
50 int (*handler)(struct guest_info * core, uint_t syscall_nr, void * priv_data);
54 static struct v3_syscall_hook * syscall_hooks[512];
56 #if defined(V3_CONFIG_EXT_SELECTIVE_SYSCALL_EXIT) || defined(V3_CONFIG_EXT_SYSCALL_INSTR)
57 static struct v3_syscall_info syscall_info;
60 static void print_arg (struct guest_info * core, v3_reg_t reg, uint8_t argnum) {
65 PrintDebug("\t ARG%d: INT - %ld\n", argnum, (long) reg);
67 if (core->mem_mode == PHYSICAL_MEM) {
68 ret = v3_gpa_to_hva(core, get_addr_linear(core, reg, &(core->segments.ds)), &hva);
71 ret = v3_gva_to_hva(core, get_addr_linear(core, reg, &(core->segments.ds)), &hva);
74 PrintDebug("\t STR - ");
80 uint32_t c = max(MAX_CHARS, 4096 - (hva % 4096));
82 for (; i < c && *((char*)(hva + i)) != 0; i++) {
83 PrintDebug("%c", *((char*)(hva + i)));
89 static void print_syscall (uint8_t is64, struct guest_info * core) {
92 PrintDebug("Syscall #%ld: \"%s\"\n", (long)core->vm_regs.rax, get_linux_syscall_name64(core->vm_regs.rax));
94 PrintDebug("Syscall #%ld: \"%s\"\n", (long)core->vm_regs.rax, get_linux_syscall_name32(core->vm_regs.rax));
97 print_arg(core, core->vm_regs.rbx, 1);
98 print_arg(core, core->vm_regs.rcx, 2);
99 print_arg(core, core->vm_regs.rdx, 3);
103 int v3_syscall_handler (struct guest_info * core, uint8_t vector, void * priv_data) {
105 uint_t syscall_nr = (uint_t) core->vm_regs.rax;
106 int err = 0, ret = 0;
108 struct v3_syscall_hook * hook = syscall_hooks[syscall_nr];
110 #ifdef V3_CONFIG_EXT_SYSCALL_INSTR
111 // address originally written to LSTAR
113 core->rip = syscall_info.target_addr;
116 #ifdef V3_CONFIG_EXT_SELECTIVE_SYSCALL_EXIT
117 PrintDebug("In v3_syscall_handler: syscall_nr - %d\n", syscall_nr);
122 #ifdef V3_CONFIG_EXT_SYSCALL_PASSTHROUGH
123 if (v3_hook_passthrough_syscall(core, syscall_nr) == -1) {
124 PrintDebug("Error hooking passthrough syscall\n");
127 hook = syscall_hooks[syscall_nr];
131 * if this syscall isn't hooked, pop off a pending inject
134 #ifdef V3_CONFIG_EXT_CODE_INJECT
135 struct v3_code_injects * injects = &code_injects;
136 struct v3_code_inject_info * inject = NULL;
138 if (list_empty(&(injects->code_inject_list))) {
142 inject = (struct v3_code_inject_info*) list_first_entry(
143 &(injects->code_inject_list),
144 struct v3_code_inject_info,
147 if (inject == NULL) {
148 PrintError("Problem getting inject from inject list\n");
152 if (inject->in_progress)
155 // do the inject and don't fall over if there's an inject already in
157 if ((ret = v3_handle_guest_inject(core, (void*)inject)) == -1) {
158 PrintError("Could not run code injection: v3_syscall_handler\n");
169 err = hook->handler(core, syscall_nr, hook->priv_data);
171 PrintDebug("V3 Syscall Handler: Error in syscall hook\n");
175 #ifdef V3_CONFIG_EXT_CODE_INJECT
176 if (err == E_NEED_PF)
183 #ifdef V3_CONFIG_EXT_SELECTIVE_SYSCALL_EXIT
184 static int v3_handle_lstar_write (struct guest_info * core, uint_t msr, struct v3_msr src, void * priv_data) {
185 syscall_info.target_addr = (uint64_t) ((((uint64_t)src.hi) << 32) | src.lo);
187 PrintDebug("LSTAR Write: %p\n", (void*)syscall_info.target_addr);
188 core->msrs.lstar = syscall_info.target_addr;
193 // virtualize the lstar
194 static int v3_handle_lstar_read (struct guest_info * core, uint_t msr, struct v3_msr * dst, void * priv_data) {
195 PrintDebug("LSTAR Read\n");
196 dst->value = syscall_info.target_addr;
201 static int syscall_setup (struct guest_info * core, unsigned int hcall_id, void * priv_data) {
202 addr_t syscall_stub, syscall_map, ssa;
204 syscall_stub = (addr_t)core->vm_regs.rbx;
205 syscall_map = (addr_t)core->vm_regs.rcx;
206 ssa = (addr_t)core->vm_regs.rdx;
208 PrintDebug("made it to syscall setup hypercall\n");
209 PrintDebug("\t&syscall_stub (rbx): %p\n\t&syscall_map (rcx): %p\n", (void*)syscall_stub, (void*)syscall_map);
210 PrintDebug("\t&ssa (rdx): %p\n", (void*)ssa);
212 syscall_info.syscall_stub = syscall_stub;
213 syscall_info.syscall_map = (uint8_t*)syscall_map;
214 syscall_info.ssa = ssa;
216 /* return the original syscall entry point */
217 core->vm_regs.rax = syscall_info.target_addr;
219 /* redirect syscalls henceforth */
220 core->msrs.lstar = syscall_stub;
225 static int syscall_cleanup (struct guest_info * core, unsigned int hcall_id, void * priv_data) {
