--- /dev/null
+libseccomp (2.4.3-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Drop patches that have been applied upstream:
+ - tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch
+ - api_define__SNR_ppoll_again.patch
+ * Cherry-pick support for the riscv64 architecture. (Closes: #952386)
+ - Add riscv64_support.patch
+
+ -- Felix Geyer <fgeyer@debian.org> Thu, 12 Mar 2020 23:35:13 +0100
+
+libseccomp (2.4.2-2) unstable; urgency=medium
+
+ [ Christian Ehrhardt ]
+ * d/rules: fix potential FTFBS after full python3 switch
+ * d/t/control: drop python2 test following the removal of the package
+
+ [ Felix Geyer ]
+ * Remove build-dependency on valgrind for mips64el as it's broken there.
+ * Backport patch to define __SNR_ppoll again.
+ - Add api_define__SNR_ppoll_again.patch
+ * Replace custom patch for cython3 with the upstream fix.
+
+ -- Felix Geyer <fgeyer@debian.org> Fri, 15 Nov 2019 18:12:53 +0100
+
+libseccomp (2.4.2-1) unstable; urgency=medium
+
+ [ Christian Ehrhardt ]
+ * New upstream release 2.4.2 for compatibility with newer kernels and
+ fixing FTBFS (LP: #1849785).
+ - drop d/p/python_install_dir.patch (now upstream)
+ - d/rules: adapt to python 3.8 lacking the m modifier on includes
+ see https://wiki.debian.org/Python/Python3.8
+ - d/p/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch: fix
+ build time test on arm64
+
+ [ Felix Geyer ]
+ * Drop Python 2 bindings. (Closes: #936917)
+ - Add cython3.patch to use the Python 3 cython variant.
+
+ -- Felix Geyer <fgeyer@debian.org> Wed, 13 Nov 2019 00:00:49 +0100
+
+libseccomp (2.4.1-2) unstable; urgency=medium
+
+ * Remove build-dependency on valgrind for mipsel and x32 as it's broken
+ on those archs.
+ * Set Rules-Requires-Root: no.
+
+ -- Felix Geyer <fgeyer@debian.org> Fri, 19 Jul 2019 00:03:34 +0200
+
+libseccomp (2.4.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Addresses CVE-2019-9893 (Closes: #924646)
+ * Drop all patches for parisc arch support, merged upstream.
+ * Build-depend on valgrind to run more unit tests.
+ * Run dh_auto_configure for every python 3 version to install the extension
+ in the correct path.
+ * Update the symbols file.
+ * Adapt autopkgtest to new upstream version:
+ - Build against pthread
+ - Build scmp_api_level tool
+ * Upgrade to debhelper compat level 12.
+ - Add d/not-installed file
+ * Fix install path of the python module.
+ - Add python_install_dir.patch
+ * Add autopkgtest for python packages.
+
+ -- Felix Geyer <fgeyer@debian.org> Wed, 17 Jul 2019 23:23:28 +0200
+
+libseccomp (2.3.3-4) unstable; urgency=medium
+
+ [ Ondřej Nový ]
+ * d/copyright: Change Format URL to correct one
+
+ [ Helmut Grohne ]
+ * Fix FTCBFS: (Closes: #903556)
+ + Multiarchify python Build-Depends.
+ + Annotate cython dependencies with :native for now.
+ + Drop noop dh_auto_build invocations.
+ + Pass a suitable PYTHONPATH for python2.
+ + Pass _PYTHON_SYSCONFIGDATA_NAME for python3.
+
+ -- Felix Geyer <fgeyer@debian.org> Sun, 10 Feb 2019 12:25:44 +0100
+
+libseccomp (2.3.3-3) unstable; urgency=medium
+
+ * Fix FTBFS: Adapt to renamed README file. (Closes: #902767)
+
+ -- Felix Geyer <fgeyer@debian.org> Sun, 01 Jul 2018 20:32:03 +0200
+
+libseccomp (2.3.3-2) unstable; urgency=medium
+
+ [ Helmut Grohne ]
+ * Support the nopython build profile. (Closes: #897057)
+
+ [ Felix Geyer ]
+ * Run upstream "live" tests in an autopkgtest.
+
+ -- Felix Geyer <fgeyer@debian.org> Sun, 13 May 2018 09:53:08 +0200
+
+libseccomp (2.3.3-1) unstable; urgency=medium
+
+ * New upstream release. (Closes: #895417)
+ - Adds pkey_mprotect syscall. (Closes: #893722)
+ * Refresh parisc patch.
+ * Move libseccomp2 back to /usr/lib. (Closes: #894988)
+ * Make test failures cause the build to fail. (Closes: 877901)
+ * Build python bindings. (Closes: #810712)
+ * Switch to debhelper compat level 10.
+ * Move git repo to salsa.debian.org
+ * Add myself to Uploaders.
+
+ -- Felix Geyer <fgeyer@debian.org> Sun, 22 Apr 2018 23:55:03 +0200
+
+libseccomp (2.3.1-2.1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Non-maintainer upload with Kees' consent.
+
+ [ Laurent Bigonville ]
+ * Ensure strict enough generated dependencies (Closes: #844496)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 17 Nov 2016 10:16:44 +0100
+
+libseccomp (2.3.1-2) unstable; urgency=medium
+
+ * Add hppa (parisc) support (Closes: #820501)
+
+ -- Luca Bruno <lucab@debian.org> Sat, 28 May 2016 20:05:01 +0200
+
+libseccomp (2.3.1-1) unstable; urgency=medium
+
+ * New upstream release
+ * control: add Vcs-* fields
+
+ -- Luca Bruno <lucab@debian.org> Tue, 05 Apr 2016 22:16:55 +0200
+
+libseccomp (2.3.0-1) unstable; urgency=medium
+
+ * New upstream release
+ + drop all patches, applied upstream
+ * libseccomp2: update symbols file
+ * control: add myself to uploaders
+ * control: bump policy version
+
+ -- Luca Bruno <lucab@debian.org> Sun, 03 Apr 2016 00:31:09 +0200
+
+libseccomp (2.2.3-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/patches/add-x86-32bit-socket-calls.patch: add the newly
+ connected direct socket calls. (Closes: #809556)
+ * debian/add-membarrier.patch: add membarrier syscall.
