--- /dev/null
--- /dev/null
++libseccomp (2.4.3-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Drop patches that have been applied upstream:
++ - tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch
++ - api_define__SNR_ppoll_again.patch
++ * Cherry-pick support for the riscv64 architecture. (Closes: #952386)
++ - Add riscv64_support.patch
++
++ -- Felix Geyer <fgeyer@debian.org> Thu, 12 Mar 2020 23:35:13 +0100
++
++libseccomp (2.4.2-2) unstable; urgency=medium
++
++ [ Christian Ehrhardt ]
++ * d/rules: fix potential FTFBS after full python3 switch
++ * d/t/control: drop python2 test following the removal of the package
++
++ [ Felix Geyer ]
++ * Remove build-dependency on valgrind for mips64el as it's broken there.
++ * Backport patch to define __SNR_ppoll again.
++ - Add api_define__SNR_ppoll_again.patch
++ * Replace custom patch for cython3 with the upstream fix.
++
++ -- Felix Geyer <fgeyer@debian.org> Fri, 15 Nov 2019 18:12:53 +0100
++
++libseccomp (2.4.2-1) unstable; urgency=medium
++
++ [ Christian Ehrhardt ]
++ * New upstream release 2.4.2 for compatibility with newer kernels and
++ fixing FTBFS (LP: #1849785).
++ - drop d/p/python_install_dir.patch (now upstream)
++ - d/rules: adapt to python 3.8 lacking the m modifier on includes
++ see https://wiki.debian.org/Python/Python3.8
++ - d/p/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch: fix
++ build time test on arm64
++
++ [ Felix Geyer ]
++ * Drop Python 2 bindings. (Closes: #936917)
++ - Add cython3.patch to use the Python 3 cython variant.
++
++ -- Felix Geyer <fgeyer@debian.org> Wed, 13 Nov 2019 00:00:49 +0100
++
++libseccomp (2.4.1-2) unstable; urgency=medium
++
++ * Remove build-dependency on valgrind for mipsel and x32 as it's broken
++ on those archs.
++ * Set Rules-Requires-Root: no.
++
++ -- Felix Geyer <fgeyer@debian.org> Fri, 19 Jul 2019 00:03:34 +0200
++
++libseccomp (2.4.1-1) unstable; urgency=medium
++
++ * New upstream release.
++ - Addresses CVE-2019-9893 (Closes: #924646)
++ * Drop all patches for parisc arch support, merged upstream.
++ * Build-depend on valgrind to run more unit tests.
++ * Run dh_auto_configure for every python 3 version to install the extension
++ in the correct path.
++ * Update the symbols file.
++ * Adapt autopkgtest to new upstream version:
++ - Build against pthread
++ - Build scmp_api_level tool
++ * Upgrade to debhelper compat level 12.
++ - Add d/not-installed file
++ * Fix install path of the python module.
++ - Add python_install_dir.patch
++ * Add autopkgtest for python packages.
++
++ -- Felix Geyer <fgeyer@debian.org> Wed, 17 Jul 2019 23:23:28 +0200
++
++libseccomp (2.3.3-4) unstable; urgency=medium
++
++ [ Ondřej Nový ]
++ * d/copyright: Change Format URL to correct one
++
++ [ Helmut Grohne ]
++ * Fix FTCBFS: (Closes: #903556)
++ + Multiarchify python Build-Depends.
++ + Annotate cython dependencies with :native for now.
++ + Drop noop dh_auto_build invocations.
++ + Pass a suitable PYTHONPATH for python2.
++ + Pass _PYTHON_SYSCONFIGDATA_NAME for python3.
++
++ -- Felix Geyer <fgeyer@debian.org> Sun, 10 Feb 2019 12:25:44 +0100
++
++libseccomp (2.3.3-3) unstable; urgency=medium
++
++ * Fix FTBFS: Adapt to renamed README file. (Closes: #902767)
++
++ -- Felix Geyer <fgeyer@debian.org> Sun, 01 Jul 2018 20:32:03 +0200
++
++libseccomp (2.3.3-2) unstable; urgency=medium
++
++ [ Helmut Grohne ]
++ * Support the nopython build profile. (Closes: #897057)
++
++ [ Felix Geyer ]
++ * Run upstream "live" tests in an autopkgtest.
++
++ -- Felix Geyer <fgeyer@debian.org> Sun, 13 May 2018 09:53:08 +0200
++
++libseccomp (2.3.3-1) unstable; urgency=medium
++
++ * New upstream release. (Closes: #895417)
++ - Adds pkey_mprotect syscall. (Closes: #893722)
++ * Refresh parisc patch.
++ * Move libseccomp2 back to /usr/lib. (Closes: #894988)
++ * Make test failures cause the build to fail. (Closes: 877901)
++ * Build python bindings. (Closes: #810712)
++ * Switch to debhelper compat level 10.
++ * Move git repo to salsa.debian.org
++ * Add myself to Uploaders.
++
++ -- Felix Geyer <fgeyer@debian.org> Sun, 22 Apr 2018 23:55:03 +0200
++
++libseccomp (2.3.1-2.1) unstable; urgency=medium
++
++ [ Martin Pitt ]
++ * Non-maintainer upload with Kees' consent.
++
++ [ Laurent Bigonville ]
++ * Ensure strict enough generated dependencies (Closes: #844496)
++
++ -- Martin Pitt <mpitt@debian.org> Thu, 17 Nov 2016 10:16:44 +0100
++
++libseccomp (2.3.1-2) unstable; urgency=medium
++
++ * Add hppa (parisc) support (Closes: #820501)
++
++ -- Luca Bruno <lucab@debian.org> Sat, 28 May 2016 20:05:01 +0200
++
++libseccomp (2.3.1-1) unstable; urgency=medium
++
++ * New upstream release
++ * control: add Vcs-* fields
++
++ -- Luca Bruno <lucab@debian.org> Tue, 05 Apr 2016 22:16:55 +0200
++
++libseccomp (2.3.0-1) unstable; urgency=medium
++
++ * New upstream release
++ + drop all patches, applied upstream
++ * libseccomp2: update symbols file
++ * control: add myself to uploaders
++ * control: bump policy version
++
++ -- Luca Bruno <lucab@debian.org> Sun, 03 Apr 2016 00:31:09 +0200
++
++libseccomp (2.2.3-3) unstable; urgency=medium
++
++ [ Martin Pitt ]
++ * debian/patches/add-x86-32bit-socket-calls.patch: add the newly
++ connected direct socket calls. (Closes: #809556)
++ * debian/add-membarrier.patch: add membarrier syscall.
