From: Felix Geyer Date: Thu, 12 Mar 2020 22:35:13 +0000 (+0000) Subject: libseccomp (2.4.3-1) unstable; urgency=medium X-Git-Tag: archive/raspbian/2.4.3-1+rpi1^2~3 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=535884da8ebc1d05dd2edbc3e20fd6d44b238224;p=libseccomp.git libseccomp (2.4.3-1) unstable; urgency=medium * New upstream release. * Drop patches that have been applied upstream: - tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch - api_define__SNR_ppoll_again.patch * Cherry-pick support for the riscv64 architecture. (Closes: #952386) - Add riscv64_support.patch [dgit import unpatched libseccomp 2.4.3-1] --- 535884da8ebc1d05dd2edbc3e20fd6d44b238224 diff --cc debian/changelog index 0000000,0000000..2cea8fe new file mode 100644 --- /dev/null +++ b/debian/changelog @@@ -1,0 -1,0 +1,270 @@@ ++libseccomp (2.4.3-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Drop patches that have been applied upstream: ++ - tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch ++ - api_define__SNR_ppoll_again.patch ++ * Cherry-pick support for the riscv64 architecture. (Closes: #952386) ++ - Add riscv64_support.patch ++ ++ -- Felix Geyer Thu, 12 Mar 2020 23:35:13 +0100 ++ ++libseccomp (2.4.2-2) unstable; urgency=medium ++ ++ [ Christian Ehrhardt ] ++ * d/rules: fix potential FTFBS after full python3 switch ++ * d/t/control: drop python2 test following the removal of the package ++ ++ [ Felix Geyer ] ++ * Remove build-dependency on valgrind for mips64el as it's broken there. ++ * Backport patch to define __SNR_ppoll again. ++ - Add api_define__SNR_ppoll_again.patch ++ * Replace custom patch for cython3 with the upstream fix. ++ ++ -- Felix Geyer Fri, 15 Nov 2019 18:12:53 +0100 ++ ++libseccomp (2.4.2-1) unstable; urgency=medium ++ ++ [ Christian Ehrhardt ] ++ * New upstream release 2.4.2 for compatibility with newer kernels and ++ fixing FTBFS (LP: #1849785). ++ - drop d/p/python_install_dir.patch (now upstream) ++ - d/rules: adapt to python 3.8 lacking the m modifier on includes ++ see https://wiki.debian.org/Python/Python3.8 ++ - d/p/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch: fix ++ build time test on arm64 ++ ++ [ Felix Geyer ] ++ * Drop Python 2 bindings. (Closes: #936917) ++ - Add cython3.patch to use the Python 3 cython variant. ++ ++ -- Felix Geyer Wed, 13 Nov 2019 00:00:49 +0100 ++ ++libseccomp (2.4.1-2) unstable; urgency=medium ++ ++ * Remove build-dependency on valgrind for mipsel and x32 as it's broken ++ on those archs. ++ * Set Rules-Requires-Root: no. ++ ++ -- Felix Geyer Fri, 19 Jul 2019 00:03:34 +0200 ++ ++libseccomp (2.4.1-1) unstable; urgency=medium ++ ++ * New upstream release. ++ - Addresses CVE-2019-9893 (Closes: #924646) ++ * Drop all patches for parisc arch support, merged upstream. ++ * Build-depend on valgrind to run more unit tests. ++ * Run dh_auto_configure for every python 3 version to install the extension ++ in the correct path. ++ * Update the symbols file. ++ * Adapt autopkgtest to new upstream version: ++ - Build against pthread ++ - Build scmp_api_level tool ++ * Upgrade to debhelper compat level 12. ++ - Add d/not-installed file ++ * Fix install path of the python module. ++ - Add python_install_dir.patch ++ * Add autopkgtest for python packages. ++ ++ -- Felix Geyer Wed, 17 Jul 2019 23:23:28 +0200 ++ ++libseccomp (2.3.3-4) unstable; urgency=medium ++ ++ [ Ondřej Nový ] ++ * d/copyright: Change Format URL to correct one ++ ++ [ Helmut Grohne ] ++ * Fix FTCBFS: (Closes: #903556) ++ + Multiarchify python Build-Depends. ++ + Annotate cython dependencies with :native for now. ++ + Drop noop dh_auto_build invocations. ++ + Pass a suitable PYTHONPATH for python2. ++ + Pass _PYTHON_SYSCONFIGDATA_NAME for python3. ++ ++ -- Felix Geyer Sun, 10 Feb 2019 12:25:44 +0100 ++ ++libseccomp (2.3.3-3) unstable; urgency=medium ++ ++ * Fix FTBFS: Adapt to renamed README file. (Closes: #902767) ++ ++ -- Felix Geyer Sun, 01 Jul 2018 20:32:03 +0200 ++ ++libseccomp (2.3.3-2) unstable; urgency=medium ++ ++ [ Helmut Grohne ] ++ * Support the nopython build profile. (Closes: #897057) ++ ++ [ Felix Geyer ] ++ * Run upstream "live" tests in an autopkgtest. ++ ++ -- Felix Geyer Sun, 13 May 2018 09:53:08 +0200 ++ ++libseccomp (2.3.3-1) unstable; urgency=medium ++ ++ * New