+ * Backport patches for ppc/ppc64 and s390x. (Closes: #800818)
+
+ -- Kees Cook <kees@debian.org> Tue, 01 Sep 2015 15:37:31 -0700
+
+libseccomp (2.2.3-2) unstable; urgency=medium
+
+ * debian/control: enable mips64, mips64el, and x32 architectures,
+ thanks to Helmut Grohne (Closes: 797383).
+
+ -- Kees Cook <kees@debian.org> Tue, 01 Sep 2015 15:37:31 -0700
+
+libseccomp (2.2.3-1) unstable; urgency=medium
+
+ * New upstream release (Closes: 793032).
+ * debian/control: update Homepage (Closes: 793033).
+
+ -- Kees Cook <kees@debian.org> Mon, 03 Aug 2015 15:06:08 -0700
+
+libseccomp (2.2.1-2) unstable; urgency=medium
+
+ * debian/{rules,*.install}: move to /lib, thanks to Michael Biebl
+ (Closes: 788923).
+
+ -- Kees Cook <kees@debian.org> Tue, 16 Jun 2015 12:45:08 -0700
+
+libseccomp (2.2.1-1) unstable; urgency=medium
+
+ * New upstream release (Closes: 785428).
+ - debian/patches dropped: incorporated upstream.
+ * debian/libseccomp2.symbols: include only documented symbols.
+ * debian/libseccomp-dev.install: include static library (Closes: 698508).
+ * debian/control:
+ - add newly supported arm64, mips, and mipsel.
+ - bump standards version, no changes needed.
+
+ -- Kees Cook <kees@debian.org> Sat, 16 May 2015 08:15:26 -0700
+
+libseccomp (2.1.1-1) unstable; urgency=low
+
+ * New upstream release (Closes: 733293).
+ * copyright: add a few missed people.
+ * rules: adjusted for new test target.
+ * libseccomp2.symbols: drop accidentally exported functions.
+ * control:
+ - bump standards, no changes needed.
+ - add armel target
+
+ -- Kees Cook <kees@debian.org> Sat, 12 Apr 2014 10:44:22 -0700
+
+libseccomp (2.1.0+dfsg-1) unstable; urgency=low
+
+ * Rebuild source package without accidental binaries (Closes: 725617).
+ - debian/watch: mangle upstream version check.
+ * debian/rules: make tests non-fatal while upstream fixes them
+ (Closes: 721292).
+
+ -- Kees Cook <kees@debian.org> Sun, 06 Oct 2013 15:05:51 -0700
+
+libseccomp (2.1.0-1) unstable; urgency=low
+
+ * New upstream release (Closes: 718398):
+ - dropped debian/patches/manpage-dashes.patch: taken upstream.
+ - dropped debian/patches/include-unistd.patch: not needed.
+ - debian/patches/testsuite-x86-write.patch: taken upstream.
+ - ABI bump: moved from libseccomp1 to libseccomp2.
+ * debian/control:
+ - added Arch: armhf, now supported upstream.
+ - added seccomp binary package for helper tools.
+ * Added debian/patches/manpage-typo.patch: spelling fix.
+ * Added debian/patches/build-ldflags.patch: fix LDFLAGS handling.
+
+ -- Kees Cook <kees@debian.org> Tue, 13 Aug 2013 00:02:01 -0700
+
+libseccomp (1.0.1-2) unstable; urgency=low
+
+ * debian/rules: enable testsuite at build time, thanks to
+ Stéphane Graber (Closes: 698803).
+ * Added debian/patches/include-unistd.patch: detect location of
+ asm/unistd.h correctly.
+ * Added debian/patches/testsuite-x86-write.patch: skip the "write"
+ syscall correctly on x86.
+ * debian/control: bump standards to 3.9.4, no changes needed.
+
+ -- Kees Cook <kees@debian.org> Wed, 23 Jan 2013 13:11:53 -0800
+
+libseccomp (1.0.1-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/control: only build on amd64 and i386 (Closes: 687368).
+
+ -- Kees Cook <kees@debian.org> Fri, 07 Dec 2012 11:38:03 -0800
+
+libseccomp (1.0.0-1) unstable; urgency=low
+
+ * New upstream release.
+ - bump ABI.
+ - drop build verbosity patch, use upstream V=1 instead.
+ * libseccomp-dev.manpages: fix build location (Closes: 682152, 682471).
+ * debian/patches/pkgconfig-macro.patch: use literals for macro.
+
+ -- Kees Cook <kees@debian.org> Fri, 03 Aug 2012 16:59:41 -0700
+
+libseccomp (0.1.0-1) unstable; urgency=low
+
+ * New upstream release.
+ - drop patches taken upstream:
+ - libexecdir.patch
+ - pass-flags.patch
+
+ -- Kees Cook <kees@debian.org> Fri, 08 Jun 2012 12:32:22 -0700
+
+libseccomp (0.0.0~20120605-1) unstable; urgency=low
+
+ * Initial release (Closes: #676257).