++ * Backport patches for ppc/ppc64 and s390x. (Closes: #800818)
++
++ -- Kees Cook <kees@debian.org> Tue, 01 Sep 2015 15:37:31 -0700
++
++libseccomp (2.2.3-2) unstable; urgency=medium
++
++ * debian/control: enable mips64, mips64el, and x32 architectures,
++ thanks to Helmut Grohne (Closes: 797383).
++
++ -- Kees Cook <kees@debian.org> Tue, 01 Sep 2015 15:37:31 -0700
++
++libseccomp (2.2.3-1) unstable; urgency=medium
++
++ * New upstream release (Closes: 793032).
++ * debian/control: update Homepage (Closes: 793033).
++
++ -- Kees Cook <kees@debian.org> Mon, 03 Aug 2015 15:06:08 -0700
++
++libseccomp (2.2.1-2) unstable; urgency=medium
++
++ * debian/{rules,*.install}: move to /lib, thanks to Michael Biebl
++ (Closes: 788923).
++
++ -- Kees Cook <kees@debian.org> Tue, 16 Jun 2015 12:45:08 -0700
++
++libseccomp (2.2.1-1) unstable; urgency=medium
++
++ * New upstream release (Closes: 785428).
++ - debian/patches dropped: incorporated upstream.
++ * debian/libseccomp2.symbols: include only documented symbols.
++ * debian/libseccomp-dev.install: include static library (Closes: 698508).
++ * debian/control:
++ - add newly supported arm64, mips, and mipsel.
++ - bump standards version, no changes needed.
++
++ -- Kees Cook <kees@debian.org> Sat, 16 May 2015 08:15:26 -0700
++
++libseccomp (2.1.1-1) unstable; urgency=low
++
++ * New upstream release (Closes: 733293).
++ * copyright: add a few missed people.
++ * rules: adjusted for new test target.
++ * libseccomp2.symbols: drop accidentally exported functions.
++ * control:
++ - bump standards, no changes needed.
++ - add armel target
++
++ -- Kees Cook <kees@debian.org> Sat, 12 Apr 2014 10:44:22 -0700
++
++libseccomp (2.1.0+dfsg-1) unstable; urgency=low
++
++ * Rebuild source package without accidental binaries (Closes: 725617).
++ - debian/watch: mangle upstream version check.
++ * debian/rules: make tests non-fatal while upstream fixes them
++ (Closes: 721292).
++
++ -- Kees Cook <kees@debian.org> Sun, 06 Oct 2013 15:05:51 -0700
++
++libseccomp (2.1.0-1) unstable; urgency=low
++
++ * New upstream release (Closes: 718398):
++ - dropped debian/patches/manpage-dashes.patch: taken upstream.
++ - dropped debian/patches/include-unistd.patch: not needed.
++ - debian/patches/testsuite-x86-write.patch: taken upstream.
++ - ABI bump: moved from libseccomp1 to libseccomp2.
++ * debian/control:
++ - added Arch: armhf, now supported upstream.
++ - added seccomp binary package for helper tools.
++ * Added debian/patches/manpage-typo.patch: spelling fix.
++ * Added debian/patches/build-ldflags.patch: fix LDFLAGS handling.
++
++ -- Kees Cook <kees@debian.org> Tue, 13 Aug 2013 00:02:01 -0700
++
++libseccomp (1.0.1-2) unstable; urgency=low
++
++ * debian/rules: enable testsuite at build time, thanks to
++ Stéphane Graber (Closes: 698803).
++ * Added debian/patches/include-unistd.patch: detect location of
++ asm/unistd.h correctly.
++ * Added debian/patches/testsuite-x86-write.patch: skip the "write"
++ syscall correctly on x86.
++ * debian/control: bump standards to 3.9.4, no changes needed.
++
++ -- Kees Cook <kees@debian.org> Wed, 23 Jan 2013 13:11:53 -0800
++
++libseccomp (1.0.1-1) unstable; urgency=low
++
++ * New upstream release.
++ * debian/control: only build on amd64 and i386 (Closes: 687368).
++
++ -- Kees Cook <kees@debian.org> Fri, 07 Dec 2012 11:38:03 -0800
++
++libseccomp (1.0.0-1) unstable; urgency=low
++
++ * New upstream release.
++ - bump ABI.
++ - drop build verbosity patch, use upstream V=1 instead.
++ * libseccomp-dev.manpages: fix build location (Closes: 682152, 682471).
++ * debian/patches/pkgconfig-macro.patch: use literals for macro.
++
++ -- Kees Cook <kees@debian.org> Fri, 03 Aug 2012 16:59:41 -0700
++
++libseccomp (0.1.0-1) unstable; urgency=low
++
++ * New upstream release.
++ - drop patches taken upstream:
++ - libexecdir.patch
++ - pass-flags.patch
++
++ -- Kees Cook <kees@debian.org> Fri, 08 Jun 2012 12:32:22 -0700
++
++libseccomp (0.0.0~20120605-1) unstable; urgency=low
++
++ * Initial release (Closes: #676257).