227 core->msrs.lstar = syscall_info.target_addr;
228 PrintDebug("original syscall entry point restored\n");
233 static int sel_syscall_handle (struct guest_info * core, unsigned int hcall_id, void * priv_data) {
238 PrintDebug("caught a selectively exited syscall!\n");
239 ret = v3_gva_to_hva(core, get_addr_linear(core, syscall_info.ssa, &(core->segments.ds)), &hva);
241 PrintError("Problem translating state save area address in sel_syscall_handle\n");
245 /* setup registers for handler routines. They should be in the same state
246 * as when the system call was originally invoked */
247 memcpy((void*)®s, (void*)&core->vm_regs, sizeof(struct v3_gprs));
248 memcpy((void*)&core->vm_regs, (void*)hva, sizeof(struct v3_gprs));
250 v3_print_guest_state(core);
252 // TODO: call syscall-independent handler
254 memcpy((void*)hva, (void*)&core->vm_regs, sizeof(struct v3_gprs));
255 memcpy((void*)&core->vm_regs, (void*)®s,sizeof(struct v3_gprs));
262 static int init_syscall_hijack (struct v3_vm_info * vm, v3_cfg_tree_t * cfg, void ** priv_data) {
263 #ifdef V3_CONFIG_EXT_SELECTIVE_SYSCALL_EXIT
264 v3_register_hypercall(vm, 0x5CA11, sel_syscall_handle, NULL);
265 v3_register_hypercall(vm, 0x5CA12, syscall_setup, NULL);
266 v3_register_hypercall(vm, 0x5CA13, syscall_cleanup, NULL);
273 #ifdef V3_CONFIG_EXT_SYSCALL_INSTR
274 static int v3_handle_lstar_write (struct guest_info * core, uint_t msr, struct v3_msr src, void * priv_data) {
275 PrintDebug("KCH: LSTAR Write\n");
276 //PrintDebug("\tvalue: 0x%x%x\n", src.hi, src.lo);
277 syscall_info.target_addr = (uint64_t) ((((uint64_t)src.hi) << 32) | src.lo);
279 // Set LSTAR value seen by hardware while the guest is running
280 PrintDebug("replacing with %lx\n", SYSCALL_MAGIC_ADDR);
281 core->msrs.lstar = SYSCALL_MAGIC_ADDR;
285 static int v3_handle_lstar_read (struct guest_info * core, uint_t msr, struct v3_msr * dst, void * priv_data) {
286 PrintDebug("KCH: LSTAR Read\n");
287 dst->value = syscall_info.target_addr;
293 static int init_syscall_hijack_core (struct guest_info * core, void * priv_data) {
295 #ifdef V3_CONFIG_EXT_SW_INTERRUPTS
296 v3_hook_swintr(core, SYSCALL_INT_VECTOR, v3_syscall_handler, NULL);
299 #if defined(V3_CONFIG_EXT_SYSCALL_INSTR) || defined(V3_CONFIG_EXT_SELECTIVE_SYSCALL_EXIT)
300 v3_hook_msr(core->vm_info, LSTAR_MSR,
301 &v3_handle_lstar_read,
302 &v3_handle_lstar_write,
309 static int deinit_syscall_hijack (struct v3_vm_info * vm, void * priv_data) {
314 static struct v3_extension_impl syscall_impl = {
315 .name = "syscall_intercept",
316 .init = init_syscall_hijack,
317 .deinit = deinit_syscall_hijack,
318 .core_init = init_syscall_hijack_core,
324 register_extension(&syscall_impl);
327 static inline struct v3_syscall_hook * get_syscall_hook (struct guest_info * core, uint_t syscall_nr) {
328 return syscall_hooks[syscall_nr];
332 int v3_hook_syscall (struct guest_info * core,
334 int (*handler)(struct guest_info * core, uint_t syscall_nr, void * priv_data),
337 struct v3_syscall_hook * hook = (struct v3_syscall_hook *)V3_Malloc(sizeof(struct v3_syscall_hook));
344 if (get_syscall_hook(core, syscall_nr) != NULL) {
345 PrintError("System Call #%d already hooked\n", syscall_nr);
349 hook->handler = handler;
350 hook->priv_data = priv_data;
352 syscall_hooks[syscall_nr] = hook;
354 PrintDebug("Hooked Syscall #%d\n", syscall_nr);
360 static int passthrough_syscall_handler (struct guest_info * core, uint_t syscall_nr, void * priv_data) {
361 print_syscall(core->cpu_mode == LONG, core);
366 int v3_hook_passthrough_syscall (struct guest_info * core, uint_t syscall_nr) {
368 int rc = v3_hook_syscall(core, syscall_nr, passthrough_syscall_handler, NULL);
371 PrintError("failed to hook syscall 0x%x for passthrough (guest=0x%p)\n", syscall_nr, (void *)core);
374 PrintDebug("hooked syscall 0x%x for passthrough (guest=0x%p)\n", syscall_nr, (void *)core);
378 /* shouldn't get here */
384 char * get_linux_syscall_name32 (uint_t syscall_nr) {
386 switch (syscall_nr) {
388 case 0: return "restart_syscall"; break;
389 case 1: return "exit"; break;
390 case 2: return "fork"; break;
391 case 3: return "read"; break;
392 case 4: return "write"; break;
393 case 5: return "open"; break;
