Add RISC-V 64-bit SECCOMP support

Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
2019-09-27 17:28:21 +02:00 · 2019-09-27 17:28:21 +02:00 · 0b53b1eec9
parent 5b2ad16a42
commit 0b53b1eec9
2 changed files with 85 additions and 1 deletions
--- a/systemd-seccomp-riscv64.patch
+++ b/systemd-seccomp-riscv64.patch
@ -0,0 +1,79 @@
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index acfe435..30615c2 100644
+--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
+@@ -90,6 +90,8 @@ const uint32_t seccomp_local_archs[] = {
+                 SCMP_ARCH_S390X,      /* native */
+ #elif defined(__s390__)
+                 SCMP_ARCH_S390,
+#elif defined(__riscv) && __riscv_xlen == 64
+                SCMP_ARCH_RISCV64,    /* native */
+ #endif
+                 (uint32_t) -1
+         };
+@@ -135,6 +137,8 @@ const char* seccomp_arch_to_string(uint32_t c) {
+                 return "s390";
+         case SCMP_ARCH_S390X:
+                 return "s390x";
+        case SCMP_ARCH_RISCV64:
+                return "riscv64";
+         default:
+                 return NULL;
+         }
+@@ -180,6 +184,8 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) {
+                 *ret = SCMP_ARCH_S390;
+         else if (streq(n, "s390x"))
+                 *ret = SCMP_ARCH_S390X;
+        else if (streq(n, "riscv64"))
+                *ret = SCMP_ARCH_RISCV64;
+         else
+                 return -EINVAL;
+ 
+@@ -1265,6 +1271,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
+                 case SCMP_ARCH_MIPS64N32:
+                 case SCMP_ARCH_MIPSEL64:
+                 case SCMP_ARCH_MIPS64:
+                case SCMP_ARCH_RISCV64:
+                         /* These we know we support (i.e. are the ones that do not use socketcall()) */
+                         supported = true;
+                         break;
+@@ -1503,7 +1510,7 @@ static int add_seccomp_syscall_filter(scmp_filter_ctx seccomp,
+ }
+ 
+ /* For known architectures, check that syscalls are indeed defined or not. */
+-#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+ assert_cc(SCMP_SYS(shmget) > 0);
+ assert_cc(SCMP_SYS(shmat) > 0);
+ assert_cc(SCMP_SYS(shmdt) > 0);
+@@ -1548,13 +1555,14 @@ int seccomp_memory_deny_write_execute(void) {
+                 case SCMP_ARCH_X32:
+                 case SCMP_ARCH_AARCH64:
+                 case SCMP_ARCH_S390X:
+-                        filter_syscall = SCMP_SYS(mmap); /* amd64, x32, s390x, and arm64 have only mmap */
+                case SCMP_ARCH_RISCV64:
+                        filter_syscall = SCMP_SYS(mmap); /* amd64, x32, s390x, arm64, and riscv64 have only mmap */
+                         shmat_syscall = SCMP_SYS(shmat);
+                         break;
+ 
+                 /* Please add more definitions here, if you port systemd to other architectures! */
+ 
+-#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__)
+#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__) && !defined(__riscv)
+ #warning "Consider adding the right mmap() syscall definitions here!"
+ #endif
+                 }
+diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
+index a906070..764e975 100644
+--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
+@@ -72,7 +72,8 @@ static void test_architecture_table(void) {
+                        "ppc64\0"
+                        "ppc64-le\0"
+                        "s390\0"
+-                       "s390x\0") {
+                       "s390x\0"
+                       "riscv64\0") {
+                 uint32_t c;
+ 
+                 assert_se(seccomp_arch_from_string(n, &c) >= 0);
--- a/systemd.spec
+++ b/systemd.spec
@ -15,7 +15,7 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        243
-Release:        2%{?commit:.git%{shortcommit}}.0.riscv64%{?dist}
+Release:        2%{?commit:.git%{shortcommit}}.1.riscv64%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@ -59,6 +59,8 @@ Patch0002:      0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch

 Patch0998:      0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch

+Patch0040:      systemd-seccomp-riscv64.patch
+
 %ifarch %{ix86} x86_64 aarch64
 %global have_gnu_efi 1
 %endif
@ -701,6 +703,9 @@ fi
 %files tests -f .file-list-tests

 %changelog
+* Fri Sep 27 2019 David Abdurachmanov <david.abdurachmanov@sifive.com> - 243-2.gitfab6f01.1.riscv64
+- Add SECCOMP support for RISC-V 64-bit (riscv64)
+
 * Sat Sep 21 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 243-2.gitfab6f01
 - Backport a bunch of patches (memory access issues, improvements to error
  reporting and handling in networkd, some misleading man page contents #1751363)