++
++ -- Kees Cook <kees@debian.org> Tue, 05 Jun 2012 11:28:07 -0700
--- /dev/null
--- /dev/null
++From 5432e15521d5ce5a7d3f26bf78674cbaa9d73d1f Mon Sep 17 00:00:00 2001
++From: Andreas Schwab <schwab@suse.de>
++Date: Tue, 7 Jan 2020 14:51:19 +0100
++Subject: [PATCH] arch: Add RISC-V 64-bit support
++
++Signed-off-by: Andreas Schwab <schwab@suse.de>
++[PM: minor macro shuffling in seccomp.h.in]
++Signed-off-by: Paul Moore <paul@paul-moore.com>
++---
++ include/seccomp-syscalls.h | 5 +
++ include/seccomp.h.in | 12 +
++ src/Makefile.am | 1 +
++ src/arch-riscv64-syscalls.c | 553 ++++++++++++++++++++++++++++++
++ src/arch-riscv64.c | 31 ++
++ src/arch-riscv64.h | 30 ++
++ src/arch.c | 7 +
++ src/gen_pfc.c | 2 +
++ src/python/libseccomp.pxd | 1 +
++ src/python/seccomp.pyx | 2 +
++ src/system.c | 1 +
++ tests/15-basic-resolver.c | 1 +
++ tests/16-sim-arch_basic.c | 6 +
++ tests/16-sim-arch_basic.py | 1 +
++ tests/23-sim-arch_all_le_basic.c | 3 +
++ tests/23-sim-arch_all_le_basic.py | 1 +
++ tests/regression | 6 +-
++ tools/scmp_arch_detect.c | 3 +
++ tools/scmp_bpf_disasm.c | 2 +
++ tools/scmp_bpf_sim.c | 2 +
++ tools/util.c | 2 +
++ tools/util.h | 7 +
++ 22 files changed, 677 insertions(+), 2 deletions(-)
++ create mode 100644 src/arch-riscv64-syscalls.c
++ create mode 100644 src/arch-riscv64.c
++ create mode 100644 src/arch-riscv64.h
++
++diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
++index 3c958df..d7eb383 100644
++--- a/include/seccomp-syscalls.h
+++++ b/include/seccomp-syscalls.h
++@@ -273,6 +273,7 @@
++ #define __PNR_timerfd_settime64 -10239
++ #define __PNR_utimensat_time64 -10240
++ #define __PNR_ppoll -10241
+++#define __PNR_renameat -10242
++
++ /*
++ * libseccomp syscall definitions
++@@ -1494,7 +1495,11 @@
++ #define __SNR_rename __PNR_rename
++ #endif
++
+++#ifdef __NR_renameat
++ #define __SNR_renameat __NR_renameat
+++#else
+++#define __SNR_renameat __PNR_renameat
+++#endif
++
++ #define __SNR_renameat2 __NR_renameat2
++
++diff --git a/include/seccomp.h.in b/include/seccomp.h.in
++index 42f3a79..208b366 100644
++--- a/include/seccomp.h.in
+++++ b/include/seccomp.h.in
++@@ -196,6 +196,18 @@ struct scmp_arg_cmp {
++ #define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC
++ #define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64
++
+++/**
+++ * The RISC-V architecture tokens
+++ */
+++/* RISC-V support for audit was merged in 5.0-rc1 */
+++#ifndef AUDIT_ARCH_RISCV64
+++#ifndef EM_RISCV
+++#define EM_RISCV 243
+++#endif /* EM_RISCV */
+++#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+++#endif /* AUDIT_ARCH_RISCV64 */
+++#define SCMP_ARCH_RISCV64 AUDIT_ARCH_RISCV64
+++
++ /**
++ * Convert a syscall name into the associated syscall number
++ * @param x the syscall name
++diff --git a/src/Makefile.am b/src/Makefile.am
++index 2e7e38d..47e2f33 100644
++--- a/src/Makefile.am
+++++ b/src/Makefile.am
++@@ -42,6 +42,7 @@ SOURCES_ALL = \
++ arch-parisc.h arch-parisc.c arch-parisc64.c arch-parisc-syscalls.c \
++ arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
++ arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \
+++ arch-riscv64.h arch-riscv64.c arch-riscv64-syscalls.c \
++ arch-s390.h arch-s390.c arch-s390-syscalls.c \
++ arch-s390x.h arch-s390x.c arch-s390x-syscalls.c
++
++diff --git a/src/arch-riscv64-syscalls.c b/src/arch-riscv64-syscalls.c
++new file mode 100644
++index 0000000..ceebece
++--- /dev/null
+++++ b/src/arch-riscv64-syscalls.c
++@@ -0,0 +1,553 @@
+++/*
+++ * This library is free software; you can redistribute it and/or modify it
+++ * under the terms of version 2.1 of the GNU Lesser General Public License as
+++ * published by the Free Software Foundation.
+++ *
+++ * This library is distributed in the hope that it will be useful, but WITHOUT
+++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+++ * for more details.
+++ *
+++ * You should have received a copy of the GNU Lesser General Public License
+++ * along with this library; if not, see <http://www.gnu.org/licenses>.
+++ */
+++
+++#include <string.h>
+++
+++#include <seccomp.h>
+++
+++#include "arch.h"
+++#include "arch-riscv64.h"
+++
+++/* NOTE: based on Linux 5.4 */
+++const struct arch_syscall_def riscv64_syscall_table[] = { \
+++ { "_llseek", __PNR__llseek },
+++ { "_newselect", __PNR__newselect },
+++ { "_sysctl", __PNR__sysctl },
+++ { "accept", 202 },
+++ { "accept4", 242 },
+++ { "access", __PNR_access },
+++ { "acct", 89 },
+++ { "add_key", 217 },
+++ { "adjtimex", 171 },
+++ { "afs_syscall", __PNR_afs_syscall },
+++ { "alarm", __PNR_alarm },
+++ { "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
+++ { "arm_sync_file_range", __PNR_arm_sync_file_range },
+++ { "arch_prctl", __PNR_arch_prctl },
+++ { "bdflush", __PNR_bdflush },
+++ { "bind", 200 },
+++ { "bpf", 280 },
+++ { "break", __PNR_break },
+++ { "breakpoint", __PNR_breakpoint },
+++ { "brk", 214 },
+++ { "cachectl", __PNR_cachectl },
+++ { "cacheflush", __PNR_cacheflush },
+++ { "capget", 90 },
+++ { "capset", 91 },
+++ { "chdir", 49 },
+++ { "chmod", __PNR_chmod },