394 case 6: return "close"; break;
395 case 7: return "waitpid"; break;
396 case 8: return "creat"; break;
397 case 9: return "link"; break;
398 case 10: return "unlink"; break;
399 case 11: return "execve"; break;
400 case 12: return "chdir"; break;
401 case 13: return "time"; break;
402 case 14: return "mknod"; break;
403 case 15: return "chmod"; break;
404 case 16: return "lchown"; break;
405 case 17: return "break"; break;
406 case 18: return "oldstat"; break;
407 case 19: return "lseek"; break;
408 case 20: return "getpid"; break;
409 case 21: return "mount"; break;
410 case 22: return "umount"; break;
411 case 23: return "setuid"; break;
412 case 24: return "getuid"; break;
413 case 25: return "stime"; break;
414 case 26: return "ptrace"; break;
415 case 27: return "alarm"; break;
416 case 28: return "oldfstat"; break;
417 case 29: return "pause"; break;
418 case 30: return "utime"; break;
419 case 31: return "stty"; break;
420 case 32: return "gtty"; break;
421 case 33: return "access"; break;
422 case 34: return "nice"; break;
423 case 35: return "ftime"; break;
424 case 36: return "sync"; break;
425 case 37: return "kill"; break;
426 case 38: return "rename"; break;
427 case 39: return "mkdir"; break;
428 case 40: return "rmdir"; break;
429 case 41: return "dup"; break;
430 case 42: return "pipe"; break;
431 case 43: return "times"; break;
432 case 44: return "prof"; break;
433 case 45: return "brk"; break;
434 case 46: return "setgid"; break;
435 case 47: return "getgid"; break;
436 case 48: return "signal"; break;
437 case 49: return "geteuid"; break;
438 case 50: return "getegid"; break;
439 case 51: return "acct"; break;
440 case 52: return "umount2"; break;
441 case 53: return "lock"; break;
442 case 54: return "ioctl"; break;
443 case 55: return "fcntl"; break;
444 case 56: return "mpx"; break;
445 case 57: return "setpgid"; break;
446 case 58: return "ulimit"; break;
447 case 59: return "oldolduname"; break;
448 case 60: return "umask"; break;
449 case 61: return "chroot"; break;
450 case 62: return "ustat"; break;
451 case 63: return "dup2"; break;
452 case 64: return "getppid"; break;
453 case 65: return "getpgrp"; break;
454 case 66: return "setsid"; break;
455 case 67: return "sigaction"; break;
456 case 68: return "sgetmask"; break;
457 case 69: return "ssetmask"; break;
458 case 70: return "setreuid"; break;
459 case 71: return "setregid"; break;
460 case 72: return "sigsuspend"; break;
461 case 73: return "sigpending"; break;
462 case 74: return "sethostname"; break;
463 case 75: return "setrlimit"; break;
464 case 76: return "getrlimit"; break;
465 case 77: return "getrusage"; break;
466 case 78: return "gettimeofday"; break;
467 case 79: return "settimeofday"; break;
468 case 80: return "getgroups"; break;
469 case 81: return "setgroups"; break;
470 case 82: return "select"; break;
471 case 83: return "symlink"; break;
472 case 84: return "oldlstat"; break;
473 case 85: return "readlink"; break;
474 case 86: return "uselib"; break;
475 case 87: return "swapon"; break;
476 case 88: return "reboot"; break;
477 case 89: return "readdir"; break;
478 case 90: return "mmap"; break;
479 case 91: return "munmap"; break;
480 case 92: return "truncate"; break;
481 case 93: return "ftruncate"; break;
482 case 94: return "fchmod"; break;
483 case 95: return "fchown"; break;
484 case 96: return "getpriority"; break;
485 case 97: return "setpriority"; break;
486 case 98: return "profil"; break;
487 case 99: return "statfs"; break;
488 case 100: return "fstatfs"; break;
489 case 101: return "ioperm"; break;
490 case 102: return "socketcall"; break;
491 case 103: return "syslog"; break;
492 case 104: return "setitimer"; break;
493 case 105: return "getitimer"; break;
494 case 106: return "stat"; break;
495 case 107: return "lstat"; break;
496 case 108: return "fstat"; break;
497 case 109: return "olduname"; break;
498 case 110: return "iopl"; break;
499 case 111: return "vhangup"; break;
500 case 112: return "idle"; break;
501 case 113: return "vm86old"; break;
502 case 114: return "wait4"; break;
503 case 115: return "swapoff"; break;
504 case 116: return "sysinfo"; break;
505 case 117: return "ipc"; break;
506 case 118: return "fsync"; break;
