参考：
https://www.anquanke.com/post/id/208364%5C
http://pollux.cc/2019/09/22/seccomp%E6%B2%99%E7%AE%B1%E6%9C%BA%E5%88%B6%20&%202019ByteCTF%20VIP/#0x02-prctl%E5%87%BD%E6%95%B0%E8%B0%83%E7%94%A8
https://github.com/w296488320/getMacForNetlink
https://xz.aliyun.com/t/11480
http://terenceli.github.io/%E6%8A%80%E6%9C%AF/2019/02/04/seccomp
https://android.googlesource.com/kernel/msm.git/+/android-6.0.1_r0.1/include/linux/prctl.h
https://man7.org/linux/man-pages/man2/prctl.2.html
https://blog.seeflower.dev/archives/88/
https://stackoverflow.com/questions/43003805/can-ebpf-modify-the-return-value-or-parameters-of-a-syscall

seccomp 是linux 下安全过滤器，用于禁用系统方法调用，早期版本仅允许 'read，write，_exit，sigreturn' 四个函数调用不有好；后续是添加了 bpf ，可自主配置规则。

Android 默认配置

路径 /system/etc/seccomp_policy/

:/system/etc/seccomp_policy $ cat crash_dump.arm64.policy
read: 1
write: 1
exit: 1
rt_sigreturn: 1
exit_group: 1
clock_gettime: 1
gettimeofday: 1
futex: 1
getrandom: 1
getpid: 1
gettid: 1
ppoll: 1
pipe2: 1
openat: 1
dup: 1
close: 1
lseek: 1
getdents64: 1
faccessat: 1
recvmsg: 1
process_vm_readv: 1
tgkill: 1
rt_sigprocmask: 1
rt_sigaction: 1
rt_tgsigqueueinfo: 1
prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == 0x53564d41
madvise: 1
mprotect: arg2 in 0x1|0x2
munmap: 1
getuid: 1
fstat: 1
mmap: arg2 in 0x1|0x2
geteuid: 1
getgid: 1
getegid: 1
getgroups: 1

对于一些问题的解释

1. BPF_STMT 方法及参数解释

BPF_STMT 是 Berkeley Packet Filter(BPF) 的一种语法结构，它用于设置过滤器规则。一条 BPF_STMT 可以指示 BPF 程序执行一个特定的操作。BPF_STMT 有两个参数，一个是操作码（opcode），另一个是操作数（operand）。

BPF_STMT 的操作码是一个整数值，用于表明这条语句要执行的操作类型。操作码的取值范围是 0~255，不同的取值代表不同的操作。

BPF_STMT 的操作数是一个值或指针，表示执行操作的具体参数。操作数的类型和取值范围取决于操作码所代表的操作类型。

例如，BPF_STMT(OPCODE, OPERAND) 可以表示执行操作码为 OPCODE，操作数为 OPERAND 的操作。常见的操作码和操作数解释如下：

- BPF_LD (Load a value into a register from packet data)
  - BPF_LD_ABS (Load absolute value)
  - BPF_LD_IND (Load value by offset)
  - BPF_LD_MEM (Load value from memory)
- BPF_LDX (Same as BPF_LD but load value into X register)
- BPF_ST (Store a value from a register into memory)
  - BPF_ST_MEM (Store value in memory)
- BPF_STX (Same as BPF_ST but operate on X register)
- BPF_ALU (Arithmetic operation)
  - BPF_ALU_ADD (Addition)
  - BPF_ALU_SUB (Subtraction)
  - BPF_ALU_MUL (Multiplication)
  - BPF_ALU_DIV (Division)
  - BPF_ALU_MOD (Modulo)
  - BPF_ALU_AND (Bitwise AND)
  - BPF_ALU_OR (Bitwise OR)
  - BPF_ALU_XOR (Bitwise XOR)
  - BPF_ALU_LSH (Left shift)
  - BPF_ALU_RSH (Right shift)
  - BPF_ALU_NEG (Negative value)
- BPF_JMP (Jump to a specific instruction if condition is met)
  - BPF_JMP_JA (Jump always)
  - BPF_JMP_JEQ (Jump if equal)
  - BPF_JMP_JGT (Jump if greater than)
  - BPF_JMP_JGE (Jump if greater than or equal)
  - BPF_JMP_JSET (Jump if bits set)
- BPF_RET (Return a value)
  - BPF_RET_K (Return a constant value)
  - BPF_RET_A (Return value in register A)
  - BPF_RET_X (Return value in register X)
  - BPF_RET_ERR (Return an error value)

2. linux svc 函数与函数标识的位数

Linux 中的 svc 函数（system call）是操作系统内核提供给用户态（应用程序）的一组接口函数，它们用于实现用户程序对系统资源的访问和操作。在 Linux 内核中，svc 函数有一个唯一的标识符，称为系统调用号（system call number）或系统调用索引（system call index），用于区分不同的系统调用。

在 32 位 Linux 系统中，系统调用号是一个 32 位的无符号整数，范围为 0~4294967295，其中 0~255 为预留的系统调用号，256~32767 为由内核定义的标准系统调用号，32768~4294967295 为由用户定义的额外系统调用号。因此，32 位的系统调用号可以表示 2^32 种不同的系统调用函数，但其中的一些值已被占用或保留，可用的系统调用号只有一部分。

在 64 位 Linux 系统中，系统调用号是一个 64 位的无符号整数，范围为 0~18446744073709551615，其中 0~335 为预留的系统调用号，336~546 为由内核定义的标准系统调用号，而 547~524255 则为由用户定义的额外系统调用号。因此，64 位的系统调用号可以表示更多的系统调用函数，目前可用的系统调用号也只是其中的一部分。

因此，系统调用号可以用一个无符号整数来表示，其位数取决于 CPU 架构和操作系统的架构。在 32 位系统中，系统调用号是 32 位，而在 64 位系统中则是 64 位。

3. linux svc 函数系统调用号的函数对应数字

Linux 中的 svc 函数（system call）和系统调用号的对应关系可以在头文件 `` 中查找。这个头文件中定义了大量的宏定义，包括系统调用号和对应的函数名称。