upstream release. (Closes: #895417) ++ - Adds pkey_mprotect syscall. (Closes: #893722) ++ * Refresh parisc patch. ++ * Move libseccomp2 back to /usr/lib. (Closes: #894988) ++ * Make test failures cause the build to fail. (Closes: 877901) ++ * Build python bindings. (Closes: #810712) ++ * Switch to debhelper compat level 10. ++ * Move git repo to salsa.debian.org ++ * Add myself to Uploaders. ++ ++ -- Felix Geyer Sun, 22 Apr 2018 23:55:03 +0200 ++ ++libseccomp (2.3.1-2.1) unstable; urgency=medium ++ ++ [ Martin Pitt ] ++ * Non-maintainer upload with Kees' consent. ++ ++ [ Laurent Bigonville ] ++ * Ensure strict enough generated dependencies (Closes: #844496) ++ ++ -- Martin Pitt Thu, 17 Nov 2016 10:16:44 +0100 ++ ++libseccomp (2.3.1-2) unstable; urgency=medium ++ ++ * Add hppa (parisc) support (Closes: #820501) ++ ++ -- Luca Bruno Sat, 28 May 2016 20:05:01 +0200 ++ ++libseccomp (2.3.1-1) unstable; urgency=medium ++ ++ * New upstream release ++ * control: add Vcs-* fields ++ ++ -- Luca Bruno Tue, 05 Apr 2016 22:16:55 +0200 ++ ++libseccomp (2.3.0-1) unstable; urgency=medium ++ ++ * New upstream release ++ + drop all patches, applied upstream ++ * libseccomp2: update symbols file ++ * control: add myself to uploaders ++ * control: bump policy version ++ ++ -- Luca Bruno Sun, 03 Apr 2016 00:31:09 +0200 ++ ++libseccomp (2.2.3-3) unstable; urgency=medium ++ ++ [ Martin Pitt ] ++ * debian/patches/add-x86-32bit-socket-calls.patch: add the newly ++ connected direct socket calls. (Closes: #809556) ++ * debian/add-membarrier.patch: add membarrier syscall. ++ * Backport patches for ppc/ppc64 and s390x. (Closes: #800818) ++ ++ -- Kees Cook Tue, 01 Sep 2015 15:37:31 -0700 ++ ++libseccomp (2.2.3-2) unstable; urgency=medium ++ ++ * debian/control: enable mips64, mips64el, and x32 architectures, ++ thanks to Helmut Grohne (Closes: 797383). ++ ++ -- Kees Cook Tue, 01 Sep 2015 15:37:31 -0700 ++ ++libseccomp (2.2.3-1) unstable; urgency=medium ++ ++ * New upstream release (Closes: 793032). ++ * debian/control: update Homepage (Closes: 793033). ++ ++ -- Kees Cook Mon, 03 Aug 2015 15:06:08 -0700 ++ ++libseccomp (2.2.1-2) unstable; urgency=medium ++ ++ * debian/{rules,*.install}: move to /lib, thanks to Michael Biebl ++ (Closes: 788923). ++ ++ -- Kees Cook Tue, 16 Jun 2015 12:45:08 -0700 ++ ++libseccomp (2.2.1-1) unstable; urgency=medium ++ ++ * New upstream release (Closes: 785428). ++ - debian/patches dropped: incorporated upstream. ++ * debian/libseccomp2.symbols: include only documented symbols. ++ * debian/libseccomp-dev.install: include static library (Closes: 698508). ++ * debian/control: ++ - add newly supported arm64, mips, and mipsel. ++ - bump standards version, no changes needed. ++ ++ -- Kees Cook Sat, 16 May 2015 08:15:26 -0700 ++ ++libseccomp (2.1.1-1) unstable; urgency=low ++ ++ * New upstream release (Closes: 733293). ++ * copyright: add a few missed people. ++ * rules: adjusted for new test target. ++ * libseccomp2.symbols: drop accidentally exported functions. ++ * control: ++ - bump standards, no changes needed. ++ - add armel target ++ ++ -- Kees Cook Sat, 12 Apr 2014 10:44:22 -0700 ++ ++libseccomp (2.1.0+dfsg-1) unstable; urgency=low ++ ++ * Rebuild source package without accidental binaries (Closes: 725617). ++ - debian/watch: mangle upstream version check. ++ * debian/rules: make tests non-fatal while upstream fixes them ++ (Closes: 721292). ++ ++ -- Kees Cook Sun, 06 Oct 2013 15:05:51 -0700 ++ ++libseccomp (2.1.0-1) unstable; urgency=low ++ ++ * New upstream release (Closes: 718398): ++ - dropped debian/patches/manpage-dashes.patch: taken upstream. ++ - dropped debian/patches/include-unistd.patch: not needed. ++ - debian/patches/testsuite-x86-write.patch: taken upstream. ++ - ABI bump: moved from libseccomp1 to libseccomp2. ++ * debian/control: ++ - added Arch: armhf, now supported upstream. ++ - added seccomp binary package for helper tools. ++ * Added debian/patches/manpage-typo.patch: spelling fix. ++ * Added debian/patches/build-ldflags.patch: fix LDFLAGS handling. ++ ++ -- Kees Cook Tue, 13 Aug 2013 00:02:01 -0700 ++ ++libseccomp (1.0.1-2) unstable; urgency=low ++ ++ * debian/rules: enable testsuite at build time, thanks to ++ Stéphane Graber (Closes: 698803). ++ * Added debian/patches/include-unistd.patch: