Merge remote-tracking branch 'up/master' into master-riscv64

Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>

systemd-seccomp-riscv64.patch

@@ -0,0 +1,213 @@
+diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
+index 6d9b125..6586d58 100644
+--- a/src/basic/missing_syscall.h
++++ b/src/basic/missing_syscall.h
+@@ -59,6 +59,8 @@ static inline int missing_pivot_root(const char *new_root, const char *put_old)
+ #      define __NR_memfd_create 356
+ #    elif defined __arc__
+ #      define __NR_memfd_create 279
++#    elif defined __riscv
++#      define __NR_memfd_create 279
+ #    else
+ #      warning "__NR_memfd_create unknown for your architecture"
+ #    endif
+@@ -112,6 +114,8 @@ static inline int missing_memfd_create(const char *name, unsigned int flags) {
+ #      endif
+ #    elif defined(__arc__)
+ #      define __NR_getrandom 278
++#    elif defined(__riscv)
++#      define __NR_getrandom 278
+ #    else
+ #      warning "__NR_getrandom unknown for your architecture"
+ #    endif
+@@ -253,6 +257,8 @@ static inline pid_t raw_getpid(void) {
+ #      define __NR_renameat2 347
+ #    elif defined __arc__
+ #      define __NR_renameat2 276
++#    elif defined __riscv
++#      define __NR_renameat2 276
+ #    else
+ #      warning "__NR_renameat2 unknown for your architecture"
+ #    endif
+@@ -344,6 +350,8 @@ static inline key_serial_t missing_request_key(const char *type, const char *des
+ #      define __NR_copy_file_range 379
+ #    elif defined __arc__
+ #      define __NR_copy_file_range 285
++#    elif defined __riscv
++#      define __NR_copy_file_range 285
+ #    else
+ #      warning "__NR_copy_file_range not defined for your architecture"
+ #    endif
+@@ -386,6 +394,8 @@ static inline ssize_t missing_copy_file_range(int fd_in, loff_t *off_in,
+ #      define __NR_bpf 351
+ #    elif defined __tilegx__
+ #      define __NR_bpf 280
++#    elif defined __riscv
++#      define __NR_bpf 280
+ #    else
+ #      warning "__NR_bpf not defined for your architecture"
+ #    endif
+@@ -435,6 +445,8 @@ static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size) {
+ #      if _MIPS_SIM == _MIPS_SIM_ABI64
+ #        define __NR_pkey_mprotect 5323
+ #      endif
++#    elif defined __riscv
++#      define __NR_pkey_mprotect 288
+ #    else
+ #      warning "__NR_pkey_mprotect not defined for your architecture"
+ #    endif
+@@ -459,6 +471,8 @@ static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size) {
+ #      define __NR_statx 360
+ #    elif defined __x86_64__
+ #      define __NR_statx 332
++#    elif defined __riscv
++#      define __NR_statx 291
+ #    else
+ #      warning "__NR_statx not defined for your architecture"
+ #    endif
+diff --git a/src/basic/virt.c b/src/basic/virt.c
+index 3be3852..72792f5 100644
+--- a/src/basic/virt.c
++++ b/src/basic/virt.c
+@@ -84,7 +84,7 @@ static int detect_vm_cpuid(void) {
+ }
+ 
+ static int detect_vm_device_tree(void) {
+-#if defined(__arm__) || defined(__aarch64__) || defined(__powerpc__) || defined(__powerpc64__)
++#if defined(__arm__) || defined(__aarch64__) || defined(__powerpc__) || defined(__powerpc64__) || defined(__riscv)
+         _cleanup_free_ char *hvtype = NULL;
+         int r;
+ 
+@@ -127,7 +127,7 @@ static int detect_vm_device_tree(void) {
+ }
+ 
+ static int detect_vm_dmi(void) {
+-#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+ 
+         static const char *const dmi_vendors[] = {
+                 "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index acfe435..30615c2 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -90,6 +90,8 @@ const uint32_t seccomp_local_archs[] = {
+                 SCMP_ARCH_S390X,      /* native */
+ #elif defined(__s390__)
+                 SCMP_ARCH_S390,
++#elif defined(__riscv) && __riscv_xlen == 64
++                SCMP_ARCH_RISCV64,    /* native */
+ #endif
+                 (uint32_t) -1
+         };
+@@ -135,6 +137,8 @@ const char* seccomp_arch_to_string(uint32_t c) {
+                 return "s390";
+         case SCMP_ARCH_S390X:
+                 return "s390x";
++        case SCMP_ARCH_RISCV64:
++                return "riscv64";
+         default:
+                 return NULL;
+         }
+@@ -180,6 +184,8 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) {
+                 *ret = SCMP_ARCH_S390;
+         else if (streq(n, "s390x"))
+                 *ret = SCMP_ARCH_S390X;
++        else if (streq(n, "riscv64"))
++                *ret = SCMP_ARCH_RISCV64;
+         else
+                 return -EINVAL;
+ 
+@@ -1265,6 +1271,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) {
+                 case SCMP_ARCH_MIPS64N32:
+                 case SCMP_ARCH_MIPSEL64:
+                 case SCMP_ARCH_MIPS64:
++                case SCMP_ARCH_RISCV64:
+                         /* These we know we support (i.e. are the ones that do not use socketcall()) */
+                         supported = true;
+                         break;
+@@ -1503,7 +1510,7 @@ static int add_seccomp_syscall_filter(scmp_filter_ctx seccomp,
+ }
+ 
+ /* For known architectures, check that syscalls are indeed defined or not. */
+-#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+ assert_cc(SCMP_SYS(shmget) > 0);
+ assert_cc(SCMP_SYS(shmat) > 0);
+ assert_cc(SCMP_SYS(shmdt) > 0);
+@@ -1548,13 +1555,14 @@ int seccomp_memory_deny_write_execute(void) {
+                 case SCMP_ARCH_X32:
+                 case SCMP_ARCH_AARCH64:
+                 case SCMP_ARCH_S390X:
+-                        filter_syscall = SCMP_SYS(mmap); /* amd64, x32, s390x, and arm64 have only mmap */
++                case SCMP_ARCH_RISCV64:
++                        filter_syscall = SCMP_SYS(mmap); /* amd64, x32, s390x, arm64, and riscv64 have only mmap */
+                         shmat_syscall = SCMP_SYS(shmat);
+                         break;
+ 
+                 /* Please add more definitions here, if you port systemd to other architectures! */
+ 
+-#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__)
++#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__) && !defined(__riscv)
+ #warning "Consider adding the right mmap() syscall definitions here!"
+ #endif
+                 }
+diff --git a/src/test/test-execute.c b/src/test/test-execute.c
+index 435ab39..0aca8ae 100644
+--- a/src/test/test-execute.c
++++ b/src/test/test-execute.c
+@@ -275,6 +275,9 @@ static void test_exec_personality(Manager *m) {
+ #elif defined(__aarch64__)
+         test(__func__, m, "exec-personality-aarch64.service", 0, CLD_EXITED);
+ 
++#elif defined(__riscv__) && __riscv_xlen == 64
++        test(__func__, m, "exec-personality-riscv64.service", 0, CLD_EXITED);
++
+ #elif defined(__i386__)
+         test(__func__, m, "exec-personality-x86.service", 0, CLD_EXITED);
+ #else
+diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
+index a906070..e1b71dd 100644
+--- a/src/test/test-seccomp.c
++++ b/src/test/test-seccomp.c
+@@ -72,7 +72,8 @@ static void test_architecture_table(void) {
+                        "ppc64\0"
+                        "ppc64-le\0"
+                        "s390\0"
+-                       "s390x\0") {
++                       "s390x\0"
++                       "riscv64\0") {
+                 uint32_t c;
+ 
+                 assert_se(seccomp_arch_from_string(n, &c) >= 0);
+@@ -489,7 +490,7 @@ static void test_memory_deny_write_execute_mmap(void) {
+                 assert_se(seccomp_memory_deny_write_execute() >= 0);
+ 
+                 p = mmap(NULL, page_size(), PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1,0);
+-#if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+                 assert_se(p == MAP_FAILED);
+                 assert_se(errno == EPERM);
+ #else /* unknown architectures */
+@@ -552,7 +553,7 @@ static void test_memory_deny_write_execute_shmat(void) {
+ 
+                 p = shmat(shmid, NULL, SHM_EXEC);
+                 log_debug_errno(p == MAP_FAILED ? errno : 0, "shmat(SHM_EXEC): %m");
+-#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+                 assert_se(p == MAP_FAILED);
+                 assert_se(errno == EPERM);
+ #endif
+diff --git a/test/test-execute/exec-personality-riscv64.service b/test/test-execute/exec-personality-riscv64.service
+new file mode 100644
+index 0000000..ab20396
+--- /dev/null
++++ b/test/test-execute/exec-personality-riscv64.service
+@@ -0,0 +1,7 @@
++[Unit]
++Description=Test for Personality=riscv64
++
++[Service]
++ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "riscv64")'
++Type=oneshot
++Personality=riscv64