507 case 119: return "sigreturn"; break;
508 case 120: return "clone"; break;
509 case 121: return "setdomainname"; break;
510 case 122: return "uname"; break;
511 case 123: return "modify_ldt"; break;
512 case 124: return "adjtimex"; break;
513 case 125: return "mprotect"; break;
514 case 126: return "sigprocmask"; break;
515 case 127: return "create_module"; break;
516 case 128: return "init_module"; break;
517 case 129: return "delete_module"; break;
518 case 130: return "get_kernel_syms"; break;
519 case 131: return "quotactl"; break;
520 case 132: return "getpgid"; break;
521 case 133: return "fchdir"; break;
522 case 134: return "bdflush"; break;
523 case 135: return "sysfs"; break;
524 case 136: return "personality"; break;
525 case 137: return "afs_syscall"; break;
526 case 138: return "setfsuid"; break;
527 case 139: return "setfsgid"; break;
528 case 140: return "_llseek"; break;
529 case 141: return "getdents"; break;
530 case 142: return "_newselect"; break;
531 case 143: return "flock"; break;
532 case 144: return "msync"; break;
533 case 145: return "readv"; break;
534 case 146: return "writev"; break;
535 case 147: return "getsid"; break;
536 case 148: return "fdatasync"; break;
537 case 149: return "_sysctl"; break;
538 case 150: return "mlock"; break;
539 case 151: return "munlock"; break;
540 case 152: return "mlockall"; break;
541 case 153: return "munlockall"; break;
542 case 154: return "sched_setparam"; break;
543 case 155: return "sched_getparam"; break;
544 case 156: return "sched_setscheduler"; break;
545 case 157: return "sched_getscheduler"; break;
546 case 158: return "sched_yield"; break;
547 case 159: return "sched_get_priority_max"; break;
548 case 160: return "sched_get_priority_min"; break;
549 case 161: return "sched_rr_get_interval"; break;
550 case 162: return "nanosleep"; break;
551 case 163: return "mremap"; break;
552 case 164: return "setresuid"; break;
553 case 165: return "getresuid"; break;
554 case 166: return "vm86"; break;
555 case 167: return "query_module"; break;
556 case 168: return "poll"; break;
557 case 169: return "nfsservctl"; break;
558 case 170: return "setresgid"; break;
559 case 171: return "getresgid"; break;
560 case 172: return "prctl"; break;
561 case 173: return "rt_sigreturn"; break;
562 case 174: return "rt_sigaction"; break;
563 case 175: return "rt_sigprocmask"; break;
564 case 176: return "rt_sigpending"; break;
565 case 177: return "rt_sigtimedwait"; break;
566 case 178: return "rt_sigqueueinfo"; break;
567 case 179: return "rt_sigsuspend"; break;
568 case 180: return "pread64"; break;
569 case 181: return "pwrite64"; break;
570 case 182: return "chown"; break;
571 case 183: return "getcwd"; break;
572 case 184: return "capget"; break;
573 case 185: return "capset"; break;
574 case 186: return "sigaltstack"; break;
575 case 187: return "sendfile"; break;
576 case 188: return "getpmsg"; break;
577 case 189: return "putpmsg"; break;
578 case 190: return "vfork"; break;
579 case 191: return "ugetrlimit"; break;
580 case 192: return "mmap2"; break;
581 case 193: return "truncate64"; break;
582 case 194: return "ftruncate64"; break;
583 case 195: return "stat64"; break;
584 case 196: return "lstat64"; break;
585 case 197: return "fstat64"; break;
586 case 198: return "lchown32"; break;
587 case 199: return "getuid32"; break;
588 case 200: return "getgid32"; break;
589 case 201: return "geteuid32"; break;
590 case 202: return "getegid32"; break;
591 case 203: return "setreuid32"; break;
592 case 204: return "setregid32"; break;
593 case 205: return "getgroups32"; break;
594 case 206: return "setgroups32"; break;
595 case 207: return "fchown32"; break;
596 case 208: return "setresuid32"; break;
597 case 209: return "getresuid32"; break;
598 case 210: return "setresgid32"; break;
599 case 211: return "getresgid32"; break;
600 case 212: return "chown32"; break;
601 case 213: return "setuid32"; break;
602 case 214: return "setgid32"; break;
603 case 215: return "setfsuid32"; break;
604 case 216: return "setfsgid32"; break;
605 case 217: return "pivot_root"; break;
606 case 218: return "mincore"; break;
607 case 219: return "madvise1"; break;
608 case 220: return "getdents64"; break;