在 32 位系统中，以下是一些常见的系统调用号和对应的函数名称：

| 系统调用号 | 函数名称          |
| ---------- | ----------------- |
| 3          | sys_read          |
| 4          | sys_write         |
| 5          | sys_open          |
| 6          | sys_close         |
| 19         | sys_lseek         |
| 45         | sys_brk           |
| 60         | sys_exit          |
| 61         | sys_fork          |
| 62         | sys_vfork         |
| 63         | sys_clone         |
| 64         | sys_execve        |
| 77         | sys_gettimeofday |
| 91         | sys_munmap        |
| 192        | sys_mprotect      |
| 195        | sys_msync         |
| 197        | sys_readv         |
| 198        | sys_writev        |

在 64 位系统中，以下是一些常见的系统调用号和对应的函数名称：

| 系统调用号 | 函数名称        |
| ---------- | --------------- |
| 0          | sys_read        |
| 1          | sys_write       |
| 2          | sys_open        |
| 3          | sys_close       |
| 8          | sys_lseek       |
| 12         | sys_brk         |
| 60         | sys_exit        |
| 57         | sys_fork        |
| 58         | sys_vfork       |
| 56         | sys_clone       |
| 59         | sys_execve      |
| 96         | sys_gettimeofday |
|  munmap     | sys_munmap      |
| 10         | sys_mprotect    |
| 26         | sys_msync       |
| 19         | sys_readv       |
| 20         | sys_writev      |

需要注意的是，在不同的 Linux 发行版或不同的内核版本中，系统调用号和函数名称可能会有所不同。因此，在编写系统调用程序时应当查看当前操作系统内核所定义的系统调用号和对应的函数名称。