+++ { "chown", __PNR_chown },
+++ { "chown32", __PNR_chown32 },
+++ { "chroot", 51 },
+++ { "clock_adjtime", 266 },
+++ { "clock_adjtime64", __PNR_clock_adjtime64 },
+++ { "clock_getres", 114 },
+++ { "clock_getres_time64", __PNR_clock_getres_time64 },
+++ { "clock_gettime", 113 },
+++ { "clock_gettime64", __PNR_clock_gettime64 },
+++ { "clock_nanosleep", 115 },
+++ { "clock_nanosleep_time64", __PNR_clock_nanosleep_time64 },
+++ { "clock_settime", 112 },
+++ { "clock_settime64", __PNR_clock_settime64 },
+++ { "clone", 220 },
+++ { "clone3", 435 },
+++ { "close", 57 },
+++ { "connect", 203 },
+++ { "copy_file_range", 285 },
+++ { "creat", __PNR_creat },
+++ { "create_module", __PNR_create_module },
+++ { "delete_module", 106 },
+++ { "dup", 23 },
+++ { "dup2", __PNR_dup2 },
+++ { "dup3", 24 },
+++ { "epoll_create", __PNR_epoll_create },
+++ { "epoll_create1", 20 },
+++ { "epoll_ctl", 21 },
+++ { "epoll_ctl_old", __PNR_epoll_ctl_old },
+++ { "epoll_pwait", 22 },
+++ { "epoll_wait", __PNR_epoll_wait },
+++ { "epoll_wait_old", __PNR_epoll_wait_old },
+++ { "eventfd", __PNR_eventfd },
+++ { "eventfd2", 19 },
+++ { "execve", 221 },
+++ { "execveat", 281 },
+++ { "exit", 93 },
+++ { "exit_group", 94 },
+++ { "faccessat", 48 },
+++ { "fadvise64", 223 },
+++ { "fadvise64_64", __PNR_fadvise64_64 },
+++ { "fallocate", 47 },
+++ { "fanotify_init", 262 },
+++ { "fanotify_mark", 263 },
+++ { "fchdir", 50 },
+++ { "fchmod", 52 },
+++ { "fchmodat", 53 },
+++ { "fchown", 55 },
+++ { "fchown32", __PNR_fchown32 },
+++ { "fchownat", 54 },
+++ { "fcntl", 25 },
+++ { "fcntl64", __PNR_fcntl64 },
+++ { "fdatasync", 83 },
+++ { "fgetxattr", 10 },
+++ { "finit_module", 273 },
+++ { "flistxattr", 13 },
+++ { "flock", 32 },
+++ { "fork", __PNR_fork },
+++ { "fremovexattr", 16 },
+++ { "fsconfig", 431 },
+++ { "fsetxattr", 7 },
+++ { "fsmount", 432 },
+++ { "fsopen", 430 },
+++ { "fspick", 433 },
+++ { "fstat", 80 },
+++ { "fstat64", __PNR_fstat64 },
+++ { "fstatat64", __PNR_fstatat64 },
+++ { "fstatfs", 44 },
+++ { "fstatfs64", __PNR_fstatfs64 },
+++ { "fsync", 82 },
+++ { "ftime", __PNR_ftime },
+++ { "ftruncate", 46 },
+++ { "ftruncate64", __PNR_ftruncate64 },
+++ { "futex", 98 },
+++ { "futex_time64", __PNR_futex_time64 },
+++ { "futimesat", __PNR_futimesat },
+++ { "get_kernel_syms", __PNR_get_kernel_syms },
+++ { "get_mempolicy", 236 },
+++ { "get_robust_list", 100 },
+++ { "get_thread_area", __PNR_get_thread_area },
+++ { "get_tls", __PNR_get_tls },
+++ { "getcpu", 168 },
+++ { "getcwd", 17 },
+++ { "getdents", __PNR_getdents },
+++ { "getdents64", 61 },
+++ { "getegid", 177 },
+++ { "getegid32", __PNR_getegid32 },
+++ { "geteuid", 175 },
+++ { "geteuid32", __PNR_geteuid32 },
+++ { "getgid", 176 },
+++ { "getgid32", __PNR_getgid32 },
+++ { "getgroups", 158 },
+++ { "getgroups32", __PNR_getgroups32 },
+++ { "getitimer", 102 },
+++ { "getpeername", 205 },
+++ { "getpgid", 155 },
+++ { "getpgrp", __PNR_getpgrp },
+++ { "getpid", 172 },
+++ { "getpmsg", __PNR_getpmsg },
+++ { "getppid", 173 },
+++ { "getpriority", 141 },
+++ { "getrandom", 278 },
+++ { "getresgid", 150 },
+++ { "getresgid32", __PNR_getresgid32 },
+++ { "getresuid", 148 },
+++ { "getresuid32", __PNR_getresuid32 },
+++ { "getrlimit", 163 },
+++ { "getrusage", 165 },
+++ { "getsid", 156 },
+++ { "getsockname", 204 },
+++ { "getsockopt", 209 },
+++ { "gettid", 178 },
+++ { "gettimeofday", 169 },
+++ { "getuid", 174 },
+++ { "getuid32", __PNR_getuid32 },
+++ { "getxattr", 8 },
+++ { "gtty", __PNR_gtty },
+++ { "idle", __PNR_idle },
+++ { "init_module", 105 },
+++ { "inotify_add_watch", 27 },
+++ { "inotify_init", __PNR_inotify_init },
+++ { "inotify_init1", 26 },
+++ { "inotify_rm_watch", 28 },
+++ { "io_cancel", 3 },
+++ { "io_destroy", 1 },
+++ { "io_getevents", 4 },
+++ { "io_pgetevents", 292 },
+++ { "io_pgetevents_time64", __PNR_io_pgetevents_time64 },
+++ { "io_setup", 0 },
+++ { "io_submit", 2 },
+++ { "io_uring_enter", 426 },
+++ { "io_uring_register", 427 },
+++ { "io_uring_setup", 425 },
+++ { "ioctl", 29 },
+++ { "ioperm", __PNR_ioperm },
+++ { "iopl", __PNR_iopl },
+++ { "ioprio_get", 31 },
+++ { "ioprio_set", 30 },
+++ { "ipc", __PNR_ipc },
+++ { "kcmp", 272 },
+++ { "kexec_file_load", 294 },
+++ { "kexec_load", 104 },
+++ { "keyctl", 219 },
+++ { "kill", 129 },
+++ { "lchown", __PNR_lchown },
+++ { "lchown32", __PNR_lchown32 },
+++ { "lgetxattr", 9 },
+++ { "link", __PNR_link },
+++ { "linkat", 37 },
+++ { "listen", 201 },
+++ { "listxattr", 11 },
+++ { "llistxattr", 12 },
+++ { "lock", __PNR_lock },
+++ { "lookup_dcookie", 18 },
+++ { "lremovexattr", 15 },
+++ { "lseek", 62 },
+++ { "lsetxattr", 6 },
+++ { "lstat", __PNR_lstat },
+++ { "lstat64", __PNR_lstat64 },
+++ { "madvise", 233 },
+++ { "mbind", 235 },
+++ { "membarrier", 283 },
+++ { "memfd_create", 279 },
+++ { "migrate_pages", 238 },
+++ { "mincore", 232 },
+++ { "mkdir", __PNR_mkdir },
+++ { "mkdirat", 34 },
+++ { "mknod", __PNR_mknod },
+++ { "mknodat", 33 },
+++ { "mlock", 228 },
+++ { "mlock2", 284 },
+++ { "mlockall", 230 },
+++ { "mmap", 222 },
+++ { "mmap2", __PNR_mmap2 },