609 case 221: return "fcntl64"; break;
610 case 224: return "gettid"; break;
611 case 225: return "readahead"; break;
612 case 226: return "setxattr"; break;
613 case 227: return "lsetxattr"; break;
614 case 228: return "fsetxattr"; break;
615 case 229: return "getxattr"; break;
616 case 230: return "lgetxattr"; break;
617 case 231: return "fgetxattr"; break;
618 case 232: return "listxattr"; break;
619 case 233: return "llistxattr"; break;
620 case 234: return "flistxattr"; break;
621 case 235: return "removexattr"; break;
622 case 236: return "lremovexattr"; break;
623 case 237: return "fremovexattr"; break;
624 case 238: return "tkill"; break;
625 case 239: return "sendfile64"; break;
626 case 240: return "futex"; break;
627 case 241: return "sched_setaffinity"; break;
628 case 242: return "sched_getaffinity"; break;
629 case 243: return "set_thread_area"; break;
630 case 244: return "get_thread_area"; break;
631 case 245: return "io_setup"; break;
632 case 246: return "io_destroy"; break;
633 case 247: return "io_getevents"; break;
634 case 248: return "io_submit"; break;
635 case 249: return "io_cancel"; break;
636 case 250: return "fadvise64"; break;
637 case 252: return "exit_group"; break;
638 case 253: return "lookup_dcookie"; break;
639 case 254: return "epoll_create"; break;
640 case 255: return "epoll_ctl"; break;
641 case 256: return "epoll_wait"; break;
642 case 257: return "remap_file_pages"; break;
643 case 258: return "set_tid_address"; break;
644 case 259: return "timer_create"; break;
645 case 260: return "timer_settime"; break;
646 case 261: return "timer_gettime"; break;
647 case 262: return "timer_getoverrun"; break;
648 case 263: return "timer_delete"; break;
649 case 264: return "clock_settime"; break;
650 case 265: return "clock_gettime"; break;
651 case 266: return "clock_getres"; break;
652 case 267: return "clock_nanosleep"; break;
653 case 268: return "statfs64"; break;
654 case 269: return "fstatfs64"; break;
655 case 270: return "tgkill"; break;
656 case 271: return "utimes"; break;
657 case 272: return "fadvise64_64"; break;
658 case 273: return "vserver"; break;
659 case 274: return "mbind"; break;
660 case 275: return "get_mempolicy"; break;
661 case 276: return "set_mempolicy"; break;
662 case 277: return "mq_open"; break;
663 case 278: return "mq_unlink"; break;
664 case 279: return "mq_timedsend"; break;
665 case 280: return "mq_timedreceive"; break;
666 case 281: return "mq_notify"; break;
667 case 282: return "mq_getsetattr"; break;
668 case 283: return "kexec_load"; break;
669 case 284: return "waitid"; break;
670 case 285: return "sys_setaltroot"; break;
671 case 286: return "add_key"; break;
672 case 287: return "request_key"; break;
673 case 288: return "keyctl"; break;
674 case 289: return "ioprio_set"; break;
675 case 290: return "ioprio_get"; break;
676 case 291: return "inotify_init"; break;
677 case 292: return "inotify_add_watch"; break;
678 case 293: return "inotify_rm_watch"; break;
679 case 294: return "migrate_pages"; break;
680 case 295: return "openat"; break;
681 case 296: return "mkdirat"; break;
682 case 297: return "mknodat"; break;
683 case 298: return "fchownat"; break;
684 case 299: return "futimesat"; break;
685 case 300: return "fstatat64"; break;
686 case 301: return "unlinkat"; break;
687 case 302: return "renameat"; break;
688 case 303: return "linkat"; break;
689 case 304: return "symlinkat"; break;
690 case 305: return "readlinkat"; break;
691 case 306: return "fchmodat"; break;
692 case 307: return "faccessat"; break;
693 case 308: return "pselect6"; break;
694 case 309: return "ppoll"; break;
695 case 310: return "unshare"; break;
696 case 311: return "set_robust_list"; break;
697 case 312: return "get_robust_list"; break;
698 case 313: return "splice"; break;
699 case 314: return "sync_file_range"; break;
700 case 315: return "tee"; break;
701 case 316: return "vmsplice"; break;
702 case 317: return "move_pages"; break;
703 case 318: return "getcpu"; break;
704 case 319: return "epoll_pwait"; break;
705 case 320: return "utimensat"; break;
706 case 321: return "signalfd"; break;
707 case 322: return "timerfd_create"; break;
708 case 323: return "eventfd"; break;
709 case 324: return "fallocate"; break;