+
+ -- Kees Cook <kees@debian.org> Tue, 05 Jun 2012 11:28:07 -0700
--- /dev/null
+From 5432e15521d5ce5a7d3f26bf78674cbaa9d73d1f Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@suse.de>
+Date: Tue, 7 Jan 2020 14:51:19 +0100
+Subject: [PATCH] arch: Add RISC-V 64-bit support
+
+Signed-off-by: Andreas Schwab <schwab@suse.de>
+[PM: minor macro shuffling in seccomp.h.in]
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+---
+ include/seccomp-syscalls.h | 5 +
+ include/seccomp.h.in | 12 +
+ src/Makefile.am | 1 +
+ src/arch-riscv64-syscalls.c | 553 ++++++++++++++++++++++++++++++
+ src/arch-riscv64.c | 31 ++
+ src/arch-riscv64.h | 30 ++
+ src/arch.c | 7 +
+ src/gen_pfc.c | 2 +
+ src/python/libseccomp.pxd | 1 +
+ src/python/seccomp.pyx | 2 +
+ src/system.c | 1 +
+ tests/15-basic-resolver.c | 1 +
+ tests/16-sim-arch_basic.c | 6 +
+ tests/16-sim-arch_basic.py | 1 +
+ tests/23-sim-arch_all_le_basic.c | 3 +
+ tests/23-sim-arch_all_le_basic.py | 1 +
+ tests/regression | 6 +-
+ tools/scmp_arch_detect.c | 3 +
+ tools/scmp_bpf_disasm.c | 2 +
+ tools/scmp_bpf_sim.c | 2 +
+ tools/util.c | 2 +
+ tools/util.h | 7 +
+ 22 files changed, 677 insertions(+), 2 deletions(-)
+ create mode 100644 src/arch-riscv64-syscalls.c
+ create mode 100644 src/arch-riscv64.c
+ create mode 100644 src/arch-riscv64.h
+
+diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
+index 3c958df..d7eb383 100644
+--- a/include/seccomp-syscalls.h
++++ b/include/seccomp-syscalls.h
+@@ -273,6 +273,7 @@
+ #define __PNR_timerfd_settime64 -10239
+ #define __PNR_utimensat_time64 -10240
+ #define __PNR_ppoll -10241
++#define __PNR_renameat -10242
+
+ /*
+ * libseccomp syscall definitions
+@@ -1494,7 +1495,11 @@
+ #define __SNR_rename __PNR_rename
+ #endif
+
++#ifdef __NR_renameat
+ #define __SNR_renameat __NR_renameat
++#else
++#define __SNR_renameat __PNR_renameat
++#endif
+
+ #define __SNR_renameat2 __NR_renameat2
+
+diff --git a/include/seccomp.h.in b/include/seccomp.h.in
+index 42f3a79..208b366 100644
+--- a/include/seccomp.h.in
++++ b/include/seccomp.h.in
+@@ -196,6 +196,18 @@ struct scmp_arg_cmp {
+ #define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC
+ #define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64
+
++/**
++ * The RISC-V architecture tokens
++ */
++/* RISC-V support for audit was merged in 5.0-rc1 */
++#ifndef AUDIT_ARCH_RISCV64
++#ifndef EM_RISCV
++#define EM_RISCV 243
++#endif /* EM_RISCV */
++#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
++#endif /* AUDIT_ARCH_RISCV64 */
++#define SCMP_ARCH_RISCV64 AUDIT_ARCH_RISCV64
++
+ /**
+ * Convert a syscall name into the associated syscall number
+ * @param x the syscall name
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 2e7e38d..47e2f33 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -42,6 +42,7 @@ SOURCES_ALL = \
+ arch-parisc.h arch-parisc.c arch-parisc64.c arch-parisc-syscalls.c \
+ arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
+ arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \
++ arch-riscv64.h arch-riscv64.c arch-riscv64-syscalls.c \
+ arch-s390.h arch-s390.c arch-s390-syscalls.c \
+ arch-s390x.h arch-s390x.c arch-s390x-syscalls.c
+
+diff --git a/src/arch-riscv64-syscalls.c b/src/arch-riscv64-syscalls.c
+new file mode 100644
+index 0000000..ceebece
+--- /dev/null
++++ b/src/arch-riscv64-syscalls.c
+@@ -0,0 +1,553 @@
++/*
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of version 2.1 of the GNU Lesser General Public License as
++ * published by the Free Software Foundation.
++ *
++ * This library is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
++ * for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this library; if not, see <http://www.gnu.org/licenses>.
++ */
++
++#include <string.h>
++
++#include <seccomp.h>
++
++#include "arch.h"
++#include "arch-riscv64.h"
++
++/* NOTE: based on Linux 5.4 */
++const struct arch_syscall_def riscv64_syscall_table[] = { \
++ { "_llseek", __PNR__llseek },
++ { "_newselect", __PNR__newselect },
++ { "_sysctl", __PNR__sysctl },
++ { "accept", 202 },
++ { "accept4", 242 },
++ { "access", __PNR_access },
++ { "acct", 89 },
++ { "add_key", 217 },
++ { "adjtimex", 171 },
++ { "afs_syscall", __PNR_afs_syscall },
++ { "alarm", __PNR_alarm },
++ { "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
++ { "arm_sync_file_range", __PNR_arm_sync_file_range },
++ { "arch_prctl", __PNR_arch_prctl },
++ { "bdflush", __PNR_bdflush },
++ { "bind", 200 },
++ { "bpf", 280 },
++ { "break", __PNR_break },
++ { "breakpoint", __PNR_breakpoint },
++ { "brk", 214 },
++ { "cachectl", __PNR_cachectl },
++ { "cacheflush", __PNR_cacheflush },
++ { "capget", 90 },
++ { "capset", 91 },
++ { "chdir", 49 },
++ { "chmod", __PNR_chmod },
++ { "chown", __PNR_chown },
++ { "chown32", __PNR_chown32 },
++ { "chroot", 51 },
++ { "clock_adjtime", 266 },
++ { "clock_adjtime64", __PNR_clock_adjtime64 },