+++ { "modify_ldt", __PNR_modify_ldt },
+++ { "mount", 40 },
+++ { "move_mount", 429 },
+++ { "move_pages", 239 },
+++ { "mprotect", 226 },
+++ { "mpx", __PNR_mpx },
+++ { "mq_getsetattr", 185 },
+++ { "mq_notify", 184 },
+++ { "mq_open", 180 },
+++ { "mq_timedreceive", 183 },
+++ { "mq_timedreceive_time64", __PNR_mq_timedreceive_time64 },
+++ { "mq_timedsend", 182 },
+++ { "mq_timedsend_time64", __PNR_mq_timedsend_time64 },
+++ { "mq_unlink", 181 },
+++ { "mremap", 216 },
+++ { "msgctl", 187 },
+++ { "msgget", 186 },
+++ { "msgrcv", 188 },
+++ { "msgsnd", 189 },
+++ { "msync", 227 },
+++ { "multiplexer", __PNR_multiplexer },
+++ { "munlock", 229 },
+++ { "munlockall", 231 },
+++ { "munmap", 215 },
+++ { "name_to_handle_at", 264 },
+++ { "nanosleep", 101 },
+++ { "newfstatat", 79 },
+++ { "nfsservctl", 42 },
+++ { "nice", __PNR_nice },
+++ { "oldfstat", __PNR_oldfstat },
+++ { "oldlstat", __PNR_oldlstat },
+++ { "oldolduname", __PNR_oldolduname },
+++ { "oldstat", __PNR_oldstat },
+++ { "olduname", __PNR_olduname },
+++ { "oldwait4", __PNR_oldwait4 },
+++ { "open", __PNR_open },
+++ { "open_by_handle_at", 265 },
+++ { "open_tree", 428 },
+++ { "openat", 56 },
+++ { "pause", __PNR_pause },
+++ { "pciconfig_iobase", __PNR_pciconfig_iobase },
+++ { "pciconfig_read", __PNR_pciconfig_read },
+++ { "pciconfig_write", __PNR_pciconfig_write },
+++ { "perf_event_open", 241 },
+++ { "personality", 92 },
+++ { "pidfd_open", 434 },
+++ { "pidfd_send_signal", 424 },
+++ { "pipe", __PNR_pipe },
+++ { "pipe2", 59 },
+++ { "pivot_root", 41 },
+++ { "pkey_alloc", 289 },
+++ { "pkey_free", 290 },
+++ { "pkey_mprotect", 288 },
+++ { "poll", __PNR_poll },
+++ { "ppoll", 73 },
+++ { "ppoll_time64", __PNR_ppoll_time64 },
+++ { "prctl", 167 },
+++ { "pread64", 67 },
+++ { "preadv", 69 },
+++ { "preadv2", 286 },
+++ { "prlimit64", 261 },
+++ { "process_vm_readv", 270 },
+++ { "process_vm_writev", 271 },
+++ { "prof", __PNR_prof },
+++ { "profil", __PNR_profil },
+++ { "pselect6", 72 },
+++ { "pselect6_time64", __PNR_pselect6_time64 },
+++ { "ptrace", 117 },
+++ { "putpmsg", __PNR_putpmsg },
+++ { "pwrite64", 68 },
+++ { "pwritev", 70 },
+++ { "pwritev2", 287 },
+++ { "query_module", __PNR_query_module },
+++ { "quotactl", 60 },
+++ { "read", 63 },
+++ { "readahead", 213 },
+++ { "readdir", __PNR_readdir },
+++ { "readlink", __PNR_readlink },
+++ { "readlinkat", 78 },
+++ { "readv", 65 },
+++ { "reboot", 142 },
+++ { "recv", __PNR_recv },
+++ { "recvfrom", 207 },
+++ { "recvmmsg", 243 },
+++ { "recvmmsg_time64", __PNR_recvmmsg_time64 },
+++ { "recvmsg", 212 },
+++ { "remap_file_pages", 234 },
+++ { "removexattr", 14 },
+++ { "rename", __PNR_rename },
+++ { "renameat", __PNR_renameat },
+++ { "renameat2", 276 },
+++ { "request_key", 218 },
+++ { "restart_syscall", 128 },
+++ { "rmdir", __PNR_rmdir },
+++ { "riscv_flush_icache", 244 },
+++ { "rseq", 293 },
+++ { "rt_sigaction", 134 },
+++ { "rt_sigpending", 136 },
+++ { "rt_sigprocmask", 135 },
+++ { "rt_sigqueueinfo", 138 },
+++ { "rt_sigreturn", 139 },
+++ { "rt_sigsuspend", 133 },
+++ { "rt_sigtimedwait", 137 },
+++ { "rt_sigtimedwait_time64", __PNR_rt_sigtimedwait_time64 },
+++ { "rt_tgsigqueueinfo", 240 },
+++ { "rtas", __PNR_rtas },
+++ { "s390_guarded_storage", __PNR_s390_guarded_storage },
+++ { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+++ { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+++ { "s390_runtime_instr", __PNR_s390_runtime_instr },
+++ { "s390_sthyi", __PNR_s390_sthyi },
+++ { "sched_get_priority_max", 125 },
+++ { "sched_get_priority_min", 126 },
+++ { "sched_getaffinity", 123 },
+++ { "sched_getattr", 275 },
+++ { "sched_getparam", 121 },
+++ { "sched_getscheduler", 120 },
+++ { "sched_rr_get_interval", 127 },
+++ { "sched_rr_get_interval_time64", __PNR_sched_rr_get_interval_time64 },
+++ { "sched_setaffinity", 122 },
+++ { "sched_setattr", 274 },
+++ { "sched_setparam", 118 },
+++ { "sched_setscheduler", 119 },
+++ { "sched_yield", 124 },
+++ { "seccomp", 277 },
+++ { "security", __PNR_security },
+++ { "select", __PNR_select },
+++ { "semctl", 191 },
+++ { "semget", 190 },
+++ { "semop", 193 },
+++ { "semtimedop", 192 },
+++ { "semtimedop_time64", __PNR_semtimedop_time64 },
+++ { "send", __PNR_send },
+++ { "sendfile", 71 },
+++ { "sendfile64", __PNR_sendfile64 },
+++ { "sendmmsg", 269 },
+++ { "sendmsg", 211 },
+++ { "sendto", 206 },
+++ { "set_mempolicy", 237 },
+++ { "set_robust_list", 99 },
+++ { "set_thread_area", __PNR_set_thread_area },
+++ { "set_tid_address", 96 },
+++ { "set_tls", __PNR_set_tls },
+++ { "setdomainname", 162 },
+++ { "setfsgid", 152 },
+++ { "setfsgid32", __PNR_setfsgid32 },
+++ { "setfsuid", 151 },
+++ { "setfsuid32", __PNR_setfsuid32 },
+++ { "setgid", 144 },
+++ { "setgid32", __PNR_setgid32 },
+++ { "setgroups", 159 },
+++ { "setgroups32", __PNR_setgroups32 },
+++ { "sethostname", 161 },
+++ { "setitimer", 103 },
+++ { "setns", 268 },
+++ { "setpgid", 154 },
+++ { "setpriority", 140 },
+++ { "setregid", 143 },
+++ { "setregid32", __PNR_setregid32 },
+++ { "setresgid", 149 },