710 case 325: return "timerfd_settime"; break;
711 case 326: return "timerfd_gettime"; break;
712 case 327: return "signalfd4"; break;
713 case 328: return "eventfd2"; break;
714 case 329: return "epoll_create1"; break;
715 case 330: return "dup3"; break;
716 case 331: return "pipe2"; break;
717 case 332: return "inotify_init1"; break;
718 case 333: return "preadv"; break;
719 case 334: return "pwritev"; break;
720 case 335: return "rt_tgsigqueueinfo"; break;
721 case 336: return "perf_event_open"; break;
722 default: return "UNKNOWN"; break;
727 char * get_linux_syscall_name64 (uint_t syscall_nr) {
729 switch (syscall_nr) {
731 case 0: return "read"; break;
732 case 1: return "write"; break;
733 case 2: return "open"; break;
734 case 3: return "close"; break;
735 case 4: return "stat"; break;
736 case 5: return "fstat"; break;
737 case 6: return "lstat"; break;
738 case 7: return "poll"; break;
739 case 8: return "lseek"; break;
740 case 9: return "mmap"; break;
741 case 10: return "mprotect"; break;
742 case 11: return "munmap"; break;
743 case 12: return "brk"; break;
744 case 13: return "rt_sigaction"; break;
745 case 14: return "rt_sigprocmask"; break;
746 case 15: return "rt_sigreturn"; break;
747 case 16: return "ioctl"; break;
748 case 17: return "pread64"; break;
749 case 18: return "pwrite64"; break;
750 case 19: return "readv"; break;
751 case 20: return "writev"; break;
752 case 21: return "access"; break;
753 case 22: return "pipe"; break;
754 case 23: return "select"; break;
755 case 24: return "sched_yield"; break;
756 case 25: return "mremap"; break;
757 case 26: return "msync"; break;
758 case 27: return "mincore"; break;
759 case 28: return "madvise"; break;
760 case 29: return "shmget"; break;
761 case 30: return "shmat"; break;
762 case 31: return "shmctl"; break;
763 case 32: return "dup"; break;
764 case 33: return "dup2"; break;
765 case 34: return "pause"; break;
766 case 35: return "nanosleep"; break;
767 case 36: return "getitimer"; break;
768 case 37: return "alarm"; break;
769 case 38: return "setitimer"; break;
770 case 39: return "getpid"; break;
771 case 40: return "sendfile"; break;
772 case 41: return "socket"; break;
773 case 42: return "connect"; break;
774 case 43: return "accept"; break;
775 case 44: return "sendto"; break;
776 case 45: return "recvfrom"; break;
777 case 46: return "sendmsg"; break;
778 case 47: return "recvmsg"; break;
779 case 48: return "shutdown"; break;
780 case 49: return "bind"; break;
781 case 50: return "listen"; break;
782 case 51: return "getsockname"; break;
783 case 52: return "getpeername"; break;
784 case 53: return "socketpair"; break;
785 case 54: return "setsockopt"; break;
786 case 55: return "getsockopt"; break;
787 case 56: return "clone"; break;
788 case 57: return "fork"; break;
789 case 58: return "vfork"; break;
790 case 59: return "execve"; break;
791 case 60: return "exit"; break;
792 case 61: return "wait4"; break;
793 case 62: return "kill"; break;
794 case 63: return "uname"; break;
795 case 64: return "semget"; break;
796 case 65: return "semop"; break;
797 case 66: return "semctl"; break;
798 case 67: return "shmdt"; break;
799 case 68: return "msgget"; break;
800 case 69: return "msgsnd"; break;
801 case 70: return "msgrcv"; break;
802 case 71: return "msgctl"; break;
803 case 72: return "fcntl"; break;
804 case 73: return "flock"; break;
805 case 74: return "fsync"; break;
806 case 75: return "fdatasync"; break;
807 case 76: return "truncate"; break;
808 case 77: return "ftruncate"; break;
809 case 78: return "getdents"; break;
810 case 79: return "getcwd"; break;
811 case 80: return "chdir"; break;
812 case 81: return "fchdir"; break;
813 case 82: return "rename"; break;
814 case 83: return "mkdir"; break;
815 case 84: return "rmdir"; break;
816 case 85: return "creat"; break;
817 case 86: return "link"; break;
818 case 87: return "unlink"; break;
819 case 88: return "symlink"; break;
820 case 89: return "readlink"; break;
821 case 90: return "chmod"; break;
822 case 91: return "fchmod"; break;
823 case 92: return "chown"; break;
824 case 93: return "fchown"; break;
825 case 94: return "lchown"; break;
826 case 95: return "umask"; break;