4. linux 一段 svc 调用 write 方法的示例

下面是一段使用 svc 调用 write 方法向控制台输出信息的示例代码：

```c
#include 
#include 

int main() {
    char str[] = "Hello, world!\n";
    write(STDOUT_FILENO, str, strlen(str));
    return 0;
}

在这段代码中，我们调用了 `` 中的 write 函数，该函数用于向指定的文件描述符（这里是标准输出）写入数据。

注意，write 函数的第一个参数是文件描述符，这里使用 STDOUT_FILENO 表示标准输出。第二个参数是一个指向要写入数据的缓冲区的指针（这里是 str 数组），第三个参数是要写入的数据的大小，使用 strlen 函数来获取字符串的长度。

这段代码使用了 C 语言的库函数来实现，其底层调用了系统调用 write。但是在实现操作系统或嵌入式系统等底层开发时，可能需要直接调用系统调用 write 来实现输出功能。下面是一段使用 svc 调用 write 方法的示例汇编代码：

.global _start
_start:
    mov r0, #1    @ 把文件描述符 1 存入 r0 中，1 表示标准输出
    ldr r1, =msg  @ 把消息的地址存入 r1 中
    mov r2, #13   @ 把消息的长度存入 r2 中，此处为 13
    mov r7, #4    @ 设置系统调用号为 4，此为 write syscall 的编号
    svc #0        @ 调用 svc，进入内核执行系统调用
    mov r0, #0    @ 把零存入 r0 中
    mov r7, #1    @ 设置系统调用号为 1，此为 exit syscall 的编号
    svc #0        @ 调用 svc，进入内核执行系统调用
msg:
    .asciz "Hello, world!\n"

这段汇编代码使用了 ARMv7 架构上的指令。首先使用 mov 指令将文件描述符 1 存储到寄存器 r0 中，再使用 ldr 指令将字符串的地址存储到寄存器 r1 中，使用 mov 指令将字符串长度 13 存储到寄存器 r2 中。

然后，使用 mov 指令将系统调用号 4 存储到寄存器 r7 中，该号表示 write 系统调用。最后，使用 svc 指令调用 svc，进入内核执行系统调用。

需要注意的是，在 ARMv7 架构上，svc 指令使用的是 0x0 作为参数，而不是使用 #0。然后，运行 write 系统调用，控制台将收到 "Hello, world!\n" 信息。最后，使用 mov 指令将值 0 存储在寄存器 r0 中，表示程序运行成功，再使用 mov 指令将系统调用号 1 存储在寄存器 r7 中，该号为 exit 系统调用的编号。最后，再次使用 svc 指令调用 svc，进入内核执行系统调用，结束程序。

5. seccomp 的 prctl 方法参数解析及使用

prctl 是 Linux 内核中的一个系统调用，它可以用于设置进程级别的不同属性。其中，prctl 中的 option 参数可以理解为对要采取的进程操作的描述。在 seccomp 场景下，prctl 函数可以用于设置进程运行模式。

prctl 函数的原型如下：

int prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5);

其中，option 表示要设置的选项，arg2 - arg5 是一些不同选项的参数。在 seccomp 场景下，我们通常使用 option 为 PR_SET_SECCOMP，表示要为进程设置 seccomp 模式。

PR_SET_SECCOMP 需要传递参数，具体参数传递方式和参数的含义需要根据不同的 seccomp 模式来确定。例如，SECCOMP_MODE_STRICT 模式下，不支持任何系统调用，并且没有扩展操作码，因此其参数为 0。而 SECCOMP_MODE_FILTER 模式下，则需要传递一个指向 struct sock_fprog 结构体的指针，该结构体包含了进程可接受的系统调用过滤规则。

下面是一个使用 seccomp 和 PR_SET_SECCOMP 的示例，为进程设置 SECCOMP_MODE_FILTER 模式：

// 定义 seccomp 规则
struct sock_filter filter[] = {
    /* BPF_STMT(OP, k) */
    BPF_STMT(BPF_LD | BPF_W | BPF_ABS, 0),        // 0x00: LD W ABS[0]
    BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5c5c5c5c, 1, 0),  // 0x04: JEQ K (JUMP IF 0)
    BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW), // 0x08: RET K
    BPF_STMT(BPF_LD | BPF_W | BPF_ABS, 4),        // 0x09: LD W ABS[4]
    BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5c5c5c5c, 1, 0),  // 0x0d: JEQ K (JUMP IF 0)
    BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW), // 0x11: RET K
    BPF_JUMP(BPF_JMP | BPF_JA, 0x00, 0, 0),       // 0x12: JA 0 (GOTO 0)
};

struct sock_fprog prog = {
    .len = sizeof(filter) / sizeof(filter[0]),
    .filter = filter,
};

// 设置 seccomp 模式
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) == -1) {
    perror("prctl");
    exit(EXIT_FAILURE);
}

在这个示例中，我们通过定义 struct sock_filter 规则，实现了对进程的系统调用进行过滤。然后，定义了一个 struct sock_fprog 结构体，该结构体包含了要应用的系统调用过滤规则。最后，通过调用 prctl 函数，将进程设置为 SECCOMP_MODE_FILTER 模式，并设置进程的系统调用过滤规则。

需要注意的是，seccomp 并非只有一种模式，每种模式的使用方式和参数都不相同，需要根据不同的应用场景来选择和使用。同时，在使用时，我们也应该格外注意该模式下会对哪些系统调用进行限制，以避免限制系统调用导致的意外问题。

6. struct sock_fprog 过滤规则执行逻辑

struct sock_fprog 是 seccomp 过滤器用到的一种特殊数据结构，在 Linux 内核源码包中的 include/uapi/linux/filter.h 文件中有该结构体的定义。它是一种过滤规则的集合，其中的 len 字段表示规则的数量，filter 字段表示规则列表。

在应用 seccomp 过滤器时，内核会将过滤规则交给内核虚拟机（BPF）执行。当程序调用系统调用时，内核会按照这些规则逐步判断是否允许该系统调用的执行。逐条执行 filter 数组中的过滤规则时，内核会把过滤规则转化为内核虚拟机程序。内核执行该程序时，会使用处理器上的硬件虚拟机，用来执行定义的过滤规则。

每条过滤规则通常由一个或多个 BPF 指令组成，这些指令执行严格定义的操作，例如从用户提供的数据缓冲区读取数据或者从某些寄存器中读取数据等。过滤规则的执行结果是一个整数值，称为“状态”，该值的含义与每条指令输出的状态相关。如果所有规则都执行完毕，并且它们的执行结果都是允许进程运行系统调用，则该进程可以执行该系统调用，反之则被视为不允许执行该调用。

struct sock_fprog 类似于一组底层计算机指令。在内核中运行完成后，使用该过滤规则的过滤器会将状态的表示结果传递回应用程序。根据 seccomp 的模式，该状态可以表示允许或中止系统调用。如果该状态表示允许系统调用，则应用程序可以正常运行该系统调用；反之，操作系统会返回 SECCOMP_RET_KILL_PROCESS（杀死该进程）或 SECCOMP_RET_ERRNO（返回指定错误代码）。

需要注意的是，struct sock_fprog 只是过滤规则的一种非常底层的表达方式，除以上述整数表示外，几乎没有与具体系统调用和参数交互的方式。因此，struct sock_fprog 可以实现非常高效的过滤器方案，而不会对操作系统的性能造成过大的影响。

7. syscall svc 调用所对应的指令

const syscalls = [
[0, "io_setup", 0x00, "unsigned nr_reqs", "aio_context_t *ctx", "-", "-", "-"],
[1, "io_destroy", 0x01, "aio_context_t ctx", "-", "-", "-", "-"],
[2, "io_submit", 0x02, "aio_context_t", "long", "struct iocb * *", "-", "-"],
[3, "io_cancel", 0x03, "aio_context_t ctx_id", "struct iocb *iocb", "struct io_event *result", "-", "-"],
[4, "io_getevents", 0x04, "aio_context_t ctx_id", "long min_nr", "long nr", "struct io_event *events", "struct __kernel_timespec *timeout"],
[5, "setxattr", 0x05, "const char *path", "const char *name", "const void *value", "size_t size", "int flags"],
[6, "lsetxattr", 0x06, "const char *path", "const char *name", "const void *value", "size_t size", "int flags"],
[7, "fsetxattr", 0x07, "int fd", "const char *name", "const void *value", "size_t size", "int flags"],
[8, "getxattr", 0x08, "const char *path", "const char *name", "void *value", "size_t size", "-"],