+++ { "setresgid32", __PNR_setresgid32 },
+++ { "setresuid", 147 },
+++ { "setresuid32", __PNR_setresuid32 },
+++ { "setreuid", 145 },
+++ { "setreuid32", __PNR_setreuid32 },
+++ { "setrlimit", 164 },
+++ { "setsid", 157 },
+++ { "setsockopt", 208 },
+++ { "settimeofday", 170 },
+++ { "setuid", 146 },
+++ { "setuid32", __PNR_setuid32 },
+++ { "setxattr", 5 },
+++ { "sgetmask", __PNR_sgetmask },
+++ { "shmat", 196 },
+++ { "shmctl", 195 },
+++ { "shmdt", 197 },
+++ { "shmget", 194 },
+++ { "shutdown", 210 },
+++ { "sigaction", __PNR_sigaction },
+++ { "sigaltstack", 132 },
+++ { "signal", __PNR_signal },
+++ { "signalfd", __PNR_signalfd },
+++ { "signalfd4", 74 },
+++ { "sigpending", __PNR_sigpending },
+++ { "sigprocmask", __PNR_sigprocmask },
+++ { "sigreturn", __PNR_sigreturn },
+++ { "sigsuspend", __PNR_sigsuspend },
+++ { "socket", 198 },
+++ { "socketcall", __PNR_socketcall },
+++ { "socketpair", 199 },
+++ { "splice", 76 },
+++ { "spu_create", __PNR_spu_create },
+++ { "spu_run", __PNR_spu_run },
+++ { "ssetmask", __PNR_ssetmask },
+++ { "stat", __PNR_stat },
+++ { "stat64", __PNR_stat64 },
+++ { "statfs", 43 },
+++ { "statfs64", __PNR_statfs64 },
+++ { "statx", 291 },
+++ { "stime", __PNR_stime },
+++ { "stty", __PNR_stty },
+++ { "subpage_prot", __PNR_subpage_prot },
+++ { "swapcontext", __PNR_swapcontext },
+++ { "swapoff", 225 },
+++ { "swapon", 224 },
+++ { "switch_endian", __PNR_switch_endian },
+++ { "symlink", __PNR_symlink },
+++ { "symlinkat", 36 },
+++ { "sync", 81 },
+++ { "sync_file_range", 84 },
+++ { "sync_file_range2", __PNR_sync_file_range2 },
+++ { "syncfs", 267 },
+++ { "syscall", __PNR_syscall },
+++ { "sys_debug_setcontext", __PNR_sys_debug_setcontext },
+++ { "sysfs", __PNR_sysfs },
+++ { "sysinfo", 179 },
+++ { "syslog", 116 },
+++ { "sysmips", __PNR_sysmips },
+++ { "tee", 77 },
+++ { "tgkill", 131 },
+++ { "time", __PNR_time },
+++ { "timer_create", 107 },
+++ { "timer_delete", 111 },
+++ { "timer_getoverrun", 109 },
+++ { "timer_gettime", 108 },
+++ { "timer_gettime64", __PNR_timer_gettime64 },
+++ { "timer_settime", 110 },
+++ { "timer_settime64", __PNR_timer_settime64 },
+++ { "timerfd", __PNR_timerfd },
+++ { "timerfd_create", 85 },
+++ { "timerfd_gettime", 87 },
+++ { "timerfd_gettime64", __PNR_timerfd_gettime64 },
+++ { "timerfd_settime", 86 },
+++ { "timerfd_settime64", __PNR_timerfd_settime64 },
+++ { "times", 153 },
+++ { "tkill", 130 },
+++ { "truncate", 45 },
+++ { "truncate64", __PNR_truncate64 },
+++ { "tuxcall", __PNR_tuxcall },
+++ { "ugetrlimit", __PNR_ugetrlimit },
+++ { "ulimit", __PNR_ulimit },
+++ { "umask", 166 },
+++ { "umount", __PNR_umount },
+++ { "umount2", 39 },
+++ { "uname", 160 },
+++ { "unlink", __PNR_unlink },
+++ { "unlinkat", 35 },
+++ { "unshare", 97 },
+++ { "uselib", __PNR_uselib },
+++ { "userfaultfd", 282 },
+++ { "usr26", __PNR_usr26 },
+++ { "usr32", __PNR_usr32 },
+++ { "ustat", __PNR_ustat },
+++ { "utime", __PNR_utime },
+++ { "utimensat", 88 },
+++ { "utimensat_time64", __PNR_utimensat_time64 },
+++ { "utimes", __PNR_utimes },
+++ { "vfork", __PNR_vfork },
+++ { "vhangup", 58 },
+++ { "vm86", __PNR_vm86 },
+++ { "vm86old", __PNR_vm86old },
+++ { "vmsplice", 75 },
+++ { "vserver", __PNR_vserver },
+++ { "wait4", 260 },
+++ { "waitid", 95 },
+++ { "waitpid", __PNR_waitpid },
+++ { "write", 64 },
+++ { "writev", 66 },
+++ { NULL, __NR_SCMP_ERROR },
+++};
+++
+++/**
+++ * Resolve a syscall name to a number
+++ * @param name the syscall name
+++ *
+++ * Resolve the given syscall name to the syscall number using the syscall table.
+++ * Returns the syscall number on success, including negative pseudo syscall
+++ * numbers; returns __NR_SCMP_ERROR on failure.
+++ *
+++ */
+++int riscv64_syscall_resolve_name(const char *name)
+++{
+++ unsigned int iter;
+++ const struct arch_syscall_def *table = riscv64_syscall_table;
+++
+++ /* XXX - plenty of room for future improvement here */
+++ for (iter = 0; table[iter].name != NULL; iter++) {
+++ if (strcmp(name, table[iter].name) == 0)
+++ return table[iter].num;
+++ }
+++
+++ return __NR_SCMP_ERROR;
+++}
+++
+++/**
+++ * Resolve a syscall number to a name
+++ * @param num the syscall number
+++ *
+++ * Resolve the given syscall number to the syscall name using the syscall table.
+++ * Returns a pointer to the syscall name string on success, including pseudo
+++ * syscall names; returns NULL on failure.
+++ *
+++ */
+++const char *riscv64_syscall_resolve_num(int num)
+++{
+++ unsigned int iter;
+++ const struct arch_syscall_def *table = riscv64_syscall_table;
+++
+++ /* XXX - plenty of room for future improvement here */
+++ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
+++ if (num == table[iter].num)
+++ return table[iter].name;
+++ }
+++
+++ return NULL;
+++}
+++
+++
+++/**
+++ * Iterate through the syscall table and return the syscall mapping
+++ * @param spot the offset into the syscall table
+++ *
+++ * Return the syscall mapping at position @spot or NULL on failure. This
+++ * function should only ever be used internally by libseccomp.