827 case 96: return "gettimeofday"; break;
828 case 97: return "getrlimit"; break;
829 case 98: return "getrusage"; break;
830 case 99: return "sysinfo"; break;
831 case 100: return "times"; break;
832 case 101: return "ptrace"; break;
833 case 102: return "getuid"; break;
834 case 103: return "syslog"; break;
835 case 104: return "getgid"; break;
836 case 105: return "setuid"; break;
837 case 106: return "setgid"; break;
838 case 107: return "geteuid"; break;
839 case 108: return "getegid"; break;
840 case 109: return "setpgid"; break;
841 case 110: return "getppid"; break;
842 case 111: return "getpgrp"; break;
843 case 112: return "setsid"; break;
844 case 113: return "setreuid"; break;
845 case 114: return "setregid"; break;
846 case 115: return "getgroups"; break;
847 case 116: return "setgroups"; break;
848 case 117: return "setresuid"; break;
849 case 118: return "getresuid"; break;
850 case 119: return "setresgid"; break;
851 case 120: return "getresgid"; break;
852 case 121: return "getpgid"; break;
853 case 122: return "setfsuid"; break;
854 case 123: return "setfsgid"; break;
855 case 124: return "getsid"; break;
856 case 125: return "capget"; break;
857 case 126: return "capset"; break;
858 case 127: return "rt_sigpending"; break;
859 case 128: return "rt_sigtimedwait"; break;
860 case 129: return "rt_sigqueueinfo"; break;
861 case 130: return "rt_sigsuspend"; break;
862 case 131: return "sigaltstack"; break;
863 case 132: return "utime"; break;
864 case 133: return "mknod"; break;
865 case 134: return "uselib"; break;
866 case 135: return "personality"; break;
867 case 136: return "ustat"; break;
868 case 137: return "statfs"; break;
869 case 138: return "fstatfs"; break;
870 case 139: return "sysfs"; break;
871 case 140: return "getpriority"; break;
872 case 141: return "setpriority"; break;
873 case 142: return "sched_setparam"; break;
874 case 143: return "sched_getparam"; break;
875 case 144: return "sched_setscheduler"; break;
876 case 145: return "sched_getscheduler"; break;
877 case 146: return "sched_get_priority_max"; break;
878 case 147: return "sched_get_priority_min"; break;
879 case 148: return "sched_rr_get_interval"; break;
880 case 149: return "mlock"; break;
881 case 150: return "munlock"; break;
882 case 151: return "mlockall"; break;
883 case 152: return "munlockall"; break;
884 case 153: return "vhangup"; break;
885 case 154: return "modify_ldt"; break;
886 case 155: return "pivot_root"; break;
887 case 156: return "_sysctl"; break;
888 case 157: return "prctl"; break;
889 case 158: return "arch_prctl"; break;
890 case 159: return "adjtimex"; break;
891 case 160: return "setrlimit"; break;
892 case 161: return "chroot"; break;
893 case 162: return "sync"; break;
894 case 163: return "acct"; break;
895 case 164: return "settimeofday"; break;
896 case 165: return "mount"; break;
897 case 166: return "umount2"; break;
898 case 167: return "swapon"; break;
899 case 168: return "swapoff"; break;
900 case 169: return "reboot"; break;
901 case 170: return "sethostname"; break;
902 case 171: return "setdomainname"; break;
903 case 172: return "iopl"; break;
904 case 173: return "ioperm"; break;
905 case 174: return "create_module"; break;
906 case 175: return "init_module"; break;
907 case 176: return "delete_module"; break;
908 case 177: return "get_kernel_syms"; break;
909 case 178: return "query_module"; break;
910 case 179: return "quotactl"; break;
911 case 180: return "nfsservctl"; break;
912 case 181: return "getpmsg"; break;
913 case 182: return "putpmsg"; break;
914 case 183: return "afs_syscall"; break;
915 case 184: return "tuxcall"; break;
916 case 185: return "security"; break;
917 case 186: return "gettid"; break;
918 case 187: return "readahead"; break;
919 case 188: return "setxattr"; break;
920 case 189: return "lsetxattr"; break;
921 case 190: return "fsetxattr"; break;
922 case 191: return "getxattr"; break;
923 case 192: return "lgetxattr"; break;
924 case 193: return "fgetxattr"; break;
925 case 194: return "listxattr"; break;
926 case 195: return "llistxattr"; break;
927 case 196: return "flistxattr"; break;
928 case 197: return "removexattr"; break;
929 case 198: return "lremovexattr"; break;
930 case 199: return "fremovexattr"; break;