++ { "clock_getres", 114 },
++ { "clock_getres_time64", __PNR_clock_getres_time64 },
++ { "clock_gettime", 113 },
++ { "clock_gettime64", __PNR_clock_gettime64 },
++ { "clock_nanosleep", 115 },
++ { "clock_nanosleep_time64", __PNR_clock_nanosleep_time64 },
++ { "clock_settime", 112 },
++ { "clock_settime64", __PNR_clock_settime64 },
++ { "clone", 220 },
++ { "clone3", 435 },
++ { "close", 57 },
++ { "connect", 203 },
++ { "copy_file_range", 285 },
++ { "creat", __PNR_creat },
++ { "create_module", __PNR_create_module },
++ { "delete_module", 106 },
++ { "dup", 23 },
++ { "dup2", __PNR_dup2 },
++ { "dup3", 24 },
++ { "epoll_create", __PNR_epoll_create },
++ { "epoll_create1", 20 },
++ { "epoll_ctl", 21 },
++ { "epoll_ctl_old", __PNR_epoll_ctl_old },
++ { "epoll_pwait", 22 },
++ { "epoll_wait", __PNR_epoll_wait },
++ { "epoll_wait_old", __PNR_epoll_wait_old },
++ { "eventfd", __PNR_eventfd },
++ { "eventfd2", 19 },
++ { "execve", 221 },
++ { "execveat", 281 },
++ { "exit", 93 },
++ { "exit_group", 94 },
++ { "faccessat", 48 },
++ { "fadvise64", 223 },
++ { "fadvise64_64", __PNR_fadvise64_64 },
++ { "fallocate", 47 },
++ { "fanotify_init", 262 },
++ { "fanotify_mark", 263 },
++ { "fchdir", 50 },
++ { "fchmod", 52 },
++ { "fchmodat", 53 },
++ { "fchown", 55 },
++ { "fchown32", __PNR_fchown32 },
++ { "fchownat", 54 },
++ { "fcntl", 25 },
++ { "fcntl64", __PNR_fcntl64 },
++ { "fdatasync", 83 },
++ { "fgetxattr", 10 },
++ { "finit_module", 273 },
++ { "flistxattr", 13 },
++ { "flock", 32 },
++ { "fork", __PNR_fork },
++ { "fremovexattr", 16 },
++ { "fsconfig", 431 },
++ { "fsetxattr", 7 },
++ { "fsmount", 432 },
++ { "fsopen", 430 },
++ { "fspick", 433 },
++ { "fstat", 80 },
++ { "fstat64", __PNR_fstat64 },
++ { "fstatat64", __PNR_fstatat64 },
++ { "fstatfs", 44 },
++ { "fstatfs64", __PNR_fstatfs64 },
++ { "fsync", 82 },
++ { "ftime", __PNR_ftime },
++ { "ftruncate", 46 },
++ { "ftruncate64", __PNR_ftruncate64 },
++ { "futex", 98 },
++ { "futex_time64", __PNR_futex_time64 },
++ { "futimesat", __PNR_futimesat },
++ { "get_kernel_syms", __PNR_get_kernel_syms },
++ { "get_mempolicy", 236 },
++ { "get_robust_list", 100 },
++ { "get_thread_area", __PNR_get_thread_area },
++ { "get_tls", __PNR_get_tls },
++ { "getcpu", 168 },
++ { "getcwd", 17 },
++ { "getdents", __PNR_getdents },
++ { "getdents64", 61 },
++ { "getegid", 177 },
++ { "getegid32", __PNR_getegid32 },
++ { "geteuid", 175 },
++ { "geteuid32", __PNR_geteuid32 },
++ { "getgid", 176 },
++ { "getgid32", __PNR_getgid32 },
++ { "getgroups", 158 },
++ { "getgroups32", __PNR_getgroups32 },
++ { "getitimer", 102 },
++ { "getpeername", 205 },
++ { "getpgid", 155 },
++ { "getpgrp", __PNR_getpgrp },
++ { "getpid", 172 },
++ { "getpmsg", __PNR_getpmsg },
++ { "getppid", 173 },
++ { "getpriority", 141 },
++ { "getrandom", 278 },
++ { "getresgid", 150 },
++ { "getresgid32", __PNR_getresgid32 },
++ { "getresuid", 148 },
++ { "getresuid32", __PNR_getresuid32 },
++ { "getrlimit", 163 },
++ { "getrusage", 165 },
++ { "getsid", 156 },
++ { "getsockname", 204 },
++ { "getsockopt", 209 },
++ { "gettid", 178 },
++ { "gettimeofday", 169 },
++ { "getuid", 174 },
++ { "getuid32", __PNR_getuid32 },
++ { "getxattr", 8 },
++ { "gtty", __PNR_gtty },
++ { "idle", __PNR_idle },
++ { "init_module", 105 },
++ { "inotify_add_watch", 27 },
++ { "inotify_init", __PNR_inotify_init },
++ { "inotify_init1", 26 },
++ { "inotify_rm_watch", 28 },
++ { "io_cancel", 3 },
++ { "io_destroy", 1 },
++ { "io_getevents", 4 },
++ { "io_pgetevents", 292 },
++ { "io_pgetevents_time64", __PNR_io_pgetevents_time64 },
++ { "io_setup", 0 },
++ { "io_submit", 2 },
++ { "io_uring_enter", 426 },
++ { "io_uring_register", 427 },
++ { "io_uring_setup", 425 },
++ { "ioctl", 29 },
++ { "ioperm", __PNR_ioperm },
++ { "iopl", __PNR_iopl },
++ { "ioprio_get", 31 },
++ { "ioprio_set", 30 },
++ { "ipc", __PNR_ipc },
++ { "kcmp", 272 },
++ { "kexec_file_load", 294 },
++ { "kexec_load", 104 },
++ { "keyctl", 219 },
++ { "kill", 129 },
++ { "lchown", __PNR_lchown },
++ { "lchown32", __PNR_lchown32 },
++ { "lgetxattr", 9 },
++ { "link", __PNR_link },
++ { "linkat", 37 },
++ { "listen", 201 },
++ { "listxattr", 11 },
++ { "llistxattr", 12 },
++ { "lock", __PNR_lock },
++ { "lookup_dcookie", 18 },
++ { "lremovexattr", 15 },
++ { "lseek", 62 },
++ { "lsetxattr", 6 },
++ { "lstat", __PNR_lstat },
++ { "lstat64", __PNR_lstat64 },
++ { "madvise", 233 },
++ { "mbind", 235 },
++ { "membarrier", 283 },
++ { "memfd_create", 279 },
++ { "migrate_pages", 238 },
++ { "mincore", 232 },
++ { "mkdir", __PNR_mkdir },
++ { "mkdirat", 34 },
++ { "mknod", __PNR_mknod },
++ { "mknodat", 33 },
++ { "mlock", 228 },
++ { "mlock2", 284 },
++ { "mlockall", 230 },
++ { "mmap", 222 },
++ { "mmap2", __PNR_mmap2 },
++ { "modify_ldt", __PNR_modify_ldt },
++ { "mount", 40 },
++ { "move_mount", 429 },