+++ *
+++ */
+++const struct arch_syscall_def *riscv64_syscall_iterate(unsigned int spot)
+++{
+++ /* XXX - no safety checks here */
+++ return &riscv64_syscall_table[spot];
+++}
++diff --git a/src/arch-riscv64.c b/src/arch-riscv64.c
++new file mode 100644
++index 0000000..67bc926
++--- /dev/null
+++++ b/src/arch-riscv64.c
++@@ -0,0 +1,31 @@
+++/*
+++ * This library is free software; you can redistribute it and/or modify it
+++ * under the terms of version 2.1 of the GNU Lesser General Public License as
+++ * published by the Free Software Foundation.
+++ *
+++ * This library is distributed in the hope that it will be useful, but WITHOUT
+++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+++ * for more details.
+++ *
+++ * You should have received a copy of the GNU Lesser General Public License
+++ * along with this library; if not, see <http://www.gnu.org/licenses>.
+++ */
+++
+++#include <stdlib.h>
+++#include <errno.h>
+++#include <linux/audit.h>
+++
+++#include "arch.h"
+++#include "arch-riscv64.h"
+++
+++const struct arch_def arch_def_riscv64 = {
+++ .token = SCMP_ARCH_RISCV64,
+++ .token_bpf = AUDIT_ARCH_RISCV64,
+++ .size = ARCH_SIZE_64,
+++ .endian = ARCH_ENDIAN_LITTLE,
+++ .syscall_resolve_name = riscv64_syscall_resolve_name,
+++ .syscall_resolve_num = riscv64_syscall_resolve_num,
+++ .syscall_rewrite = NULL,
+++ .rule_add = NULL,
+++};
++diff --git a/src/arch-riscv64.h b/src/arch-riscv64.h
++new file mode 100644
++index 0000000..16fca6b
++--- /dev/null
+++++ b/src/arch-riscv64.h
++@@ -0,0 +1,30 @@
+++/*
+++ * This library is free software; you can redistribute it and/or modify it
+++ * under the terms of version 2.1 of the GNU Lesser General Public License as
+++ * published by the Free Software Foundation.
+++ *
+++ * This library is distributed in the hope that it will be useful, but WITHOUT
+++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+++ * for more details.
+++ *
+++ * You should have received a copy of the GNU Lesser General Public License
+++ * along with this library; if not, see <http://www.gnu.org/licenses>.
+++ */
+++
+++#ifndef _ARCH_RISCV64_H
+++#define _ARCH_RISCV64_H
+++
+++#include <inttypes.h>
+++
+++#include "arch.h"
+++#include "system.h"
+++
+++extern const struct arch_def arch_def_riscv64;
+++
+++int riscv64_syscall_resolve_name(const char *name);
+++const char *riscv64_syscall_resolve_num(int num);
+++
+++const struct arch_syscall_def *riscv64_syscall_iterate(unsigned int spot);
+++
+++#endif
++diff --git a/src/arch.c b/src/arch.c
++index bfa664f..83c2c9b 100644
++--- a/src/arch.c
+++++ b/src/arch.c
++@@ -41,6 +41,7 @@
++ #include "arch-parisc.h"
++ #include "arch-ppc.h"
++ #include "arch-ppc64.h"
+++#include "arch-riscv64.h"
++ #include "arch-s390.h"
++ #include "arch-s390x.h"
++ #include "db.h"
++@@ -94,6 +95,8 @@ const struct arch_def *arch_def_native = &arch_def_ppc;
++ const struct arch_def *arch_def_native = &arch_def_s390x;
++ #elif __s390__
++ const struct arch_def *arch_def_native = &arch_def_s390;
+++#elif __riscv && __riscv_xlen == 64
+++const struct arch_def *arch_def_native = &arch_def_riscv64;
++ #else
++ #error the arch code needs to know about your machine type
++ #endif /* machine type guess */
++@@ -156,6 +159,8 @@ const struct arch_def *arch_def_lookup(uint32_t token)
++ return &arch_def_s390;
++ case SCMP_ARCH_S390X:
++ return &arch_def_s390x;
+++ case SCMP_ARCH_RISCV64:
+++ return &arch_def_riscv64;
++ }
++
++ return NULL;
++@@ -206,6 +211,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
++ return &arch_def_s390;
++ else if (strcmp(arch_name, "s390x") == 0)
++ return &arch_def_s390x;
+++ else if (strcmp(arch_name, "riscv64") == 0)
+++ return &arch_def_riscv64;
++
++ return NULL;
++ }
++diff --git a/src/gen_pfc.c b/src/gen_pfc.c
++index 75d8507..8186f0d 100644
++--- a/src/gen_pfc.c
+++++ b/src/gen_pfc.c
++@@ -87,6 +87,8 @@ static const char *_pfc_arch(const struct arch_def *arch)
++ return "s390x";
++ case SCMP_ARCH_S390:
++ return "s390";
+++ case SCMP_ARCH_RISCV64:
+++ return "riscv64";
++ default:
++ return "UNKNOWN";
++ }
++diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
++index 8ae84d9..f1194b6 100644
++--- a/src/python/libseccomp.pxd
+++++ b/src/python/libseccomp.pxd
++@@ -51,6 +51,7 @@ cdef extern from "seccomp.h":
++ SCMP_ARCH_PPC64LE
++ SCMP_ARCH_S390
++ SCMP_ARCH_S390X
+++ SCMP_ARCH_RISCV64
++
++ cdef enum scmp_filter_attr:
++ SCMP_FLTATR_ACT_DEFAULT
++diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
++index 44e4925..113fbf4 100644
++--- a/src/python/seccomp.pyx
+++++ b/src/python/seccomp.pyx
++@@ -214,6 +214,7 @@ cdef class Arch:
++ PARISC64 - 64-bit PA-RISC
++ PPC64 - 64-bit PowerPC
++ PPC - 32-bit PowerPC
+++ RISCV64 - 64-bit RISC-V
++ """
++
++ cdef int _token
++@@ -237,6 +238,7 @@ cdef class Arch:
++ PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
++ S390 = libseccomp.SCMP_ARCH_S390
++ S390X = libseccomp.SCMP_ARCH_S390X
+++ RISCV64 = libseccomp.SCMP_ARCH_RISCV64
++
++ def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
++ """ Initialize the architecture object.
