From d2eaf67486748263dfe84e735767f3651066a754 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Tue, 18 Aug 2015 03:24:59 -0400
Subject: [PATCH] signal: SIGSYS: decode si_syscall & si_arch fields

When receiving SIGSYS, the si_syscall & si_arch fields are set to known
values, so make sure we decode their values into the symbol settings.
This makes stracing seccomp failures much easier.

* defs.h (syscall_name): New prototype.
* printsiginfo.c: Include linux/audit.h and xlat/audit_arch.h.
(print_si_info): Decode si_syscall & si_arch for SIGSYS.
* syscall.c (undefined_scno_name): Delete.
(syscall_name): New function.
(trace_syscall_entering): Change undefined_scno_name to syscall_name.
(trace_syscall_exiting): Likewise.
* xlat/audit_arch.in: New file.
---
 defs.h             |  1 +
 printsiginfo.c     |  7 +++++--
 syscall.c          | 18 +++++++++++-------
 xlat/audit_arch.in | 35 +++++++++++++++++++++++++++++++++++
 4 files changed, 52 insertions(+), 9 deletions(-)
 create mode 100644 xlat/audit_arch.in

diff --git a/defs.h b/defs.h
index 74c8d608..29c2131e 100644
--- a/defs.h
+++ b/defs.h
@@ -465,6 +465,7 @@ extern void call_summary(FILE *);
 extern void clear_regs(void);
 extern void get_regs(pid_t pid);
 extern int get_scno(struct tcb *tcp);
+extern const char *syscall_name(long scno);
 
 extern int umoven(struct tcb *, long, unsigned int, void *);
 #define umove(pid, addr, objp)	\
diff --git a/printsiginfo.c b/printsiginfo.c
index e592854c..ce8cf540 100644
--- a/printsiginfo.c
+++ b/printsiginfo.c
@@ -1,9 +1,11 @@
 #include "defs.h"
 
 #include <signal.h>
+#include <linux/audit.h>
 
 #include "printsiginfo.h"
 
+#include "xlat/audit_arch.h"
 #include "xlat/sigbus_codes.h"
 #include "xlat/sigchld_codes.h"
 #include "xlat/sigfpe_codes.h"
@@ -154,9 +156,10 @@ print_si_info(const siginfo_t *sip, bool verbose)
 			break;
 #ifdef HAVE_SIGINFO_T_SI_SYSCALL
 		case SIGSYS:
-			tprintf(", si_call_addr=%#lx, si_syscall=%d, si_arch=%u",
+			tprintf(", si_call_addr=%#lx, si_syscall=__NR_%s, si_arch=",
 				(unsigned long) sip->si_call_addr,
-				sip->si_syscall, sip->si_arch);
+				syscall_name(sip->si_syscall));
+			printxval(audit_arch, sip->si_arch, "AUDIT_ARCH_???");
 			break;
 #endif
 		default:
diff --git a/syscall.c b/syscall.c
index 6aa1cd2d..396a7dd7 100644
--- a/syscall.c
+++ b/syscall.c
@@ -745,13 +745,17 @@ shuffle_scno(unsigned long scno)
 # define shuffle_scno(scno) ((long)(scno))
 #endif
 
-static char*
-undefined_scno_name(struct tcb *tcp)
+const char *
+syscall_name(long scno)
 {
 	static char buf[sizeof("syscall_%lu") + sizeof(long)*3];
 
-	sprintf(buf, "syscall_%lu", shuffle_scno(tcp->scno));
-	return buf;
+	if (SCNO_IS_VALID(scno))
+		return sysent[scno].sys_name;
+	else {
+		sprintf(buf, "syscall_%lu", shuffle_scno(scno));
+		return buf;
+	}
 }
 
 static long get_regs_error;
@@ -781,7 +785,7 @@ trace_syscall_entering(struct tcb *tcp)
 		if (scno_good != 1)
 			tprints("????" /* anti-trigraph gap */ "(");
 		else if (tcp->qual_flg & UNDEFINED_SCNO)
-			tprintf("%s(", undefined_scno_name(tcp));
+			tprintf("%s(", syscall_name(tcp->scno));
 		else
 			tprintf("%s(", tcp->s_ent->sys_name);
 		/*
@@ -843,7 +847,7 @@ trace_syscall_entering(struct tcb *tcp)
 
 	printleader(tcp);
 	if (tcp->qual_flg & UNDEFINED_SCNO)
-		tprintf("%s(", undefined_scno_name(tcp));
+		tprintf("%s(", syscall_name(tcp->scno));
 	else
 		tprintf("%s(", tcp->s_ent->sys_name);
 	if ((tcp->qual_flg & QUAL_RAW) && SEN_exit != tcp->s_ent->sen)
@@ -907,7 +911,7 @@ trace_syscall_exiting(struct tcb *tcp)
 		tcp->flags &= ~TCB_REPRINT;
 		printleader(tcp);
 		if (tcp->qual_flg & UNDEFINED_SCNO)
-			tprintf("<... %s resumed> ", undefined_scno_name(tcp));
+			tprintf("<... %s resumed> ", syscall_name(tcp->scno));
 		else
 			tprintf("<... %s resumed> ", tcp->s_ent->sys_name);
 	}
diff --git a/xlat/audit_arch.in b/xlat/audit_arch.in
new file mode 100644
index 00000000..aa9ccdbb
--- /dev/null
+++ b/xlat/audit_arch.in
@@ -0,0 +1,35 @@
+AUDIT_ARCH_AARCH64
+AUDIT_ARCH_ALPHA
+AUDIT_ARCH_ARM
+AUDIT_ARCH_ARMEB
+AUDIT_ARCH_CRIS
+AUDIT_ARCH_FRV
+AUDIT_ARCH_I386
+AUDIT_ARCH_IA64
+AUDIT_ARCH_M32R
+AUDIT_ARCH_M68K
+/* Linux had broken linux/elf-em.h for a while.  */
+#ifdef EM_MICROBLAZE
+AUDIT_ARCH_MICROBLAZE
+#endif
+AUDIT_ARCH_MIPS
+AUDIT_ARCH_MIPS64
+AUDIT_ARCH_MIPS64N32
+AUDIT_ARCH_MIPSEL
+AUDIT_ARCH_MIPSEL64
+AUDIT_ARCH_MIPSEL64N32
+AUDIT_ARCH_OPENRISC
+AUDIT_ARCH_PARISC
+AUDIT_ARCH_PARISC64
+AUDIT_ARCH_PPC
+AUDIT_ARCH_PPC64
+AUDIT_ARCH_PPC64LE
+AUDIT_ARCH_S390
+AUDIT_ARCH_S390X
+AUDIT_ARCH_SH
+AUDIT_ARCH_SH64
+AUDIT_ARCH_SHEL
+AUDIT_ARCH_SHEL64
+AUDIT_ARCH_SPARC
+AUDIT_ARCH_SPARC64
+AUDIT_ARCH_X86_64