[9, "lgetxattr", 0x09, "const char *path", "const char *name", "void *value", "size_t size", "-"],
[10, "fgetxattr", 0x0a, "int fd", "const char *name", "void *value", "size_t size"],
[11, "listxattr", 0x0b, "const char *path", "char *list", "size_t size", "-"],
[12, "llistxattr", 0x0c, "const char *path", "char *list", "size_t size", "-"],
[13, "flistxattr", 0x0d, "int fd", "char *list", "size_t size", "-"],
[14, "removexattr", 0x0e, "const char *path", "const char *name", "-", "-"],
[15, "lremovexattr", 0x0f, "const char *path", "const char *name", "-", "-"],
[16, "fremovexattr", 0x10, "int fd", "const char *name", "-", "-"],
[17, "getcwd", 0x11, "char *buf", "unsigned long size", "-", "-"],
[18, "lookup_dcookie", 0x12, "u64 cookie64", "char *buf", "size_t len", "-"],
[19, "eventfd2", 0x13, "unsigned int count", "int flags", "-", "-"],
[20, "epoll_create1", 0x14, "int flags"],
[21, "epoll_ctl", 0x15, "int epfd", "int op", "int fd", "struct epoll_event *event"],
[22, "epoll_pwait", 0x16, "int epfd", "struct epoll_event *events", "int maxevents", "int timeout", "const sigset_t *sigmask", "size_t sigsetsize"],
[23, "dup", 0x17, "unsigned int fildes"],
[24, "dup3", 0x18, "unsigned int oldfd", "unsigned int newfd", "int flags", "-"],
[25, "fcntl", 0x19, "unsigned int fd", "unsigned int cmd", "unsigned long arg", "-"],
[26, "inotify_init1", 0x1a, "int flags"],
[27, "inotify_add_watch", 0x1b, "int fd", "const char *path", "u32 mask", "-"],
[28, "inotify_rm_watch", 0x1c, "int fd", "s32 wd", "-", "-"],
[29, "ioctl", 0x1d, "unsigned int fd", "unsigned int cmd", "unsigned long arg", "-"],
[30, "ioprio_set", 0x1e, "int which", "int who", "int ioprio", "-"],
[31, "ioprio_get", 0x1f, "int which", "int who", "-", "-"],
[32, "flock", 0x20, "unsigned int fd", "unsigned int cmd", "-", "-"],
[33, "mknodat", 0x21, "int dfd", "const char * filename", "umode_t mode", "unsigned dev"],
[34, "mkdirat", 0x22, "int dfd", "const char * pathname", "umode_t mode", "-"],
[35, "unlinkat", 0x23, "int dfd", "const char * pathname", "int flag", "-"],
[36, "symlinkat", 0x24, "const char * oldname", "int newdfd", "const char * newname", "-"],
[37, "linkat", 0x25, "int olddfd", "const char *oldname", "int newdfd", "const char *newname", "int flag"],
[38, "renameat", 0x26, "int olddfd", "const char * oldname", "int newdfd", "const char * newname"],
[39, "umount2", 0x27, "?", "?", "?", "?", "?", "?["],
[40, "mount", 0x28, "char *dev_name", "char *dir_name", "char *type", "unsigned long flags", "void *dat"],
[41, "pivot_root", 0x29, "const char *new_root", "const char *put_old", "-", "-"],
[42, "nfsservctl", 0x2a, "?", "?", "?", "?", "?", "?["],
[43, "statfs", 0x2b, "const char * path", "struct statfs *buf", "-", "-"],
[44, "fstatfs", 0x2c, "unsigned int fd", "struct statfs *buf", "-", "-"],
[45, "truncate", 0x2d, "const char *path", "long length", "-", "-"],
[46, "ftruncate", 0x2e, "unsigned int fd", "unsigned long length", "-", "-"],
[47, "fallocate", 0x2f, "int fd", "int mode", "loff_t offset", "loff_t len"],
[48, "faccessat", 0x30, "int dfd", "const char *filename", "int mode", "-"],
[49, "chdir", 0x31, "const char *filename"],
[50, "fchdir", 0x32, "unsigned int fd"],
[51, "chroot", 0x33, "const char *filename"],
[52, "fchmod", 0x34, "unsigned int fd", "umode_t mode", "-", "-"],
[53, "fchmodat", 0x35, "int dfd", "const char * filename", "umode_t mode", "-"],
[54, "fchownat", 0x36, "int dfd", "const char *filename", "uid_t user", "gid_t group", "int fla"],
[55, "fchown", 0x37, "unsigned int fd", "uid_t user", "gid_t group", "-"],
[56, "openat", 0x38, "int dfd", "const char *filename", "int flags", "umode_t mode"],
[57, "close", 0x39, "unsigned int fd"],
[58, "vhangup", 0x3a, "-"],
[59, "pipe2", 0x3b, "int *fildes", "int flags", "-", "-"],
[60, "quotactl", 0x3c, "unsigned int cmd", "const char *special", "qid_t id", "void *addr"],
[61, "getdents64", 0x3d, "unsigned int fd", "struct linux_dirent64 *dirent", "unsigned int count", "-"],
[62, "lseek", 0x3e, "unsigned int fd", "off_t offset", "unsigned int whence", "-"],
[63, "read", 0x3f, "unsigned int fd", "char *buf", "size_t count", "-"],
[64, "write", 0x40, "unsigned int fd", "const char *buf", "size_t count", "-"],
[65, "readv", 0x41, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "-"],
[66, "writev", 0x42, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "-"],
[67, "pread64", 0x43, "unsigned int fd", "char *buf", "size_t count", "loff_t pos"],
[68, "pwrite64", 0x44, "unsigned int fd", "const char *buf", "size_t count", "loff_t pos"],
[69, "preadv", 0x45, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "unsigned long pos_l", "unsigned long pos"],
[70, "pwritev", 0x46, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "unsigned long pos_l", "unsigned long pos"],
[71, "sendfile", 0x47, "int out_fd", "int in_fd", "off_t *offset", "size_t count"],