++ { "move_pages", 239 },
++ { "mprotect", 226 },
++ { "mpx", __PNR_mpx },
++ { "mq_getsetattr", 185 },
++ { "mq_notify", 184 },
++ { "mq_open", 180 },
++ { "mq_timedreceive", 183 },
++ { "mq_timedreceive_time64", __PNR_mq_timedreceive_time64 },
++ { "mq_timedsend", 182 },
++ { "mq_timedsend_time64", __PNR_mq_timedsend_time64 },
++ { "mq_unlink", 181 },
++ { "mremap", 216 },
++ { "msgctl", 187 },
++ { "msgget", 186 },
++ { "msgrcv", 188 },
++ { "msgsnd", 189 },
++ { "msync", 227 },
++ { "multiplexer", __PNR_multiplexer },
++ { "munlock", 229 },
++ { "munlockall", 231 },
++ { "munmap", 215 },
++ { "name_to_handle_at", 264 },
++ { "nanosleep", 101 },
++ { "newfstatat", 79 },
++ { "nfsservctl", 42 },
++ { "nice", __PNR_nice },
++ { "oldfstat", __PNR_oldfstat },
++ { "oldlstat", __PNR_oldlstat },
++ { "oldolduname", __PNR_oldolduname },
++ { "oldstat", __PNR_oldstat },
++ { "olduname", __PNR_olduname },
++ { "oldwait4", __PNR_oldwait4 },
++ { "open", __PNR_open },
++ { "open_by_handle_at", 265 },
++ { "open_tree", 428 },
++ { "openat", 56 },
++ { "pause", __PNR_pause },
++ { "pciconfig_iobase", __PNR_pciconfig_iobase },
++ { "pciconfig_read", __PNR_pciconfig_read },
++ { "pciconfig_write", __PNR_pciconfig_write },
++ { "perf_event_open", 241 },
++ { "personality", 92 },
++ { "pidfd_open", 434 },
++ { "pidfd_send_signal", 424 },
++ { "pipe", __PNR_pipe },
++ { "pipe2", 59 },
++ { "pivot_root", 41 },
++ { "pkey_alloc", 289 },
++ { "pkey_free", 290 },
++ { "pkey_mprotect", 288 },
++ { "poll", __PNR_poll },
++ { "ppoll", 73 },
++ { "ppoll_time64", __PNR_ppoll_time64 },
++ { "prctl", 167 },
++ { "pread64", 67 },
++ { "preadv", 69 },
++ { "preadv2", 286 },
++ { "prlimit64", 261 },
++ { "process_vm_readv", 270 },
++ { "process_vm_writev", 271 },
++ { "prof", __PNR_prof },
++ { "profil", __PNR_profil },
++ { "pselect6", 72 },
++ { "pselect6_time64", __PNR_pselect6_time64 },
++ { "ptrace", 117 },
++ { "putpmsg", __PNR_putpmsg },
++ { "pwrite64", 68 },
++ { "pwritev", 70 },
++ { "pwritev2", 287 },
++ { "query_module", __PNR_query_module },
++ { "quotactl", 60 },
++ { "read", 63 },
++ { "readahead", 213 },
++ { "readdir", __PNR_readdir },
++ { "readlink", __PNR_readlink },
++ { "readlinkat", 78 },
++ { "readv", 65 },
++ { "reboot", 142 },
++ { "recv", __PNR_recv },
++ { "recvfrom", 207 },
++ { "recvmmsg", 243 },
++ { "recvmmsg_time64", __PNR_recvmmsg_time64 },
++ { "recvmsg", 212 },
++ { "remap_file_pages", 234 },
++ { "removexattr", 14 },
++ { "rename", __PNR_rename },
++ { "renameat", __PNR_renameat },
++ { "renameat2", 276 },
++ { "request_key", 218 },
++ { "restart_syscall", 128 },
++ { "rmdir", __PNR_rmdir },
++ { "riscv_flush_icache", 244 },
++ { "rseq", 293 },
++ { "rt_sigaction", 134 },
++ { "rt_sigpending", 136 },
++ { "rt_sigprocmask", 135 },
++ { "rt_sigqueueinfo", 138 },
++ { "rt_sigreturn", 139 },
++ { "rt_sigsuspend", 133 },
++ { "rt_sigtimedwait", 137 },
++ { "rt_sigtimedwait_time64", __PNR_rt_sigtimedwait_time64 },
++ { "rt_tgsigqueueinfo", 240 },
++ { "rtas", __PNR_rtas },
++ { "s390_guarded_storage", __PNR_s390_guarded_storage },
++ { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
++ { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
++ { "s390_runtime_instr", __PNR_s390_runtime_instr },
++ { "s390_sthyi", __PNR_s390_sthyi },
++ { "sched_get_priority_max", 125 },
++ { "sched_get_priority_min", 126 },
++ { "sched_getaffinity", 123 },
++ { "sched_getattr", 275 },
++ { "sched_getparam", 121 },
++ { "sched_getscheduler", 120 },
++ { "sched_rr_get_interval", 127 },
++ { "sched_rr_get_interval_time64", __PNR_sched_rr_get_interval_time64 },
++ { "sched_setaffinity", 122 },
++ { "sched_setattr", 274 },
++ { "sched_setparam", 118 },
++ { "sched_setscheduler", 119 },
++ { "sched_yield", 124 },
++ { "seccomp", 277 },
++ { "security", __PNR_security },
++ { "select", __PNR_select },
++ { "semctl", 191 },
++ { "semget", 190 },
++ { "semop", 193 },
++ { "semtimedop", 192 },
++ { "semtimedop_time64", __PNR_semtimedop_time64 },
++ { "send", __PNR_send },
++ { "sendfile", 71 },
++ { "sendfile64", __PNR_sendfile64 },
++ { "sendmmsg", 269 },
++ { "sendmsg", 211 },
++ { "sendto", 206 },
++ { "set_mempolicy", 237 },
++ { "set_robust_list", 99 },
++ { "set_thread_area", __PNR_set_thread_area },
++ { "set_tid_address", 96 },
++ { "set_tls", __PNR_set_tls },
++ { "setdomainname", 162 },
++ { "setfsgid", 152 },
++ { "setfsgid32", __PNR_setfsgid32 },
++ { "setfsuid", 151 },
++ { "setfsuid32", __PNR_setfsuid32 },
++ { "setgid", 144 },
++ { "setgid32", __PNR_setgid32 },
++ { "setgroups", 159 },
++ { "setgroups32", __PNR_setgroups32 },
++ { "sethostname", 161 },
++ { "setitimer", 103 },
++ { "setns", 268 },
++ { "setpgid", 154 },
++ { "setpriority", 140 },
++ { "setregid", 143 },
++ { "setregid32", __PNR_setregid32 },
++ { "setresgid", 149 },
++ { "setresgid32", __PNR_setresgid32 },