931 case 200: return "tkill"; break;
932 case 201: return "time"; break;
933 case 202: return "futex"; break;
934 case 203: return "sched_setaffinity"; break;
935 case 204: return "sched_getaffinity"; break;
936 case 205: return "set_thread_area"; break;
937 case 206: return "io_setup"; break;
938 case 207: return "io_destroy"; break;
939 case 208: return "io_getevents"; break;
940 case 209: return "io_submit"; break;
941 case 210: return "io_cancel"; break;
942 case 211: return "get_thread_area"; break;
943 case 212: return "lookup_dcookie"; break;
944 case 213: return "epoll_create"; break;
945 case 214: return "epoll_ctl_old"; break;
946 case 215: return "epoll_wait_old"; break;
947 case 216: return "remap_file_pages"; break;
948 case 217: return "getdents64"; break;
949 case 218: return "set_tid_address"; break;
950 case 219: return "restart_syscall"; break;
951 case 220: return "semtimedop"; break;
952 case 221: return "fadvise64"; break;
953 case 222: return "timer_create"; break;
954 case 223: return "timer_settime"; break;
955 case 224: return "timer_gettime"; break;
956 case 225: return "timer_getoverrun"; break;
957 case 226: return "timer_delete"; break;
958 case 227: return "clock_settime"; break;
959 case 228: return "clock_gettime"; break;
960 case 229: return "clock_getres"; break;
961 case 230: return "clock_nanosleep"; break;
962 case 231: return "exit_group"; break;
963 case 232: return "epoll_wait"; break;
964 case 233: return "epoll_ctl"; break;
965 case 234: return "tgkill"; break;
966 case 235: return "utimes"; break;
967 case 236: return "vserver"; break;
968 case 237: return "mbind"; break;
969 case 238: return "set_mempolicy"; break;
970 case 239: return "get_mempolicy"; break;
971 case 240: return "mq_open"; break;
972 case 241: return "mq_unlink"; break;
973 case 242: return "mq_timedsend"; break;
974 case 243: return "mq_timedreceive"; break;
975 case 244: return "mq_notify"; break;
976 case 246: return "kexec_load"; break;
977 case 247: return "waitid"; break;
978 case 248: return "add_key"; break;
979 case 249: return "request_key"; break;
980 case 250: return "keyctl"; break;
981 case 251: return "ioprio_set"; break;
982 case 252: return "ioprio_get"; break;
983 case 253: return "inotify_init"; break;
984 case 254: return "inotify_add_watch"; break;
985 case 255: return "inotify_rm_watch"; break;
986 case 256: return "migrate_pages"; break;
987 case 257: return "openat"; break;
988 case 258: return "mkdirat"; break;
989 case 259: return "mknodat"; break;
990 case 260: return "fchownat"; break;
991 case 261: return "futimesat"; break;
992 case 262: return "newfstatat"; break;
993 case 263: return "unlinkat"; break;
994 case 264: return "renameat"; break;
995 case 265: return "linkat"; break;
996 case 266: return "symlinkat"; break;
997 case 267: return "readlinkat"; break;
998 case 268: return "fchmodat"; break;
999 case 269: return "faccessat"; break;
1000 case 270: return "pselect6"; break;
1001 case 271: return "ppoll"; break;
1002 case 272: return "unshare"; break;
1003 case 273: return "set_robust_list"; break;
1004 case 274: return "get_robust_list"; break;
1005 case 275: return "splice"; break;
1006 case 276: return "tee"; break;
1007 case 277: return "sync_file_range"; break;
1008 case 278: return "vmsplice"; break;
1009 case 279: return "move_pages"; break;
1010 case 280: return "utimensat"; break;
1011 case 281: return "epoll_pwait"; break;
1012 case 282: return "signalfd"; break;
1013 case 283: return "timerfd_create"; break;
1014 case 284: return "eventfd"; break;
1015 case 285: return "fallocate"; break;
1016 case 286: return "timerfd_settime"; break;
1017 case 287: return "timerfd_gettime"; break;
1018 case 288: return "accept4"; break;
1019 case 289: return "signalfd4"; break;
1020 case 290: return "eventfd2"; break;
1021 case 291: return "epoll_create1"; break;
1022 case 292: return "dup3"; break;
1023 case 293: return "pipe2"; break;
1024 case 294: return "inotify_init1"; break;
1025 case 295: return "preadv"; break;
1026 case 296: return "pwritev"; break;
1027 case 297: return "rt_tgsigqueueinfo"; break;
1028 case 298: return "perf_event_open"; break;
1029 default: return "UNKNOWN"; break;