systemd.spec

@@ -20,7 +20,7 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        245.5
-Release:        2%{?commit:.git%{shortcommit}}%{?dist}
+Release:        2%{?commit:.git%{shortcommit}}.1.riscv64%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -75,6 +75,8 @@ Patch0998:      0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1803293
 Patch1000:      0001-Revert-job-Don-t-mark-as-redundant-if-deps-are-relev.patch
 
+#Patch0040:      systemd-seccomp-riscv64.patch
+
 %ifarch %{ix86} x86_64 aarch64
 %global have_gnu_efi 1
 %endif
@@ -132,7 +134,9 @@ BuildRequires:  git
 BuildRequires:  meson >= 0.43
 BuildRequires:  gettext
 # We use RUNNING_ON_VALGRIND in tests, so the headers need to be available
+%ifarch %{valgrind_arches}
 BuildRequires:  valgrind-devel
+%endif
 BuildRequires:  pkgconfig(bash-completion)
 
 Requires(post): coreutils
@@ -331,7 +335,11 @@ CONFIGURE_OPTS=(
         -Dxkbcommon=true
         -Dblkid=true
         -Dfdisk=true
+%ifnarch riscv64
         -Dseccomp=true
+%else
+        -Dseccomp=false
+%endif
         -Dima=true
         -Dselinux=true
         -Dapparmor=false
@@ -772,6 +780,10 @@ fi
 %files tests -f .file-list-tests
 
 %changelog
+* Fri Apr 24 2020 David Abdurachmanov <david.abdurachmanov@sifive.com> - 245.5-2.1.riscv64
+- Disable SECCOMP until the test can pass
+- Add SECCOMP support for RISC-V 64-bit (riscv64)
+
 * Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 245.5-2
 - Add explicit BuildRequires: acl
 - Bootstrapping for json-c SONAME bump