++ { "setresuid", 147 },
++ { "setresuid32", __PNR_setresuid32 },
++ { "setreuid", 145 },
++ { "setreuid32", __PNR_setreuid32 },
++ { "setrlimit", 164 },
++ { "setsid", 157 },
++ { "setsockopt", 208 },
++ { "settimeofday", 170 },
++ { "setuid", 146 },
++ { "setuid32", __PNR_setuid32 },
++ { "setxattr", 5 },
++ { "sgetmask", __PNR_sgetmask },
++ { "shmat", 196 },
++ { "shmctl", 195 },
++ { "shmdt", 197 },
++ { "shmget", 194 },
++ { "shutdown", 210 },
++ { "sigaction", __PNR_sigaction },
++ { "sigaltstack", 132 },
++ { "signal", __PNR_signal },
++ { "signalfd", __PNR_signalfd },
++ { "signalfd4", 74 },
++ { "sigpending", __PNR_sigpending },
++ { "sigprocmask", __PNR_sigprocmask },
++ { "sigreturn", __PNR_sigreturn },
++ { "sigsuspend", __PNR_sigsuspend },
++ { "socket", 198 },
++ { "socketcall", __PNR_socketcall },
++ { "socketpair", 199 },
++ { "splice", 76 },
++ { "spu_create", __PNR_spu_create },
++ { "spu_run", __PNR_spu_run },
++ { "ssetmask", __PNR_ssetmask },
++ { "stat", __PNR_stat },
++ { "stat64", __PNR_stat64 },
++ { "statfs", 43 },
++ { "statfs64", __PNR_statfs64 },
++ { "statx", 291 },
++ { "stime", __PNR_stime },
++ { "stty", __PNR_stty },
++ { "subpage_prot", __PNR_subpage_prot },
++ { "swapcontext", __PNR_swapcontext },
++ { "swapoff", 225 },
++ { "swapon", 224 },
++ { "switch_endian", __PNR_switch_endian },
++ { "symlink", __PNR_symlink },
++ { "symlinkat", 36 },
++ { "sync", 81 },
++ { "sync_file_range", 84 },
++ { "sync_file_range2", __PNR_sync_file_range2 },
++ { "syncfs", 267 },
++ { "syscall", __PNR_syscall },
++ { "sys_debug_setcontext", __PNR_sys_debug_setcontext },
++ { "sysfs", __PNR_sysfs },
++ { "sysinfo", 179 },
++ { "syslog", 116 },
++ { "sysmips", __PNR_sysmips },
++ { "tee", 77 },
++ { "tgkill", 131 },
++ { "time", __PNR_time },
++ { "timer_create", 107 },
++ { "timer_delete", 111 },
++ { "timer_getoverrun", 109 },
++ { "timer_gettime", 108 },
++ { "timer_gettime64", __PNR_timer_gettime64 },
++ { "timer_settime", 110 },
++ { "timer_settime64", __PNR_timer_settime64 },
++ { "timerfd", __PNR_timerfd },
++ { "timerfd_create", 85 },
++ { "timerfd_gettime", 87 },
++ { "timerfd_gettime64", __PNR_timerfd_gettime64 },
++ { "timerfd_settime", 86 },
++ { "timerfd_settime64", __PNR_timerfd_settime64 },
++ { "times", 153 },
++ { "tkill", 130 },
++ { "truncate", 45 },
++ { "truncate64", __PNR_truncate64 },
++ { "tuxcall", __PNR_tuxcall },
++ { "ugetrlimit", __PNR_ugetrlimit },
++ { "ulimit", __PNR_ulimit },
++ { "umask", 166 },
++ { "umount", __PNR_umount },
++ { "umount2", 39 },
++ { "uname", 160 },
++ { "unlink", __PNR_unlink },
++ { "unlinkat", 35 },
++ { "unshare", 97 },
++ { "uselib", __PNR_uselib },
++ { "userfaultfd", 282 },
++ { "usr26", __PNR_usr26 },
++ { "usr32", __PNR_usr32 },
++ { "ustat", __PNR_ustat },
++ { "utime", __PNR_utime },
++ { "utimensat", 88 },
++ { "utimensat_time64", __PNR_utimensat_time64 },
++ { "utimes", __PNR_utimes },
++ { "vfork", __PNR_vfork },
++ { "vhangup", 58 },
++ { "vm86", __PNR_vm86 },
++ { "vm86old", __PNR_vm86old },
++ { "vmsplice", 75 },
++ { "vserver", __PNR_vserver },
++ { "wait4", 260 },
++ { "waitid", 95 },
++ { "waitpid", __PNR_waitpid },
++ { "write", 64 },
++ { "writev", 66 },
++ { NULL, __NR_SCMP_ERROR },
++};
++
++/**
++ * Resolve a syscall name to a number
++ * @param name the syscall name
++ *
++ * Resolve the given syscall name to the syscall number using the syscall table.
++ * Returns the syscall number on success, including negative pseudo syscall
++ * numbers; returns __NR_SCMP_ERROR on failure.
++ *
++ */
++int riscv64_syscall_resolve_name(const char *name)
++{
++ unsigned int iter;
++ const struct arch_syscall_def *table = riscv64_syscall_table;
++
++ /* XXX - plenty of room for future improvement here */
++ for (iter = 0; table[iter].name != NULL; iter++) {
++ if (strcmp(name, table[iter].name) == 0)
++ return table[iter].num;
++ }
++
++ return __NR_SCMP_ERROR;
++}
++
++/**
++ * Resolve a syscall number to a name
++ * @param num the syscall number
++ *
++ * Resolve the given syscall number to the syscall name using the syscall table.
++ * Returns a pointer to the syscall name string on success, including pseudo
++ * syscall names; returns NULL on failure.
++ *
++ */
++const char *riscv64_syscall_resolve_num(int num)
++{
++ unsigned int iter;
++ const struct arch_syscall_def *table = riscv64_syscall_table;
++
++ /* XXX - plenty of room for future improvement here */
++ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
++ if (num == table[iter].num)
++ return table[iter].name;
++ }
++
++ return NULL;
++}
++
++
++/**
++ * Iterate through the syscall table and return the syscall mapping
++ * @param spot the offset into the syscall table
++ *
++ * Return the syscall mapping at position @spot or NULL on failure. This
++ * function should only ever be used internally by libseccomp.