[72, "pselect6", 0x48, "int", "fd_set *", "fd_set *", "fd_set *", "struct __kernel_timespec *", "void *["],
[73, "ppoll", 0x49, "struct pollfd *", "unsigned int", "struct _kernel_timespec *", "const sigset_t *", "size"],
[74, "signalfd4", 0x4a, "int ufd", "sigset_t *user_mask", "size_t sizemask", "int flags"],
[75, "vmsplice", 0x4b, "int fd", "const struct iovec *iov", "unsigned long nr_segs", "unsigned int flags"],
[76, "splice", 0x4c, "int fd_in", "loff_t *off_in", "int fd_out", "loff_t *off_out", "size_t len", "unsigned int flags["],
[77, "tee", 0x4d, "int fdin", "int fdout", "size_t len", "unsigned int flags"],
[78, "readlinkat", 0x4e, "int dfd", "const char *path", "char *buf", "int bufsiz"],
[79, "newfstatat", 0x4f, "int dfd", "const char *filename", "struct stat *statbuf", "int flag"],
[80, "fstat", 0x50, "unsigned int fd", "struct __old_kernel_stat *statbuf", "-", "-"],
[81, "sync", 0x51, "-"],
[82, "fsync", 0x52, "unsigned int fd"],
[83, "fdatasync", 0x53, "unsigned int fd"],
[84, "sync_file_range", 0x54, "int fd", "loff_t offset", "loff_t nbytes", "unsigned int flags"],
[85, "timerfd_create", 0x55, "int clockid", "int flags", "-", "-"],
[86, "timerfd_settime", 0x56, "int ufd", "int flags", "const struct __kernel_itimerspec *utmr", "struct __kernel_itimerspec *otmr"],
[87, "timerfd_gettime", 0x57, "int ufd", "struct __kernel_itimerspec *otmr", "-", "-"],
[88, "utimensat", 0x58, "int dfd", "const char *filename", "struct __kernel_timespec *utimes", "int flags"],
[89, "acct", 0x59, "const char *name"],
[90, "capget", 0x5a, "cap_user_header_t header", "cap_user_data_t dataptr", "-", "-"],
[91, "capset", 0x5b, "cap_user_header_t header", "const cap_user_data_t data", "-", "-"],
[92, "personality", 0x5c, "unsigned int personality"],
[93, "exit", 0x5d, "int error_code"],
[94, "exit_group", 0x5e, "int error_code"],
[95, "waitid", 0x5f, "int which", "pid_t pid", "struct siginfo *infop", "int options", "struct rusage *r"],
[96, "set_tid_address", 0x60, "int *tidptr"],
[97, "unshare", 0x61, "unsigned long unshare_flags"],
[98, "futex", 0x62, "u32 *uaddr", "int op", "u32 val", "struct __kernel_timespec *utime", "u32 *uaddr2", "u32 val3["],
[99, "set_robust_list", 0x63, "struct robust_list_head *head", "size_t len", "-", "-"],
[100, "get_robust_list", 0x64, "int pid", "struct robust_list_head * *head_ptr", "size_t *len_ptr", "-", "-", "-"],
[101, "nanosleep", 0x65, "struct __kernel_timespec *rqtp", "struct __kernel_timespec *rmtp", "-", "-", "-", "-"],
[102, "getitimer", 0x66, "int which", "struct itimerval *value", "-", "-", "-", "-"],
[103, "setitimer", 0x67, "int which", "struct itimerval *value", "struct itimerval *ovalue", "-", "-", "-"],
[104, "kexec_load", 0x68, "unsigned long entry", "unsigned long nr_segments", "struct kexec_segment *segments", "unsigned long flags", "-", "-"],
[105, "init_module", 0x69, "void *umod", "unsigned long len", "const char *uargs", "-", "-", "-"],
[106, "delete_module", 0x6a, "const char *name_user", "unsigned int flags", "-", "-", "-", "-"],
[107, "timer_create", 0x6b, "clockid_t which_clock", "struct sigevent *timer_event_spec", "timer_t * created_timer_id", "-", "-", "-"],
[108, "timer_gettime", 0x6c, "timer_t timer_id", "struct __kernel_itimerspec *setting", "-", "-", "-", "-"],
[109, "timer_getoverrun", 0x6d, "timer_t timer_id", "-", "-", "-", "-", "-"],
[110, "timer_settime", 0x6e, "timer_t timer_id", "int flags", "const struct __kernel_itimerspec *new_setting", "struct __kernel_itimerspec *old_setting", "-", "-"],
[111, "timer_delete", 0x6f, "timer_t timer_id", "-", "-", "-", "-", "-"],
[112, "clock_settime", 0x70, "clockid_t which_clock", "const struct __kernel_timespec *tp", "-", "-", "-", "-"],
[113, "clock_gettime", 0x71, "clockid_t which_clock", "struct __kernel_timespec *tp", "-", "-", "-", "-"],
[114, "clock_getres", 0x72, "clockid_t which_clock", "struct __kernel_timespec *tp", "-", "-", "-", "-"],
[115, "clock_nanosleep", 0x73, "clockid_t which_clock", "int flags", "const struct __kernel_timespec *rqtp", "struct __kernel_timespec *rmtp", "-", "-"],
[116, "syslog", 0x74, "int type", "char *buf", "int len", "-", "-", "-"],
[117, "ptrace", 0x75, "long request", "long pid", "unsigned long addr", "unsigned long data", "-", "-"],
[118, "sched_setparam", 0x76, "pid_t pid", "struct sched_param *param", "-", "-", "-", "-"],
[119, "sched_setscheduler", 0x77, "pid_t pid", "int policy", "struct sched_param *param", "-", "-", "-"],
[120, "sched_getscheduler", 0x78, "pid_t pid", "-", "-", "-", "-", "-"],
[121, "sched_getparam", 0x79, "pid_t pid", "struct sched_param *param", "-", "-", "-", "-"],
[122, "sched_setaffinity", 0x7a, "pid_t pid", "unsigned int len", "unsigned long *user_mask_ptr", "-", "-", "-"],
[123, "sched_getaffinity", 0x7b, "pid_t pid", "unsigned int len", "unsigned long *user_mask_ptr", "-", "-", "-"],