++diff --git a/src/system.c b/src/system.c
++index 8e5aafc..bcd7e3c 100644
++--- a/src/system.c
+++++ b/src/system.c
++@@ -80,6 +80,7 @@ int sys_chk_seccomp_syscall(void)
++ case SCMP_ARCH_PPC64LE:
++ case SCMP_ARCH_S390:
++ case SCMP_ARCH_S390X:
+++ case SCMP_ARCH_RISCV64:
++ break;
++ default:
++ goto unsupported;
++diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c
++index 0c1eefe..2679270 100644
++--- a/tests/15-basic-resolver.c
+++++ b/tests/15-basic-resolver.c
++@@ -45,6 +45,7 @@ unsigned int arch_list[] = {
++ SCMP_ARCH_S390X,
++ SCMP_ARCH_PARISC,
++ SCMP_ARCH_PARISC64,
+++ SCMP_ARCH_RISCV64,
++ -1
++ };
++
++diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c
++index 5413e18..0b141e1 100644
++--- a/tests/16-sim-arch_basic.c
+++++ b/tests/16-sim-arch_basic.c
++@@ -90,6 +90,9 @@ int main(int argc, char *argv[])
++ if (rc != 0)
++ goto out;
++ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
+++ if (rc != 0)
+++ goto out;
+++ rc = seccomp_arch_add(ctx, SCMP_ARCH_RISCV64);
++ if (rc != 0)
++ goto out;
++
++@@ -156,6 +159,9 @@ int main(int argc, char *argv[])
++ rc = seccomp_arch_remove(ctx, SCMP_ARCH_PPC64LE);
++ if (rc != 0)
++ goto out;
+++ rc = seccomp_arch_remove(ctx, SCMP_ARCH_RISCV64);
+++ if (rc != 0)
+++ goto out;
++
++ out:
++ seccomp_release(ctx);
++diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py
++index 7d7a05f..846553f 100755
++--- a/tests/16-sim-arch_basic.py
+++++ b/tests/16-sim-arch_basic.py
++@@ -44,6 +44,7 @@ def test(args):
++ f.add_arch(Arch("mipsel64"))
++ f.add_arch(Arch("mipsel64n32"))
++ f.add_arch(Arch("ppc64le"))
+++ f.add_arch(Arch("riscv64"))
++ f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
++ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
++ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
++diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c
++index 5672980..32739e5 100644
++--- a/tests/23-sim-arch_all_le_basic.c
+++++ b/tests/23-sim-arch_all_le_basic.c
++@@ -69,6 +69,9 @@ int main(int argc, char *argv[])
++ if (rc != 0)
++ goto out;
++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
+++ if (rc != 0)
+++ goto out;
+++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("riscv64"));
++ if (rc != 0)
++ goto out;
++
++diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py
++index 5927f37..33eedb1 100755
++--- a/tests/23-sim-arch_all_le_basic.py
+++++ b/tests/23-sim-arch_all_le_basic.py
++@@ -40,6 +40,7 @@ def test(args):
++ f.add_arch(Arch("mipsel64"))
++ f.add_arch(Arch("mipsel64n32"))
++ f.add_arch(Arch("ppc64le"))
+++ f.add_arch(Arch("riscv64"))
++ f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
++ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
++ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
++diff --git a/tests/regression b/tests/regression
++index 56822fb..ef98c3d 100755
++--- a/tests/regression
+++++ b/tests/regression
++@@ -25,7 +25,8 @@ GLBL_ARCH_LE_SUPPORT=" \
++ x86 x86_64 x32 \
++ arm aarch64 \
++ mipsel mipsel64 mipsel64n32 \
++- ppc64le"
+++ ppc64le \
+++ riscv64"
++ GLBL_ARCH_BE_SUPPORT=" \
++ mips mips64 mips64n32 \
++ parisc parisc64 \
++@@ -46,6 +47,7 @@ GLBL_ARCH_64B_SUPPORT=" \
++ mips64 \
++ parisc64 \
++ ppc64 \
+++ riscv64 \
++ s390x"
++
++ GLBL_SYS_ARCH="../tools/scmp_arch_detect"
++@@ -777,7 +779,7 @@ function run_test_live() {
++
++ # setup the arch specific return values
++ case "$arch" in
++- x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x)
+++ x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64)
++ rc_kill_process=159
++ rc_kill=159
++ rc_allow=160
++diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
++index ad43f2d..b844a68 100644
++--- a/tools/scmp_arch_detect.c
+++++ b/tools/scmp_arch_detect.c
++@@ -120,6 +120,9 @@ int main(int argc, char *argv[])
++ case SCMP_ARCH_S390X:
++ printf("s390x\n");
++ break;
+++ case SCMP_ARCH_RISCV64:
+++ printf("riscv64\n");
+++ break;
++ default:
++ printf("unknown\n");
++ }
++diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
++index 27fba9a..5c914b4 100644
++--- a/tools/scmp_bpf_disasm.c
+++++ b/tools/scmp_bpf_disasm.c
++@@ -508,6 +508,8 @@ int main(int argc, char *argv[])
++ arch = AUDIT_ARCH_S390;
++ else if (strcmp(optarg, "s390x") == 0)
++ arch = AUDIT_ARCH_S390X;
+++ else if (strcmp(optarg, "riscv64") == 0)
+++ arch = AUDIT_ARCH_RISCV64;
++ else
++ exit_usage(argv[0]);
++ break;
++diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
++index 4d30822..a381314 100644
++--- a/tools/scmp_bpf_sim.c
+++++ b/tools/scmp_bpf_sim.c
++@@ -285,6 +285,8 @@ int main(int argc, char *argv[])
++ arch = AUDIT_ARCH_S390;
++ else if (strcmp(optarg, "s390x") == 0)
++ arch = AUDIT_ARCH_S390X;
+++ else if (strcmp(optarg, "riscv64") == 0)
+++ arch = AUDIT_ARCH_RISCV64;
++ else
++ exit_fault(EINVAL);
++ break;
++diff --git a/tools/util.c b/tools/util.c
++index 7122335..741b2a2 100644
++--- a/tools/util.c
+++++ b/tools/util.c
++@@ -78,6 +78,8 @@
++ #define ARCH_NATIVE AUDIT_ARCH_S390X
++ #elif __s390__
++ #define ARCH_NATIVE AUDIT_ARCH_S390
+++#elif __riscv && __riscv_xlen == 64
+++#define ARCH_NATIVE AUDIT_ARCH_RISCV64
++ #else
++ #error the simulator code needs to know about your machine type
++ #endif
++diff --git a/tools/util.h b/tools/util.h
++index 08c4839..6c2ca33 100644
++--- a/tools/util.h
+++++ b/tools/util.h
++@@ -72,6 +72,13 @@
++ #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
++ #endif
++
+++#ifndef AUDIT_ARCH_RISCV64
+++#ifndef EM_RISCV
+++#define EM_RISCV 243
+++#endif /* EM_RISCV */
+++#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+++#endif /* AUDIT_ARCH_RISCV64 */
+++
++ extern uint32_t arch;
++
++ uint16_t ttoh16(uint32_t arch, uint16_t val);
projects / libseccomp.git / commitdiff