++ *
++ */
++const struct arch_syscall_def *riscv64_syscall_iterate(unsigned int spot)
++{
++ /* XXX - no safety checks here */
++ return &riscv64_syscall_table[spot];
++}
+diff --git a/src/arch-riscv64.c b/src/arch-riscv64.c
+new file mode 100644
+index 0000000..67bc926
+--- /dev/null
++++ b/src/arch-riscv64.c
+@@ -0,0 +1,31 @@
++/*
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of version 2.1 of the GNU Lesser General Public License as
++ * published by the Free Software Foundation.
++ *
++ * This library is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
++ * for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this library; if not, see <http://www.gnu.org/licenses>.
++ */
++
++#include <stdlib.h>
++#include <errno.h>
++#include <linux/audit.h>
++
++#include "arch.h"
++#include "arch-riscv64.h"
++
++const struct arch_def arch_def_riscv64 = {
++ .token = SCMP_ARCH_RISCV64,
++ .token_bpf = AUDIT_ARCH_RISCV64,
++ .size = ARCH_SIZE_64,
++ .endian = ARCH_ENDIAN_LITTLE,
++ .syscall_resolve_name = riscv64_syscall_resolve_name,
++ .syscall_resolve_num = riscv64_syscall_resolve_num,
++ .syscall_rewrite = NULL,
++ .rule_add = NULL,
++};
+diff --git a/src/arch-riscv64.h b/src/arch-riscv64.h
+new file mode 100644
+index 0000000..16fca6b
+--- /dev/null
++++ b/src/arch-riscv64.h
+@@ -0,0 +1,30 @@
++/*
++ * This library is free software; you can redistribute it and/or modify it
++ * under the terms of version 2.1 of the GNU Lesser General Public License as
++ * published by the Free Software Foundation.
++ *
++ * This library is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
++ * for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this library; if not, see <http://www.gnu.org/licenses>.
++ */
++
++#ifndef _ARCH_RISCV64_H
++#define _ARCH_RISCV64_H
++
++#include <inttypes.h>
++
++#include "arch.h"
++#include "system.h"
++
++extern const struct arch_def arch_def_riscv64;
++
++int riscv64_syscall_resolve_name(const char *name);
++const char *riscv64_syscall_resolve_num(int num);
++
++const struct arch_syscall_def *riscv64_syscall_iterate(unsigned int spot);
++
++#endif
+diff --git a/src/arch.c b/src/arch.c
+index bfa664f..83c2c9b 100644
+--- a/src/arch.c
++++ b/src/arch.c
+@@ -41,6 +41,7 @@
+ #include "arch-parisc.h"
+ #include "arch-ppc.h"
+ #include "arch-ppc64.h"
++#include "arch-riscv64.h"
+ #include "arch-s390.h"
+ #include "arch-s390x.h"
+ #include "db.h"
+@@ -94,6 +95,8 @@ const struct arch_def *arch_def_native = &arch_def_ppc;
+ const struct arch_def *arch_def_native = &arch_def_s390x;
+ #elif __s390__
+ const struct arch_def *arch_def_native = &arch_def_s390;
++#elif __riscv && __riscv_xlen == 64
++const struct arch_def *arch_def_native = &arch_def_riscv64;
+ #else
+ #error the arch code needs to know about your machine type
+ #endif /* machine type guess */
+@@ -156,6 +159,8 @@ const struct arch_def *arch_def_lookup(uint32_t token)
+ return &arch_def_s390;
+ case SCMP_ARCH_S390X:
+ return &arch_def_s390x;
++ case SCMP_ARCH_RISCV64:
++ return &arch_def_riscv64;
+ }
+
+ return NULL;
+@@ -206,6 +211,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
+ return &arch_def_s390;
+ else if (strcmp(arch_name, "s390x") == 0)
+ return &arch_def_s390x;
++ else if (strcmp(arch_name, "riscv64") == 0)
++ return &arch_def_riscv64;
+
+ return NULL;
+ }
+diff --git a/src/gen_pfc.c b/src/gen_pfc.c
+index 75d8507..8186f0d 100644
+--- a/src/gen_pfc.c
++++ b/src/gen_pfc.c
+@@ -87,6 +87,8 @@ static const char *_pfc_arch(const struct arch_def *arch)
+ return "s390x";
+ case SCMP_ARCH_S390:
+ return "s390";
++ case SCMP_ARCH_RISCV64:
++ return "riscv64";
+ default:
+ return "UNKNOWN";
+ }
+diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
+index 8ae84d9..f1194b6 100644
+--- a/src/python/libseccomp.pxd
++++ b/src/python/libseccomp.pxd
+@@ -51,6 +51,7 @@ cdef extern from "seccomp.h":
+ SCMP_ARCH_PPC64LE
+ SCMP_ARCH_S390
+ SCMP_ARCH_S390X
++ SCMP_ARCH_RISCV64
+
+ cdef enum scmp_filter_attr:
+ SCMP_FLTATR_ACT_DEFAULT
+diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
+index 44e4925..113fbf4 100644
+--- a/src/python/seccomp.pyx
++++ b/src/python/seccomp.pyx
+@@ -214,6 +214,7 @@ cdef class Arch:
+ PARISC64 - 64-bit PA-RISC
+ PPC64 - 64-bit PowerPC
+ PPC - 32-bit PowerPC
++ RISCV64 - 64-bit RISC-V
+ """
+
+ cdef int _token
+@@ -237,6 +238,7 @@ cdef class Arch:
+ PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
+ S390 = libseccomp.SCMP_ARCH_S390
+ S390X = libseccomp.SCMP_ARCH_S390X
++ RISCV64 = libseccomp.SCMP_ARCH_RISCV64
+
+ def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
+ """ Initialize the architecture object.