[124, "sched_yield", 0x7c, "-", "-", "-", "-", "-", "-"],
[125, "sched_get_priority_max", 0x7d, "int policy", "-", "-", "-", "-", "-"],
[126, "sched_get_priority_min", 0x7e, "int policy", "-", "-", "-", "-", "-"],
[127, "sched_rr_get_interval", 0x7f, "pid_t pid", "struct __kernel_timespec *interval", "-", "-", "-", "-"],
[128, "restart_syscall", 0x80, "-", "-", "-", "-", "-", "-"],
[129, "kill", 0x81, "pid_t pid", "int sig", "-", "-", "-", "-"],
[130, "tkill", 0x82, "pid_t pid", "int sig", "-", "-", "-", "-"],
[131, "tgkill", 0x83, "pid_t tgid", "pid_t pid", "int sig", "-", "-", "-"],
[132, "sigaltstack", 0x84, "const struct sigaltstack *uss", "struct sigaltstack *uoss", "-", "-", "-", "-"],
[133, "rt_sigsuspend", 0x85, "sigset_t *unewset", "size_t sigsetsize", "-", "-", "-", "-"],
[134, "rt_sigaction", 0x86, "int", "const struct sigaction *", "struct sigaction *", "size_t", "-", "-"],
[135, "rt_sigprocmask", 0x87, "int how", "sigset_t *set", "sigset_t *oset", "size_t sigsetsize", "-", "-"],
[136, "rt_sigpending", 0x88, "sigset_t *set", "size_t sigsetsize", "-", "-", "-", "-"],
[137, "rt_sigtimedwait", 0x89, "const sigset_t *uthese", "siginfo_t *uinfo", "const struct __kernel_timespec *uts", "size_t sigsetsize", "-", "-"],
[138, "rt_sigqueueinfo", 0x8a, "pid_t pid", "int sig", "siginfo_t *uinfo", "-", "-", "-"],
[139, "rt_sigreturn", 0x8b, "?", "?", "?", "?", "?", "?"],
[140, "setpriority", 0x8c, "int which", "int who", "int niceval", "-", "-", "-"],
[141, "getpriority", 0x8d, "int which", "int who", "-", "-", "-", "-"],
[142, "reboot", 0x8e, "int magic1", "int magic2", "unsigned int cmd", "void *arg", "-", "-"],
[143, "setregid", 0x8f, "gid_t rgid", "gid_t egid", "-", "-", "-", "-"],
[144, "setgid", 0x90, "gid_t gid", "-", "-", "-", "-", "-"],
[145, "setreuid", 0x91, "uid_t ruid", "uid_t euid", "-", "-", "-", "-"],
[146, "setuid", 0x92, "uid_t uid", "-", "-", "-", "-", "-"],
[147, "setresuid", 0x93, "uid_t ruid", "uid_t euid", "uid_t suid", "-", "-", "-"],
[148, "getresuid", 0x94, "uid_t *ruid", "uid_t *euid", "uid_t *suid", "-", "-", "-"],
[149, "setresgid", 0x95, "gid_t rgid", "gid_t egid", "gid_t sgid", "-", "-", "-"],
[150, "getresgid", 0x96, "gid_t *rgid", "gid_t *egid", "gid_t *sgid", "-", "-", "-"],
[151, "setfsuid", 0x97, "uid_t uid", "-", "-", "-", "-", "-"],
[152, "setfsgid", 0x98, "gid_t gid", "-", "-", "-", "-", "-"],
[153, "times", 0x99, "struct tms *tbuf", "-", "-", "-", "-", "-"],
[154, "setpgid", 0x9a, "pid_t pid", "pid_t pgid", "-", "-", "-", "-"],
[155, "getpgid", 0x9b, "pid_t pid", "-", "-", "-", "-", "-"],
[156, "getsid", 0x9c, "pid_t pid", "-", "-", "-", "-", "-"],
[157, "setsid", 0x9d, "-", "-", "-", "-", "-", "-"],
[158, "getgroups", 0x9e, "int gidsetsize", "gid_t *grouplist", "-", "-", "-", "-"],
[159, "setgroups", 0x9f, "int gidsetsize", "gid_t *grouplist", "-", "-", "-", "-"],
[160, "uname", 0xa0, "struct old_utsname *", "-", "-", "-", "-", "-"],
[161, "sethostname", 0xa1, "char *name", "int len", "-", "-", "-", "-"],
[162, "setdomainname", 0xa2, "char *name", "int len", "-", "-", "-", "-"],
[163, "getrlimit", 0xa3, "unsigned int resource", "struct rlimit *rlim", "-", "-", "-", "-"],
[164, "setrlimit", 0xa4, "unsigned int resource", "struct rlimit *rlim", "-", "-", "-", "-"],
[165, "getrusage", 0xa5, "int who", "struct rusage *ru", "-", "-", "-", "-"],
[166, "umask", 0xa6, "int mask", "-", "-", "-", "-", "-"],
[167, "prctl", 0xa7, "int option", "unsigned long arg2", "unsigned long arg3", "unsigned long arg4", "unsigned long arg5", "-"],
[168, "getcpu", 0xa8, "unsigned *cpu", "unsigned *node", "struct getcpu_cache *cache", "-", "-", "-"],
[169, "gettimeofday", 0xa9, "struct timeval *tv", "struct timezone *tz", "-", "-", "-", "-"],
[170, "settimeofday", 0xaa, "struct timeval *tv", "struct timezone *tz", "-", "-", "-", "-"],
[171, "adjtimex", 0xab, "struct __kernel_timex *txc_p", "-", "-", "-", "-", "-"],
[172, "getpid", 0xac, "-", "-", "-", "-", "-", "-"],
[173, "getppid", 0xad, "-", "-", "-", "-", "-", "-"],
[174, "getuid", 0xae, "-", "-", "-", "-", "-", "-"],
[175, "geteuid", 0xaf, "-", "-", "-", "-", "-", "-"],
[176, "getgid", 0xb0, "-", "-", "-", "-", "-", "-"],
[177, "getegid", 0xb1, "-", "-", "-", "-", "-", "-"],
[178, "gettid", 0xb2, "-", "-", "-", "-", "-", "-"],
[179, "sysinfo", 0xb3, "struct sysinfo *info", "-", "-", "-", "-", "-"],
[180, "mq_open", 0xb4, "const char *name", "int oflag", "umode_t mode", "struct mq_attr *attr", "-", "-"],
[181, "mq_unlink", 0xb5, "const char *name", "-", "-", "-", "-", "-"],
[182, "mq_timedsend", 0xb6, "mqd_t mqdes", "const char *msg_ptr", "size_t msg_len", "unsigned int msg_prio", "const struct __kernel_timespec *abs_timeout", "-"],
[183, "mq_timedreceive", 0xb7, "mqd_t mqdes", "char *msg_ptr", "size_t msg_len", "unsigned int *msg_prio", "const struct __kernel_timespec *abs_timeout", "-"],