detect location of ++ asm/unistd.h correctly. ++ * Added debian/patches/testsuite-x86-write.patch: skip the "write" ++ syscall correctly on x86. ++ * debian/control: bump standards to 3.9.4, no changes needed. ++ ++ -- Kees Cook Wed, 23 Jan 2013 13:11:53 -0800 ++ ++libseccomp (1.0.1-1) unstable; urgency=low ++ ++ * New upstream release. ++ * debian/control: only build on amd64 and i386 (Closes: 687368). ++ ++ -- Kees Cook Fri, 07 Dec 2012 11:38:03 -0800 ++ ++libseccomp (1.0.0-1) unstable; urgency=low ++ ++ * New upstream release. ++ - bump ABI. ++ - drop build verbosity patch, use upstream V=1 instead. ++ * libseccomp-dev.manpages: fix build location (Closes: 682152, 682471). ++ * debian/patches/pkgconfig-macro.patch: use literals for macro. ++ ++ -- Kees Cook Fri, 03 Aug 2012 16:59:41 -0700 ++ ++libseccomp (0.1.0-1) unstable; urgency=low ++ ++ * New upstream release. ++ - drop patches taken upstream: ++ - libexecdir.patch ++ - pass-flags.patch ++ ++ -- Kees Cook Fri, 08 Jun 2012 12:32:22 -0700 ++ ++libseccomp (0.0.0~20120605-1) unstable; urgency=low ++ ++ * Initial release (Closes: #676257). ++ ++ -- Kees Cook Tue, 05 Jun 2012 11:28:07 -0700 diff --cc debian/control index 0000000,0000000..6d2dcae new file mode 100644 --- /dev/null +++ b/debian/control @@@ -1,0 -1,0 +1,62 @@@ ++Source: libseccomp ++Section: libs ++Priority: optional ++Maintainer: Kees Cook ++Uploaders: Luca Bruno , Felix Geyer ++Build-Depends: debhelper-compat (= 12), ++ linux-libc-dev, ++ dh-python , ++ python3-all-dev:any , ++ libpython3-all-dev , ++ cython3:native , ++ valgrind [amd64 arm64 armhf i386 mips mips64 powerpc ppc64 ppc64el s390x] ++Rules-Requires-Root: no ++Standards-Version: 3.9.7 ++Homepage: https://github.com/seccomp/libseccomp ++Vcs-Git: https://salsa.debian.org/debian/libseccomp.git ++Vcs-Browser: https://salsa.debian.org/debian/libseccomp ++ ++Package: libseccomp-dev ++Section: libdevel ++Architecture: linux-any ++Multi-Arch: same ++Pre-Depends: ${misc:Pre-Depends} ++Depends: libseccomp2 (= ${binary:Version}), ${misc:Depends} ++Suggests: seccomp ++Description: high level interface to Linux seccomp filter (development files) ++ This library provides a high level interface to constructing, analyzing ++ and installing seccomp filters via a BPF passed to the Linux Kernel's ++ prctl() syscall. ++ . ++ This package contains the development files. ++ ++Package: libseccomp2 ++Architecture: linux-any ++Multi-Arch: same ++Pre-Depends: ${misc:Pre-Depends} ++Depends: ${shlibs:Depends}, ${misc:Depends} ++Description: high level interface to Linux seccomp filter ++ This library provides a high level interface to constructing, analyzing ++ and installing seccomp filters via a BPF passed to the Linux Kernel's ++ prctl() syscall. ++ ++Package: seccomp ++Section: utils ++Architecture: linux-any ++Depends: ${shlibs:Depends}, ${misc:Depends} ++Suggests: libseccomp-dev ++Description: helper tools for high level interface to Linux seccomp filter ++ Provides helper tools for interacting with libseccomp. Currently, only ++ a single tool exists, providing a way to easily enumerate syscalls across ++ the supported architectures. ++ ++Package: python3-seccomp ++Build-Profiles: ++Architecture: linux-any ++Multi-Arch: same ++Section: python ++Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends} ++Description: high level interface to Linux seccomp filter (Python 3 bindings) ++ This library provides a high level interface to constructing, analyzing ++ and installing seccomp filters via a BPF passed to the Linux Kernel's ++ prctl() syscall. diff --cc debian/copyright index 0000000,0000000..307817f new file mode 100644 --- /dev/null +++ b/debian/copyright @@@ -1,0 -1,0 +1,39 @@@ ++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ ++Upstream-Name: libseccomp ++Source: https://sourceforge.net/projects/libseccomp/ ++ ++Files: * ++Copyright: 2012 Paul Moore ++ 2012 Ashley Lai ++ 2012 Corey Bryant ++ 2012 Eduardo Otubo ++ 2012 Eric Paris ++License: LGPL-2.1 ++ ++Files: tests/22-sim-basic_chains_array.tests ++Copyright: 2013 Vitaly Shukela ++License: LGPL-2.1 ++ ++Files: src/hash.