+diff --git a/src/system.c b/src/system.c
+index 8e5aafc..bcd7e3c 100644
+--- a/src/system.c
++++ b/src/system.c
+@@ -80,6 +80,7 @@ int sys_chk_seccomp_syscall(void)
+ case SCMP_ARCH_PPC64LE:
+ case SCMP_ARCH_S390:
+ case SCMP_ARCH_S390X:
++ case SCMP_ARCH_RISCV64:
+ break;
+ default:
+ goto unsupported;
+diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c
+index 0c1eefe..2679270 100644
+--- a/tests/15-basic-resolver.c
++++ b/tests/15-basic-resolver.c
+@@ -45,6 +45,7 @@ unsigned int arch_list[] = {
+ SCMP_ARCH_S390X,
+ SCMP_ARCH_PARISC,
+ SCMP_ARCH_PARISC64,
++ SCMP_ARCH_RISCV64,
+ -1
+ };
+
+diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c
+index 5413e18..0b141e1 100644
+--- a/tests/16-sim-arch_basic.c
++++ b/tests/16-sim-arch_basic.c
+@@ -90,6 +90,9 @@ int main(int argc, char *argv[])
+ if (rc != 0)
+ goto out;
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
++ if (rc != 0)
++ goto out;
++ rc = seccomp_arch_add(ctx, SCMP_ARCH_RISCV64);
+ if (rc != 0)
+ goto out;
+
+@@ -156,6 +159,9 @@ int main(int argc, char *argv[])
+ rc = seccomp_arch_remove(ctx, SCMP_ARCH_PPC64LE);
+ if (rc != 0)
+ goto out;
++ rc = seccomp_arch_remove(ctx, SCMP_ARCH_RISCV64);
++ if (rc != 0)
++ goto out;
+
+ out:
+ seccomp_release(ctx);
+diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py
+index 7d7a05f..846553f 100755
+--- a/tests/16-sim-arch_basic.py
++++ b/tests/16-sim-arch_basic.py
+@@ -44,6 +44,7 @@ def test(args):
+ f.add_arch(Arch("mipsel64"))
+ f.add_arch(Arch("mipsel64n32"))
+ f.add_arch(Arch("ppc64le"))
++ f.add_arch(Arch("riscv64"))
+ f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
+ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
+ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
+diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c
+index 5672980..32739e5 100644
+--- a/tests/23-sim-arch_all_le_basic.c
++++ b/tests/23-sim-arch_all_le_basic.c
+@@ -69,6 +69,9 @@ int main(int argc, char *argv[])
+ if (rc != 0)
+ goto out;
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
++ if (rc != 0)
++ goto out;
++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("riscv64"));
+ if (rc != 0)
+ goto out;
+
+diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py
+index 5927f37..33eedb1 100755
+--- a/tests/23-sim-arch_all_le_basic.py
++++ b/tests/23-sim-arch_all_le_basic.py
+@@ -40,6 +40,7 @@ def test(args):
+ f.add_arch(Arch("mipsel64"))
+ f.add_arch(Arch("mipsel64n32"))
+ f.add_arch(Arch("ppc64le"))
++ f.add_arch(Arch("riscv64"))
+ f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
+ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
+ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
+diff --git a/tests/regression b/tests/regression
+index 56822fb..ef98c3d 100755
+--- a/tests/regression
++++ b/tests/regression
+@@ -25,7 +25,8 @@ GLBL_ARCH_LE_SUPPORT=" \
+ x86 x86_64 x32 \
+ arm aarch64 \
+ mipsel mipsel64 mipsel64n32 \
+- ppc64le"
++ ppc64le \
++ riscv64"
+ GLBL_ARCH_BE_SUPPORT=" \
+ mips mips64 mips64n32 \
+ parisc parisc64 \
+@@ -46,6 +47,7 @@ GLBL_ARCH_64B_SUPPORT=" \
+ mips64 \
+ parisc64 \
+ ppc64 \
++ riscv64 \
+ s390x"
+
+ GLBL_SYS_ARCH="../tools/scmp_arch_detect"
+@@ -777,7 +779,7 @@ function run_test_live() {
+
+ # setup the arch specific return values
+ case "$arch" in
+- x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x)
++ x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64)
+ rc_kill_process=159
+ rc_kill=159
+ rc_allow=160
+diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
+index ad43f2d..b844a68 100644
+--- a/tools/scmp_arch_detect.c
++++ b/tools/scmp_arch_detect.c
+@@ -120,6 +120,9 @@ int main(int argc, char *argv[])
+ case SCMP_ARCH_S390X:
+ printf("s390x\n");
+ break;
++ case SCMP_ARCH_RISCV64:
++ printf("riscv64\n");
++ break;
+ default:
+ printf("unknown\n");
+ }
+diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
+index 27fba9a..5c914b4 100644
+--- a/tools/scmp_bpf_disasm.c
++++ b/tools/scmp_bpf_disasm.c
+@@ -508,6 +508,8 @@ int main(int argc, char *argv[])
+ arch = AUDIT_ARCH_S390;
+ else if (strcmp(optarg, "s390x") == 0)
+ arch = AUDIT_ARCH_S390X;
++ else if (strcmp(optarg, "riscv64") == 0)
++ arch = AUDIT_ARCH_RISCV64;
+ else
+ exit_usage(argv[0]);
+ break;
+diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
+index 4d30822..a381314 100644
+--- a/tools/scmp_bpf_sim.c
++++ b/tools/scmp_bpf_sim.c
+@@ -285,6 +285,8 @@ int main(int argc, char *argv[])
+ arch = AUDIT_ARCH_S390;
+ else if (strcmp(optarg, "s390x") == 0)
+ arch = AUDIT_ARCH_S390X;
++ else if (strcmp(optarg, "riscv64") == 0)
++ arch = AUDIT_ARCH_RISCV64;
+ else
+ exit_fault(EINVAL);
+ break;
+diff --git a/tools/util.c b/tools/util.c
+index 7122335..741b2a2 100644
+--- a/tools/util.c
++++ b/tools/util.c
+@@ -78,6 +78,8 @@
+ #define ARCH_NATIVE AUDIT_ARCH_S390X
+ #elif __s390__
+ #define ARCH_NATIVE AUDIT_ARCH_S390
++#elif __riscv && __riscv_xlen == 64
++#define ARCH_NATIVE AUDIT_ARCH_RISCV64
+ #else
+ #error the simulator code needs to know about your machine type
+ #endif
+diff --git a/tools/util.h b/tools/util.h
+index 08c4839..6c2ca33 100644
+--- a/tools/util.h
++++ b/tools/util.h
+@@ -72,6 +72,13 @@
+ #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+ #endif
+
++#ifndef AUDIT_ARCH_RISCV64
++#ifndef EM_RISCV
++#define EM_RISCV 243
++#endif /* EM_RISCV */
++#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
++#endif /* AUDIT_ARCH_RISCV64 */
++
+ extern uint32_t arch;
+
+ uint16_t ttoh16(uint32_t arch, uint16_t val);
projects / libseccomp.git / commitdiff