[184, "mq_notify", 0xb8, "mqd_t mqdes", "const struct sigevent *notification", "-", "-", "-", "-"],
[185, "mq_getsetattr", 0xb9, "mqd_t mqdes", "const struct mq_attr *mqstat", "struct mq_attr *omqstat", "-", "-", "-"],
[186, "msgget", 0xba, "key_t key", "int msgflg", "-", "-", "-", "-"],
[187, "msgctl", 0xbb, "int msqid", "int cmd", "struct msqid_ds *buf", "-", "-", "-"],
[188, "msgrcv", 0xbc, "int msqid", "struct msgbuf *msgp", "size_t msgsz", "long msgtyp", "int msgflg", "-"],
[189, "msgsnd", 0xbd, "int msqid", "struct msgbuf *msgp", "size_t msgsz", "int msgflg", "-", "-"],
[190, "semget", 0xbe, "key_t key", "int nsems", "int semflg", "-", "-", "-"],
[191, "semctl", 0xbf, "int semid", "int semnum", "int cmd", "unsigned long arg", "-", "-"],
[192, "semtimedop", 0xc0, "int semid", "struct sembuf *sops", "unsigned nsops", "const struct __kernel_timespec *timeout", "-", "-"],
[193, "semop", 0xc1, "int semid", "struct sembuf *sops", "unsigned nsops", "-", "-", "-"],
[194, "shmget", 0xc2, "key_t key", "size_t size", "int flag", "-", "-", "-"],
[195, "shmctl", 0xc3, "int shmid", "int cmd", "struct shmid_ds *buf", "-", "-", "-"],
[196, "shmat", 0xc4, "int shmid", "char *shmaddr", "int shmflg", "-", "-", "-"],
[197, "shmdt", 0xc5, "char *shmaddr", "-", "-", "-", "-", "-"],
[198, "socket", 0xc6, "int", "int", "int", "-", "-", "-"],
[199, "socketpair", 0xc7, "int", "int", "int", "int *", "-", "-"],
[200, "bind", 0xc8, "int", "struct sockaddr *", "int", "-", "-", "-"],
[201, "listen", 0xc9, "int", "int", "-", "-", "-", "-"],
[202, "accept", 0xca, "int", "struct sockaddr *", "int *", "-", "-", "-"],
[203, "connect", 0xcb, "int", "struct sockaddr *", "int", "-", "-", "-"],
[204, "getsockname", 0xcc, "int", "struct sockaddr *", "int *", "-", "-", "-"],
[205, "getpeername", 0xcd, "int", "struct sockaddr *", "int *", "-", "-", "-"],
[206, "sendto", 0xce, "int", "void *", "size_t", "unsigned", "struct sockaddr *", "int"],
[207, "recvfrom", 0xcf, "int", "void *", "size_t", "unsigned", "struct sockaddr *", "int *"],
[208, "setsockopt", 0xd0, "int fd", "int level", "int optname", "char *optval", "int optlen", "-"],
[209, "getsockopt", 0xd1, "int fd", "int level", "int optname", "char *optval", "int *optlen", "-"],
[210, "shutdown", 0xd2, "int", "int", "-", "-", "-", "-"],
[211, "sendmsg", 0xd3, "int fd", "struct user_msghdr *msg", "unsigned flags", "-", "-", "-"],
[212, "recvmsg", 0xd4, "int fd", "struct user_msghdr *msg", "unsigned flags", "-", "-", "-"],
[213, "readahead", 0xd5, "int fd", "loff_t offset", "size_t count", "-", "-", "-"],
[214, "brk", 0xd6, "unsigned long brk", "-", "-", "-", "-", "-"],
[215, "munmap", 0xd7, "unsigned long addr", "size_t len", "-", "-", "-", "-"],
[216, "mremap", 0xd8, "unsigned long addr", "unsigned long old_len", "unsigned long new_len", "unsigned long flags", "unsigned long new_addr", "-"],
[217, "add_key", 0xd9, "const char *_type", "const char *_description", "const void *_payload", "size_t plen", "key_serial_t destringid", "-"],
[218, "request_key", 0xda, "const char *_type", "const char *_description", "const char *_callout_info", "key_serial_t destringid", "-", "-"],
[219, "keyctl", 0xdb, "int cmd", "unsigned long arg2", "unsigned long arg3", "unsigned long arg4", "unsigned long arg5", "-"],
[220, "clone", 0xdc, "unsigned long", "unsigned long", "int *", "int *", "unsigned long", "-"],
[221, "execve", 0xdd, "const char *filename", "const char *const *argv", "const char *const *envp", "-", "-", "-"],
[222, "mmap", 0xde, "?", "?", "?", "?", "?", "?"],
[223, "fadvise64", 0xdf, "int fd", "loff_t offset", "size_t len", "int advice", "-", "-"],
[224, "swapon", 0xe0, "const char *specialfile", "int swap_flags", "-", "-", "-", "-"],
[225, "swapoff", 0xe1, "const char *specialfile", "-", "-", "-", "-", "-"],
[226, "mprotect", 0xe2, "unsigned long start", "size_t len", "unsigned long prot", "-", "-", "-"],
[227, "msync", 0xe3, "unsigned long start", "size_t len", "int flags", "-", "-", "-"],
[228, "mlock", 0xe4, "unsigned long start", "size_t len", "-", "-", "-", "-"],
[229, "munlock", 0xe5, "unsigned long start", "size_t len", "-", "-", "-", "-"],
[230, "mlockall", 0xe6, "int flags", "-", "-", "-", "-", "-"],
[231, "munlockall", 0xe7, "-", "-", "-", "-", "-", "-"],
[232, "mincore", 0xe8, "unsigned long start", "size_t len", "unsigned char * vec", "-", "-", "-"],
[233, "madvise", 0xe9, "unsigned long start", "size_t len", "int behavior", "-", "-", "-"],
[234, "remap_file_pages", 0xea, "unsigned long start", "unsigned long size", "unsigned long prot", "unsigned long pgoff", "unsigned long flags", "-"],
[235, "mbind", 0xeb, "unsigned long start", "unsigned long len", "unsigned long mode", "const unsigned long *nmask", "unsigned long maxnode", "unsigned flags"],
[236, "get_mempolicy", 0xec, "int *policy", "unsigned long *nmask", "unsigned long maxnode", "unsigned long addr", "unsigned long flags", "-"],