* ++Copyright: 2006 Bob Jenkins ++License: LGPL-2.1 ++ ++Files: debian/* ++Copyright: 2012 Kees Cook ++License: LGPL-2.1 ++ ++License: LGPL-2.1 ++ This library is free software; you can redistribute it and/or modify it ++ under the terms of version 2.1 of the GNU Lesser General Public License as ++ published by the Free Software Foundation. ++ . ++ This library is distributed in the hope that it will be useful, but WITHOUT ++ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ for more details. ++ . ++ You should have received a copy of the GNU Lesser General Public License ++ along with this library; if not, see . ++ . ++ On Debian systems, the complete text of the GNU Lesser General ++ Public License can be found in "/usr/share/common-licenses/LGPL-2.1". diff --cc debian/docs index 0000000,0000000..b43bf86 new file mode 100644 --- /dev/null +++ b/debian/docs @@@ -1,0 -1,0 +1,1 @@@ ++README.md diff --cc debian/gbp.conf index 0000000,0000000..c16083c new file mode 100644 --- /dev/null +++ b/debian/gbp.conf @@@ -1,0 -1,0 +1,9 @@@ ++[DEFAULT] ++upstream-tag = upstream/%(version)s ++debian-tag = debian/%(version)s ++pristine-tar = True ++upstream-branch = upstream ++debian-branch = debian/sid ++ ++[buildpackage] ++submodules = True diff --cc debian/libseccomp-dev.install index 0000000,0000000..b973af4 new file mode 100644 --- /dev/null +++ b/debian/libseccomp-dev.install @@@ -1,0 -1,0 +1,4 @@@ ++usr/include/* ++usr/lib/*/lib*.so ++usr/lib/*/lib*.a ++usr/lib/*/pkgconfig/* diff --cc debian/libseccomp-dev.manpages index 0000000,0000000..7c72677 new file mode 100644 --- /dev/null +++ b/debian/libseccomp-dev.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/share/man/man3/* diff --cc debian/libseccomp2.install index 0000000,0000000..3ddde58 new file mode 100644 --- /dev/null +++ b/debian/libseccomp2.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/*/lib*.so.* diff --cc debian/libseccomp2.symbols index 0000000,0000000..b710bf8 new file mode 100644 --- /dev/null +++ b/debian/libseccomp2.symbols @@@ -1,0 -1,0 +1,28 @@@ ++libseccomp.so.2 libseccomp2 #MINVER# ++* Build-Depends-Package: libseccomp-dev ++ seccomp_api_get@Base 2.4.1 ++ seccomp_api_set@Base 2.4.1 ++ seccomp_attr_get@Base 0.0.0~20120605 ++ seccomp_attr_set@Base 0.0.0~20120605 ++ seccomp_export_bpf@Base 0.0.0~20120605 ++ seccomp_export_pfc@Base 0.0.0~20120605 ++ seccomp_init@Base 0.0.0~20120605 ++ seccomp_load@Base 0.0.0~20120605 ++ seccomp_release@Base 0.0.0~20120605 ++ seccomp_reset@Base 0.0.0~20120605 ++ seccomp_rule_add@Base 0.0.0~20120605 ++ seccomp_rule_add_exact@Base 0.0.0~20120605 ++ seccomp_syscall_priority@Base 0.0.0~20120605 ++ seccomp_syscall_resolve_name@Base 1.0.1 ++ seccomp_merge@Base 1.0.1 ++ seccomp_arch_add@Base 1.0.1 ++ seccomp_arch_exist@Base 1.0.1 ++ seccomp_arch_remove@Base 1.0.1 ++ seccomp_arch_native@Base 2.1.0 ++ seccomp_rule_add_array@Base 2.1.0 ++ seccomp_rule_add_exact_array@Base 2.1.0 ++ seccomp_syscall_resolve_name_arch@Base 2.1.0 ++ seccomp_syscall_resolve_num_arch@Base 2.1.0 ++ seccomp_arch_resolve_name@Base 2.2.1 ++ seccomp_syscall_resolve_name_rewrite@Base 2.2.1 ++ seccomp_version@Base 2.3.0 diff --cc debian/not-installed index 0000000,0000000..4f60595 new file mode 100644 --- /dev/null +++ b/debian/not-installed @@@ -1,0 -1,0 +1,3 @@@ ++usr/lib/python*/*-packages/install_files.txt ++usr/lib/python*/*-packages/seccomp-*.egg-info ++usr/lib/*/libseccomp.la diff --cc debian/patches/cython3.patch index 0000000,0000000..4b749d0 new file mode 100644 --- /dev/null +++ b/debian/patches/cython3.patch @@@ -1,0 -1,0 +1,45 @@@ ++https://github.com/seccomp/libseccomp/pull/188 ++ ++From 8d09eb9314ad00aa0584345ae66d4419b38da8e0 Mon Sep 17 00:00:00 2001 ++From: Paul Moore ++Date: Wed, 13 Nov 2019 20:54:25 -0500 ++Subject: [PATCH] build: try to use explicitly marked Python 3.x tools first ++ ++Python 2.x is going EOL very soon, so let's require Python 3.x now ++and attempt to use the explicitly marked Python 3.x tools first. ++ ++Signed-off-by: Paul Moore ++--- ++ configure.ac | 12 ++++++------ ++ 1 file changed, 6 insertions(+), 6 deletions(-) ++ ++diff --git a/configure.ac b/configure.ac ++index 2ae6b2d..7d80b40 100644 ++--- a/configure.ac +++++ b/configure.ac ++@@ -91,11 +91,11 @@ AC_SUBST([VERSION_MICRO]) ++ dnl #### ++ dnl cython checks ++ dnl #### ++-AC_CHECK_PROG(have_cython, cython, "yes", "no") ++-AS_IF([test "$have_cython" = yes], [ ++- AS_ECHO("checking