Systrack

----

New arch support: RISC-V 32-bit and 64-bit, tested on v4.15+ kernels (i.e.,
since the first Linux version supporting RISC-V).

**Improvements**:

- Improve dummy syscall implementation detection: try to first match known
"ni_syscall" code.
- Improve error messages and debug/info logs, pretty printing command-line
arguments and executed commands instead of dumping their tuple/list
representation.
- mips: implement simple arch-specific dummy syscall detection.
- arm64: remove "arm64_" arch-specific prefix from syscall names.

**Bug fixes**:

- mips: new dummy syscall detection now correctly identifies some dummy syscalls
that were previously missed (notably `cachestat`).

**Internal changes**:

- Archs can now specify multiple kernel Makefile config targets to run one after
the other as a "base" config.

----

**Improvements**:

- More robust and comprehensive syscall definition location search.

**Bug fixes**:

- Fix broken syscall definition location search and subsequent signature
extraction. Some syscalls were incorrectly reported as defined in place of
others, also causing the wrong signature to be extracted. Do not fully trust
the output of `addr2line` and perform full syscall name matching to fix this.
PowerPC was notably affected the most by this issue.

------

**Improvements**:

- x86: improve x86 syscall extraction code fixing undetected CALL targets.

**Internal changes**:

- x86: add some tests for syscall extraction based on v6.11 kernel build.

----

We tried so hard, and got so far, but in the end, we need a disassembler! x86
mitigations have defeated us, we no longer have syscall tables to rely on.
Kernel developers were kind enough to write very simple ABI-specific
switch-based handlers to dispach syscalls, so analysis is still possible... just
significantly more complicated.

**Breaking changes**:

- Drop support for Python 3.6 and 3.7. Systrack now requires Python 3.8+. This
is because of the new dependency on
[`iced-x86`](https://pypi.org/project/iced-x86/).

**Improvements**:

- x86: support new kernels (6.9+) with no syscall tables.
- Remove unnecessary spaces between asterisks for double pointers in function
signatures.
- Avoid KFCI `__{cfi,pfx}_` symbols when looking for `ni_syscall` symbols.

**Internal changes**:

- Depend on [`iced-x86`](https://pypi.org/project/iced-x86/) for disassembling
x86 instructions and on [`jinja2`](https://pypi.org/project/jinja2/) for HTML
output directly. Remove optional dependencies and only build one package.
- Rename `test` folder to `tests` to use the `hatch test` as test commnad
- Improve logging reproducibility by sorting more debugging log output.
- Improve broken Python package metadata (Python packaging moment).

----

New arch support: PowerPC 32-bit, tested on v5.0+ kernels.

**Improvements**:

- Improve kconfig dependency checking logic for better warning/error messages.
- PowerPC PPC64: improve esoteric fast switch_endian syscall detection.
- Better (narrower) emoji spacing in HTML output.

**Bug fixes**:

- Correctly report `delete_module` depending on `CONFIG_MODULE_UNLOAD=y`.
- Fix incorrectly handled shared syscall table in x86-64 x32 ABI resulting in
duplicated and unwanted entries in the output for kernels older than v5.4.
- Fix chance of building kernels without `memfd_create`, `memfd_secret`,
`delete_module` (and possibly others) by always enabling `MEMFD_CREATE`,
`MODULE_UNLOAD`, `NET` and `SECRETMEM` when available.
- Fix wrong handling of relative `--kdir` path (e.g., `.`) in some cases.
- Fix missed detection of non-implemented syscalls pointing to `kernel/sys_ni.c`
when DWARF debug info contains relative paths.
- x86 x32: fix some x64 syscalls reported twice because both the x64 number and
the historycally misnumbered x32 numbers (512-547) were being considered
valid.

**Internal changes**:

- Ignore `sound/` and `user/` dirs to speed up grepping syscall definitions.
- Implement some basic unit tests for powerpc dummy/esoteric syscall detection.

------

**Improvements**:

- Correctly report `lsm_{list_modules,get_self_attr,set_self_attr}` depending on
`CONFIG_SECURITY=y`.