Internal change.

examples/seccheck/server.cc

@@ -125,6 +125,9 @@ std::vector<Callback> dispatchers = {
     unpackSyscall<::gvisor::syscall::InotifyRmWatch>,
     unpackSyscall<::gvisor::syscall::SocketPair>,
     unpackSyscall<::gvisor::syscall::Write>,
+    nullptr,
+    nullptr,
+    unpackSyscall<::gvisor::syscall::EpollWait>,
 };
 
 void unpack(absl::string_view buf) {

pkg/sentry/seccheck/metadata_amd64.go

@@ -130,6 +130,7 @@ func archInit() {
 	addSyscallPoint(117, "setresuid", nil)
 	addSyscallPoint(119, "setresgid", nil)
 	addSyscallPoint(161, "chroot", nil)
+	addSyscallPoint(232, "epoll_wait", nil)
 	addSyscallPoint(253, "inotify_init", nil)
 	addSyscallPoint(254, "inotify_add_watch", []FieldDesc{
 		{
@@ -149,6 +150,7 @@ func archInit() {
 			Name: "fd_path",
 		},
 	})
+	addSyscallPoint(281, "epoll_pwait", nil)
 	addSyscallPoint(282, "signalfd", []FieldDesc{
 		{
 			ID:   FieldSyscallPath,

pkg/sentry/seccheck/metadata_arm64.go

@@ -21,6 +21,7 @@ package seccheck
 // Keep them sorted by syscall number.
 func archInit() {
 	addSyscallPoint(19, "eventfd2", nil)
+	addSyscallPoint(22, "epoll_pwait", nil)
 	addSyscallPoint(23, "dup", []FieldDesc{
 		{
 			ID:   FieldSyscallPath,

pkg/sentry/seccheck/points/common.proto

@@ -134,5 +134,6 @@ enum MessageType {
   MESSAGE_SYSCALL_INOTIFY_RM_WATCH = 32;
   MESSAGE_SYSCALL_SOCKETPAIR = 33;
   MESSAGE_SYSCALL_WRITE = 34;
+  MESSAGE_SYSCALL_EPOLL_WAIT = 37;
 }
 // LINT.ThenChange(../../../../examples/seccheck/server.cc)

pkg/sentry/seccheck/points/syscall.proto

@@ -311,3 +311,11 @@ message SocketPair {
   int32 socket1 = 7;
   int32 socket2 = 8;
 }
+
+message EpollWait {
+  gvisor.common.ContextData context_data = 1;
+  Exit exit = 2;
+  uint64 sysno = 3;
+  int64 epfd = 4;
+  int64 max_events = 5;
+}

pkg/sentry/syscalls/linux/linux64.go

@@ -274,7 +274,7 @@ var AMD64 = &kernel.SyscallTable{
 		229: syscalls.Supported("clock_getres", ClockGetres),
 		230: syscalls.Supported("clock_nanosleep", ClockNanosleep),
 		231: syscalls.Supported("exit_group", ExitGroup),
-		232: syscalls.Supported("epoll_wait", EpollWait),
+		232: syscalls.SupportedPoint("epoll_wait", EpollWait, PointEpollWait),
 		233: syscalls.Supported("epoll_ctl", EpollCtl),
 		234: syscalls.Supported("tgkill", Tgkill),
 		235: syscalls.Supported("utimes", Utimes),
@@ -323,7 +323,7 @@ var AMD64 = &kernel.SyscallTable{
 		278: syscalls.ErrorWithEvent("vmsplice", linuxerr.ENOSYS, "", []string{"gvisor.dev/issue/138"}), // TODO(b/29354098)
 		279: syscalls.CapError("move_pages", linux.CAP_SYS_NICE, "", nil),                               // requires cap_sys_nice (mostly)
 		280: syscalls.Supported("utimensat", Utimensat),
-		281: syscalls.Supported("epoll_pwait", EpollPwait),
+		281: syscalls.SupportedPoint("epoll_pwait", EpollPwait, PointEpollPwait),
 		282: syscalls.SupportedPoint("signalfd", Signalfd, PointSignalfd),
 		283: syscalls.SupportedPoint("timerfd_create", TimerfdCreate, PointTimerfdCreate),
 		284: syscalls.SupportedPoint("eventfd", Eventfd, PointEventfd),
@@ -444,7 +444,7 @@ var ARM64 = &kernel.SyscallTable{
 		19:  syscalls.SupportedPoint("eventfd2", Eventfd2, PointEventfd2),
 		20:  syscalls.Supported("epoll_create1", EpollCreate1),
 		21:  syscalls.Supported("epoll_ctl", EpollCtl),
-		22:  syscalls.Supported("epoll_pwait", EpollPwait),
+		22:  syscalls.SupportedPoint("epoll_pwait", EpollPwait, PointEpollPwait),
 		23:  syscalls.SupportedPoint("dup", Dup, PointDup),
 		24:  syscalls.SupportedPoint("dup3", Dup3, PointDup3),
 		25:  syscalls.SupportedPoint("fcntl", Fcntl, PointFcntl),

pkg/sentry/syscalls/linux/points.go

@@ -992,3 +992,27 @@ func PointSocketpair(t *kernel.Task, fields seccheck.FieldSet, cxtData *pb.Conte
 	p.Exit = newExitMaybe(info)
 	return p, pb.MessageType_MESSAGE_SYSCALL_SOCKETPAIR
 }
+
+// PointEpollWait converts epoll_wait(2) syscall to proto.
+func PointEpollWait(t *kernel.Task, _ seccheck.FieldSet, cxtData *pb.ContextData, info kernel.SyscallInfo) (proto.Message, pb.MessageType) {
+	p := &pb.EpollWait{
+		ContextData: cxtData,
+		Sysno:       uint64(info.Sysno),
+		Epfd:        int64(info.Args[0].Int()),
+		MaxEvents:   int64(info.Args[2].Int()),
+	}
+	p.Exit = newExitMaybe(info)
+	return p, pb.MessageType_MESSAGE_SYSCALL_EPOLL_WAIT
+}
+
+// PointEpollPwait converts epoll_pwait(2) syscall to proto.
+func PointEpollPwait(t *kernel.Task, _ seccheck.FieldSet, cxtData *pb.ContextData, info kernel.SyscallInfo) (proto.Message, pb.MessageType) {
+	p := &pb.EpollWait{
+		ContextData: cxtData,
+		Sysno:       uint64(info.Sysno),
+		Epfd:        int64(info.Args[0].Int()),
+		MaxEvents:   int64(info.Args[2].Int()),
+	}
+	p.Exit = newExitMaybe(info)
+	return p, pb.MessageType_MESSAGE_SYSCALL_EPOLL_WAIT
+}