cython version... $(cython -V 2>&1 | cut -d' ' -f 3)") ++- CYTHON_VER_MAJ=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1); ++- CYTHON_VER_MIN=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2); +++AC_CHECK_PROGS(cython, cython3 cython, "no") +++AS_IF([test "$cython" != no], [ +++ AS_ECHO("checking cython version... $($cython -V 2>&1 | cut -d' ' -f 3)") +++ CYTHON_VER_MAJ=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1); +++ CYTHON_VER_MIN=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2); ++ ],[ ++ CYTHON_VER_MAJ=0 ++ CYTHON_VER_MIN=0 ++@@ -112,7 +112,7 @@ AS_IF([test "$enable_python" = yes], [ ++ AS_IF([test "$CYTHON_VER_MAJ" -eq 0 -a "$CYTHON_VER_MIN" -lt 29], [ ++ AC_MSG_ERROR([python bindings require cython 0.29 or higher]) ++ ]) ++- AM_PATH_PYTHON +++ AM_PATH_PYTHON([3]) ++ ]) ++ AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes]) ++ AC_DEFINE_UNQUOTED([ENABLE_PYTHON], diff --cc debian/patches/riscv64_support.patch index 0000000,0000000..f6f2d8d new file mode 100644 --- /dev/null +++ b/debian/patches/riscv64_support.patch @@@ -1,0 -1,0 +1,999 @@@ ++From 5432e15521d5ce5a7d3f26bf78674cbaa9d73d1f Mon Sep 17 00:00:00 2001 ++From: Andreas Schwab ++Date: Tue, 7 Jan 2020 14:51:19 +0100 ++Subject: [PATCH] arch: Add RISC-V 64-bit support ++ ++Signed-off-by: Andreas Schwab ++[PM: minor macro shuffling in seccomp.h.in] ++Signed-off-by: Paul Moore ++--- ++ include/seccomp-syscalls.h | 5 + ++ include/seccomp.h.in | 12 + ++ src/Makefile.am | 1 + ++ src/arch-riscv64-syscalls.c | 553 ++++++++++++++++++++++++++++++ ++ src/arch-riscv64.c | 31 ++ ++ src/arch-riscv64.h | 30 ++ ++ src/arch.c | 7 + ++ src/gen_pfc.c | 2 + ++ src/python/libseccomp.pxd | 1 + ++ src/python/seccomp.pyx | 2 + ++ src/system.c | 1 + ++ tests/15-basic-resolver.c | 1 + ++ tests/16-sim-arch_basic.c | 6 + ++ tests/16-sim-arch_basic.py | 1 + ++ tests/23-sim-arch_all_le_basic.c | 3 + ++ tests/23-sim-arch_all_le_basic.py | 1 + ++ tests/regression | 6 +- ++ tools/scmp_arch_detect.c | 3 + ++ tools/scmp_bpf_disasm.c | 2 + ++ tools/scmp_bpf_sim.c | 2 + ++ tools/util.c | 2 + ++ tools/util.h | 7 + ++ 22 files changed, 677 insertions(+), 2 deletions(-) ++ create mode 100644 src/arch-riscv64-syscalls.c ++ create mode 100644 src/arch-riscv64.c ++ create mode 100644 src/arch-riscv64.h ++ ++diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h ++index 3c958df..d7eb383 100644 ++--- a/include/seccomp-syscalls.h +++++ b/include/seccomp-syscalls.h ++@@ -273,6 +273,7 @@ ++ #define __PNR_timerfd_settime64 -10239 ++ #define __PNR_utimensat_time64 -10240 ++ #define __PNR_ppoll -10241 +++#define __PNR_renameat -10242 ++ ++ /* ++ * libseccomp syscall definitions ++@@ -1494,7 +1495,11 @@ ++ #define __SNR_rename __PNR_rename ++ #endif ++ +++#ifdef __NR_renameat ++ #define __SNR_renameat __NR_renameat +++#else +++#define __SNR_renameat __PNR_renameat +++#endif ++ ++ #define __SNR_renameat2 __NR_renameat2 ++ ++diff --git a/include/seccomp.h.in b/include/seccomp.h.in ++index 42f3a79..208b366 100644 ++--- a/include/seccomp.h.in +++++ b/include/seccomp.h.in ++@@ -196,6 +196,18 @@ struct scmp_arg_cmp { ++ #define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC ++ #define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64 ++ +++/** +++ * The RISC-V architecture tokens +++ */ +++/* RISC-V support for audit was merged in 5.0-rc1 */ +++#ifndef AUDIT_ARCH_RISCV64 +++#ifndef EM_RISCV +++#define EM_RISCV 243 +++#endif /* EM_RISCV */ +++#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +++#endif /* AUDIT_ARCH_RISCV64 */ +++#define SCMP_ARCH_RISCV64 AUDIT_ARCH_RISCV64 +++ ++ /** ++ * Convert a syscall name into the associated syscall number ++ * @param x the syscall name ++diff --git a/src/Makefile.am b/src/Makefile.am ++index 2e7e38d..47e2f33 100644 ++--- a/src/Makefile.am +++++ b/src/Makefile.am ++@@ -42,6 +42,7 @@ SOURCES_ALL = \ ++ arch-parisc.h arch-parisc.c arch-parisc64.c arch-parisc-syscalls.c \ ++ arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \ ++ arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \ +++ arch-riscv64.h arch-riscv64.c arch-riscv64-syscalls.c \ ++ arch-s390.h arch-s390.c arch-s390-syscalls.c \ ++ arch-s390x.h arch-s390x.c arch-s390x-syscalls.c ++ ++diff --git a/src/arch-riscv64-syscalls.c