[237, "set_mempolicy", 0xed, "int mode", "const unsigned long *nmask", "unsigned long maxnode", "-", "-", "-"],
[238, "migrate_pages", 0xee, "pid_t pid", "unsigned long maxnode", "const unsigned long *from", "const unsigned long *to", "-", "-"],
[239, "move_pages", 0xef, "pid_t pid", "unsigned long nr_pages", "const void * *pages", "const int *nodes", "int *status", "int flags"],
[240, "rt_tgsigqueueinfo", 0xf0, "pid_t tgid", "pid_t pid", "int sig", "siginfo_t *uinfo", "-", "-"],
[241, "perf_event_open", 0xf1, "struct perf_event_attr *attr_uptr", "pid_t pid", "int cpu", "int group_fd", "unsigned long flags", "-"],
[242, "accept4", 0xf2, "int", "struct sockaddr *", "int *", "int", "-", "-"],
[243, "recvmmsg", 0xf3, "int fd", "struct mmsghdr *msg", "unsigned int vlen", "unsigned flags", "struct __kernel_timespec *timeout", "-"],
[244, "not implemented", 0xf4],
[245, "not implemented", 0xf5],
[246, "not implemented", 0xf6],
[247, "not implemented", 0xf7],
[248, "not implemented", 0xf8],
[249, "not implemented", 0xf9],
[250, "not implemented", 0xfa],
[251, "not implemented", 0xfb],
[252, "not implemented", 0xfc],
[253, "not implemented", 0xfd],
[254, "not implemented", 0xfe],
[255, "not implemented", 0xff],
[256, "not implemented", 0x100],
[257, "not implemented", 0x101],
[258, "not implemented", 0x102],
[259, "not implemented", 0x103],
[260, "wait4", 0x104, "pid_t pid", "int *stat_addr", "int options", "struct rusage *ru", "-", "-"],
[261, "prlimit64", 0x105, "pid_t pid", "unsigned int resource", "const struct rlimit64 *new_rlim", "struct rlimit64 *old_rlim", "-", "-"],
[262, "fanotify_init", 0x106, "unsigned int flags", "unsigned int event_f_flags", "-", "-", "-", "-"],
[263, "fanotify_mark", 0x107, "int fanotify_fd", "unsigned int flags", "u64 mask", "int fd", "const char *pathname", "-"],
[264, "name_to_handle_at", 0x108, "int dfd", "const char *name", "struct file_handle *handle", "int *mnt_id", "int flag", "-"],
[265, "open_by_handle_at", 0x109, "int mountdirfd", "struct file_handle *handle", "int flags", "-", "-", "-"],
[266, "clock_adjtime", 0x10a, "clockid_t which_clock", "struct __kernel_timex *tx", "-", "-", "-", "-"],
[267, "syncfs", 0x10b, "int fd", "-", "-", "-", "-", "-"],
[268, "setns", 0x10c, "int fd", "int nstype", "-", "-", "-", "-"],
[269, "sendmmsg", 0x10d, "int fd", "struct mmsghdr *msg", "unsigned int vlen", "unsigned flags", "-", "-"],
[270, "process_vm_readv", 0x10e, "pid_t pid", "const struct iovec *lvec", "unsigned long liovcnt", "const struct iovec *rvec", "unsigned long riovcnt", "unsigned long flags"],
[271, "process_vm_writev", 0x10f, "pid_t pid", "const struct iovec *lvec", "unsigned long liovcnt", "const struct iovec *rvec", "unsigned long riovcnt", "unsigned long flags"],
[272, "kcmp", 0x110, "pid_t pid1", "pid_t pid2", "int type", "unsigned long idx1", "unsigned long idx2", "-"],
[273, "finit_module", 0x111, "int fd", "const char *uargs", "int flags", "-", "-", "-"],
[274, "sched_setattr", 0x112, "pid_t pid", "struct sched_attr *attr", "unsigned int flags", "-", "-", "-"],
[275, "sched_getattr", 0x113, "pid_t pid", "struct sched_attr *attr", "unsigned int size", "unsigned int flags", "-", "-"],
[276, "renameat2", 0x114, "int olddfd", "const char *oldname", "int newdfd", "const char *newname", "unsigned int flags", "-"],
[277, "seccomp", 0x115, "unsigned int op", "unsigned int flags", "void *uargs", "-", "-", "-"],
[278, "getrandom", 0x116, "char *buf", "size_t count", "unsigned int flags", "-", "-", "-"],
[279, "memfd_create", 0x117, "const char *uname_ptr", "unsigned int flags", "-", "-", "-", "-"],
[280, "bpf", 0x118, "int cmd", "union bpf_attr *attr", "unsigned int size", "-", "-", "-"],
[281, "execveat", 0x119, "int dfd", "const char *filename", "const char *const *argv", "const char *const *envp", "int flags", "-"],
[282, "userfaultfd", 0x11a, "int flags", "-", "-", "-", "-", "-"],
[283, "membarrier", 0x11b, "int cmd", "int flags", "-", "-", "-", "-"],
[284, "mlock2", 0x11c, "unsigned long start", "size_t len", "int flags", "-", "-", "-"],
[285, "copy_file_range", 0x11d, "int fd_in", "loff_t *off_in", "int fd_out", "loff_t *off_out", "size_t len", "unsigned int flags"],
[286, "preadv2", 0x11e, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "unsigned long pos_l", "unsigned long pos_h", "rwf_t flags"],
[287, "pwritev2", 0x11f, "unsigned long fd", "const struct iovec *vec", "unsigned long vlen", "unsigned long pos_l", "unsigned long pos_h", "rwf_t flags"],
[288, "pkey_mprotect", 0x120, "unsigned long start", "size_t len", "unsigned long prot", "int pkey", "-", "-"],
[289, "pkey_alloc", 0x121, "unsigned long flags", "unsigned long init_val", "-", "-", "-", "-"],
[290, "pkey_free", 0x122, "int pkey", "-", "-", "-", "-", "-"],
[291, "statx", 0x123, "int dfd", "const char *path", "unsigned flags", "unsigned mask", "struct statx *buffer", "-"]
];