b/src/arch-riscv64-syscalls.c ++new file mode 100644 ++index 0000000..ceebece ++--- /dev/null +++++ b/src/arch-riscv64-syscalls.c ++@@ -0,0 +1,553 @@ +++/* +++ * This library is free software; you can redistribute it and/or modify it +++ * under the terms of version 2.1 of the GNU Lesser General Public License as +++ * published by the Free Software Foundation. +++ * +++ * This library is distributed in the hope that it will be useful, but WITHOUT +++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +++ * for more details. +++ * +++ * You should have received a copy of the GNU Lesser General Public License +++ * along with this library; if not, see . +++ */ +++ +++#include +++ +++#include +++ +++#include "arch.h" +++#include "arch-riscv64.h" +++ +++/* NOTE: based on Linux 5.4 */ +++const struct arch_syscall_def riscv64_syscall_table[] = { \ +++ { "_llseek", __PNR__llseek }, +++ { "_newselect", __PNR__newselect }, +++ { "_sysctl", __PNR__sysctl }, +++ { "accept", 202 }, +++ { "accept4", 242 }, +++ { "access", __PNR_access }, +++ { "acct", 89 }, +++ { "add_key", 217 }, +++ { "adjtimex", 171 }, +++ { "afs_syscall", __PNR_afs_syscall }, +++ { "alarm", __PNR_alarm }, +++ { "arm_fadvise64_64", __PNR_arm_fadvise64_64 }, +++ { "arm_sync_file_range", __PNR_arm_sync_file_range }, +++ { "arch_prctl", __PNR_arch_prctl }, +++ { "bdflush", __PNR_bdflush }, +++ { "bind", 200 }, +++ { "bpf", 280 }, +++ { "break", __PNR_break }, +++ { "breakpoint", __PNR_breakpoint }, +++ { "brk", 214 }, +++ { "cachectl", __PNR_cachectl }, +++ { "cacheflush", __PNR_cacheflush }, +++ { "capget", 90 }, +++ { "capset", 91 }, +++ { "chdir", 49 }, +++ { "chmod", __PNR_chmod }, +++ { "chown", __PNR_chown }, +++ { "chown32", __PNR_chown32 }, +++ { "chroot", 51 }, +++ { "clock_adjtime", 266 }, +++ { "clock_adjtime64", __PNR_clock_adjtime64 }, +++ { "clock_getres", 114 }, +++ { "clock_getres_time64", __PNR_clock_getres_time64 }, +++ { "clock_gettime", 113 }, +++ { "clock_gettime64", __PNR_clock_gettime64 }, +++ { "clock_nanosleep", 115 }, +++ { "clock_nanosleep_time64", __PNR_clock_nanosleep_time64 }, +++ { "clock_settime", 112 }, +++ { "clock_settime64", __PNR_clock_settime64 }, +++ { "clone", 220 }, +++ { "clone3", 435 }, +++ { "close", 57 }, +++ { "connect", 203 }, +++ { "copy_file_range", 285 }, +++ { "creat", __PNR_creat }, +++ { "create_module", __PNR_create_module }, +++ { "delete_module", 106 }, +++ { "dup", 23 }, +++ { "dup2", __PNR_dup2 }, +++ { "dup3", 24 }, +++ { "epoll_create", __PNR_epoll_create }, +++ { "epoll_create1", 20 }, +++ { "epoll_ctl", 21 }, +++ { "epoll_ctl_old", __PNR_epoll_ctl_old }, +++ { "epoll_pwait", 22 }, +++ { "epoll_wait", __PNR_epoll_wait }, +++ { "epoll_wait_old", __PNR_epoll_wait_old }, +++ { "eventfd", __PNR_eventfd }, +++ { "eventfd2", 19 }, +++ { "execve", 221 }, +++ { "execveat", 281 }, +++ { "exit", 93 }, +++ { "exit_group", 94 }, +++ { "faccessat", 48 }, +++ { "fadvise64", 223 }, +++ { "fadvise64_64", __PNR_fadvise64_64 }, +++ { "fallocate", 47 }, +++ { "fanotify_init", 262 }, +++ { "fanotify_mark", 263 }, +++ { "fchdir", 50 }, +++ { "fchmod", 52 }, +++ { "fchmodat", 53 }, +++ { "fchown", 55 }, +++ { "fchown32", __PNR_fchown32 }, +++ { "fchownat", 54 }, +++ { "fcntl", 25 }, +++ { "fcntl64", __PNR_fcntl64 }, +++ { "fdatasync", 83 }, +++ { "fgetxattr", 10 }, +++ { "finit_module", 273 }, +++ { "flistxattr", 13 }, +++ { "flock", 32 }, +++ { "fork", __PNR_fork }, +++ { "fremovexattr", 16 }, +++ { "fsconfig", 431 }, +++ { "fsetxattr", 7 }, +++ { "fsmount", 432 }, +++ { "fsopen", 430 }, +++ { "fspick", 433 }, +++ { "fstat", 80 }, +++ { "fstat64", __PNR_fstat64 }, +++ { "fstatat64", __PNR_fstatat64 }, +++ { "fstatfs", 44 }, +++ { "fstatfs64", __PNR_fstatfs64 }, +++ { "fsync", 82 }, +++ { "ftime", __PNR_ftime }, +++ { "ftruncate", 46 }, +++ { "ftruncate64", __PNR_ftruncate64 }, +++ { "futex", 98 }, +++ { "futex_time64", __PNR_futex_time64 }, +++ { "futimesat", __PNR_futimesat }, +++ { "get_kernel_syms", __PNR_get_kernel_syms }, +++ { "get_mempolicy", 236 }, +++ { "get_robust_list", 100 }, +++ { "get_thread_area", __PNR_get_thread_area }, +++ { "get_tls", __PNR_get_tls }, +++ { "getcpu", 168 }, +++ { "getcwd", 17 }, +++ { "getdents", __PNR_getdents }, +++ { "getdents64", 61 }, +++ { "getegid", 177 }, +++ { "getegid32", __PNR_getegid32 }, +++ { "geteuid", 175 }, +++ { "geteuid32", __PNR_geteuid32 }, +++ { "getgid", 176 }, +++ { "getgid32", __PNR_getgid32 }, +++ { "getgroups", 158 }, +++ { "getgroups32", __PNR_getgroups32 }, +++ { "getitimer", 102 }, +++ { "getpeername", 205 }, +++ { "getpgid", 155 }, +++ { "getpgrp", __PNR_getpgrp }, +++ { "getpid", 172 }, +++ { "getpmsg", __PNR_getpmsg }, +++ { "getppid", 173 }, +++ { "getpriority", 141 }, +++ { "getrandom", 278 }, +++ { "getresgid", 150 }, +++ { "getresgid32", __PNR_getresgid32 }, +++ { "getresuid", 148 }, +++ { "getresuid32", __PNR_getresuid32 }, +++ { "getrlimit", 163 }, +++ { "getrusage", 165 }, +++ { "getsid", 156 }, +++ { "getsockname", 204 }, +++ { "getsockopt", 209 }, +++ { "gettid", 178 }, +++ { "gettimeofday", 169 }, +++ { "getuid", 174 }, +++ { "getuid32", __PNR_getuid32 }, +++ { "getxattr", 8 }, +++ { "gtty", __PNR_gtty }, +++ { "idle", __PNR_idle }, +++ { "init_module", 105 }, +++ { "inotify_add_watch", 27 }, +++ { "inotify_init", __PNR_inotify_init }, +++ { "inotify_init1", 26 }, +++ { "inotify_rm_watch", 28 }, +++ { "io_cancel", 3 }, +++ { "io_destroy", 1 }, +++ { "io_getevents", 4 }, +++ { "io_pgetevents", 292 }, +++ { "io_pgetevents_time64", __PNR_io_pgetevents_time64 }, +++ { "io_setup", 0 }, +++ { "io_submit", 2 }, +++ { "io_uring_enter", 426 }, +++ { "io_uring_register", 427 }, +++ { "io_uring_setup", 425 }, +++ { "ioctl", 29 }, +++ { "ioperm", __PNR_ioperm }, +++ { "iopl", __PNR_iopl }, +++ { "ioprio_get", 31 }, +++ { "ioprio_set", 30 }, +++ { "ipc", __PNR_ipc }, +++ { "kcmp", 272 }, +++ { "kexec_file_load", 294 }, +++ { "kexec_load", 104 }, +++ { "keyctl", 219 }, +++ { "kill", 129 }, +++ { "lchown", __PNR_lchown }, +++ { "lchown32", __PNR_lchown32 }, +++ { "lgetxattr", 9 }, +++ { "link", __PNR_link }, +++ { "linkat", 37 }, +++ { "listen", 201 }, +++ { "listxattr", 11 }, +++ { "llistxattr", 12 }, +++ { "lock", __PNR_lock }, +++ { "lookup_dcookie", 18 }, +++ { "lremovexattr", 15 }, +++ { "lseek", 62 }, +++ { "lsetxattr", 6 }, +++ { "lstat", __PNR_lstat }, +++ { "lstat64", __PNR_lstat64 }, +++ { "madvise", 233 }, +++ { "mbind", 235 }, +++ { "membarrier", 283 }, +++ { "memfd_create", 279 }, +++ { "migrate_pages", 238 }, +++ { "mincore", 232 }, +++ { "mkdir", __PNR_mkdir }, +++ { "mkdirat", 34 }, +++ { "mknod", __PNR_mknod }, +++ { "mknodat", 33 }, +++ { "mlock", 228 }, +++ { "mlock2", 284 }, +++ { "mlockall", 230 }, +++ { "mmap", 222 }, +++ { "mmap2", __PNR_mmap2 }, +++ { "modify_ldt", __PNR_modify_ldt }, +++ { "mount", 40 }, +++ { "move_mount", 429 }, +++ { "move_pages", 239 }, +++ { "mprotect", 226 }, +++ { "mpx", __PNR_mpx }, +++ { "mq_getsetattr", 185 }, +++ { "mq_notify", 184 }, +++ { "mq_open", 180 }, +++ { "mq_timedreceive", 183 }, +++ { "mq_timedreceive_time64", __PNR_mq_timedreceive_time64 }, +++ { "mq_timedsend", 182 }, +++ { "mq_timedsend_time64", __PNR_mq_timedsend_time64 }, +++ { "mq_unlink", 181 }, +++ { "mremap", 216 }, +++ { "msgctl", 187 }, +++ { "msgget", 186 }, +++ { "msgrcv", 188 }, +++ { "msgsnd", 189 }, +++ { "msync", 227 }, +++ { "multiplexer", __PNR_multiplexer }, +++ { "munlock", 229 }, +++ { "munlockall", 231 }, +++ { "munmap", 215 }, +++ { "name_to_handle_at", 264 }, +++ { "nanosleep", 101 }, +++ { "newfstatat", 79 }, +++ { "nfsservctl", 42 }, +++ { "nice", __PNR_nice }, +++ { "oldfstat", __PNR_oldfstat }, +++ { "oldlstat", __PNR_oldlstat }, +++ { "oldolduname", __PNR_oldolduname }, +++ { "oldstat", __PNR_oldstat }, +++ { "olduname", __PNR_olduname }, +++ { "oldwait4", __PNR_oldwait4 }, +++ { "open", __PNR_open }, +++ { "open_by_handle_at", 265 }, +++ { "open_tree", 428 }, +++ { "openat", 56 }, +++ { "pause", __PNR_pause }, +++ { "pciconfig_iobase", __PNR_pciconfig_iobase }, +++ { "pciconfig_read", __PNR_pciconfig_read }, +++ { "pciconfig_write", __PNR_pciconfig_write }, +++ { "perf_event_open", 241 }, +++ { "personality", 92 }, +++ { "pidfd_open", 434 }, +++ { "pidfd_send_signal", 424 }, +++ { "pipe", __PNR_pipe }, +++ { "pipe2", 59 }, +++ { "pivot_root", 41 }, +++ { "pkey_alloc", 289 }, +++ { "pkey_free", 290 }, +++ { "pkey_mprotect", 288 }, +++ { "poll", __PNR_poll }, +++ { "ppoll", 73 }, +++ { "ppoll_time64", __PNR_ppoll_time64 }, +++ { "prctl", 167 }, +++ { "pread64", 67 }, +++ { "preadv", 69 }, +++ { "preadv2", 286 }, +++ { "prlimit64", 261 }, +++ { "process_vm_readv", 270 }, +++ { "process_vm_writev", 271 }, +++ { "prof", __PNR_prof }, +++ { "profil", __PNR_profil }, +++ { "pselect6", 72 }, +++ { "pselect6_time64", __PNR_pselect6_time64 }, +++ { "ptrace", 117 }, +++ { "putpmsg", __PNR_putpmsg }, +++ { "pwrite64", 68 }, +++ { "pwritev", 70 }, +++ { "pwritev2", 287 }, +++ { "query_module", __PNR_query_module }, +++ { "quotactl", 60 }, +++ { "read", 63 }, +++ { "readahead", 213 }, +++ { "readdir", __PNR_readdir }, +++ { "readlink", __PNR_readlink }, +++ { "readlinkat", 78 }, +++ { "readv", 65 }, +++ { "reboot", 142 }, +++ { "recv", __PNR_recv }, +++ { "recvfrom", 207 }, +++ { "recvmmsg", 243 }, +++ { "recvmmsg_time64", __PNR_recvmmsg_time64 }, +++ { "recvmsg", 212 }, +++ { "remap_file_pages", 234 }, +++ { "removexattr", 14 }, +++ { "rename", __PNR_rename }, +++ { "renameat", __PNR_renameat }, +++ { "renameat2", 276 }, +++ { "request_key", 218 }, +++ { "restart_syscall", 128 }, +++ { "rmdir", __PNR_rmdir }, +++ { "riscv_flush_icache", 244 }, +++ { "rseq", 293 }, +++ { "rt_sigaction", 134 }, +++ { "rt_sigpending", 136 }, +++ { "rt_sigprocmask", 135 }, +++ { "rt_sigqueueinfo", 138 }, +++ { "rt_sigreturn", 139 }, +++ { "rt_sigsuspend", 133 }, +++ { "rt_sigtimedwait", 137 }, +++ { "rt_sigtimedwait_time64", __PNR_rt_sigtimedwait_time64 }, +++ { "rt_tgsigqueueinfo", 240 }, +++ { "rtas", __PNR_rtas }, +++ { "s390_guarded_storage", __PNR_s390_guarded_storage }, +++ { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, +++ { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, +++ { "s390_runtime_instr", __PNR_s390_runtime_instr }, +++ { "s390_sthyi", __PNR_s390_sthyi }, +++ { "sched_get_priority_max", 125 }, +++ { "sched_get_priority_min", 126 }, +++ { "sched_getaffinity", 123 }, +++ { "sched_getattr", 275 }, +++ { "sched_getparam", 121 }, +++ { "sched_getscheduler", 120 }, +++ { "sched_rr_get_interval", 127 }, +++ { "sched_rr_get_interval_time64", __PNR_sched_rr_get_interval_time64 }, +++ { "sched_setaffinity", 122 }, +++ { "sched_setattr", 274 }, +++ { "sched_setparam", 118 }, +++ { "sched_setscheduler", 119 }, +++ { "sched_yield", 124 }, +++ { "seccomp", 277 }, +++ { "security", __PNR_security }, +++ { "select", __PNR_select }, +++ { "semctl", 191 }, +++ { "semget", 190 }, +++ { "semop", 193 }, +++ { "semtimedop", 192 }, +++ { "semtimedop_time64", __PNR_semtimedop_time64 }, +++ { "send", __PNR_send }, +++ { "sendfile", 71 }, +++ { "sendfile64", __PNR_sendfile64 }, +++ { "sendmmsg", 269 }, +++ { "sendmsg", 211 }, +++ { "sendto", 206 }, +++ { "set_mempolicy", 237 }, +++ { "set_robust_list", 99 }, +++ { "set_thread_area", __PNR_set_thread_area }, +++ { "set_tid_address", 96 }, +++ { "set_tls", __PNR_set_tls }, +++ { "setdomainname", 162 }, +++ { "setfsgid", 152 }, +++ { "setfsgid32", __PNR_setfsgid32 }, +++ { "setfsuid", 151 }, +++ { "setfsuid32", __PNR_setfsuid32 }, +++ { "setgid", 144 }, +++ { "setgid32", __PNR_setgid32 }, +++ { "setgroups", 159 }, +++ { "setgroups32", __PNR_setgroups32 }, +++ { "sethostname", 161 }, +++ { "setitimer", 103 }, +++ { "setns", 268 }, +++ { "setpgid", 154 }, +++ { "setpriority", 140 }, +++ { "setregid", 143 }, +++ { "setregid32", __PNR_setregid32 }, +++ { "setresgid", 149 }, +++ { "setresgid32", __PNR_setresgid32 }, +++ { "setresuid", 147 }, +++ { "setresuid32", __PNR_setresuid32 }, +++ { "setreuid", 145 }, +++ { "setreuid32", __PNR_setreuid32 }, +++ { "setrlimit", 164 }, +++ { "setsid", 157 }, +++ { "setsockopt", 208 }, +++ { "settimeofday", 170 }, +++ { "setuid", 146 }, +++ { "setuid32", __PNR_setuid32 }, +++ { "setxattr", 5 }, +++ { "sgetmask", __PNR_sgetmask }, +++ { "shmat", 196 }, +++ { "shmctl", 195 }, +++ { "shmdt", 197 }, +++ { "shmget", 194 }, +++ { "shutdown", 210 }, +++ { "sigaction", __PNR_sigaction }, +++ { "sigaltstack", 132 }, +++ { "signal", __PNR_signal }, +++ { "signalfd", __PNR_signalfd }, +++ { "signalfd4", 74 }, +++ { "sigpending", __PNR_sigpending }, +++ { "sigprocmask", __PNR_sigprocmask }, +++ { "sigreturn", __PNR_sigreturn }, +++ { "sigsuspend", __PNR_sigsuspend }, +++ { "socket", 198 }, +++ { "socketcall", __PNR_socketcall }, +++ { "socketpair", 199 }, +++ { "splice", 76 }, +++ { "spu_create", __PNR_spu_create }, +++ { "spu_run", __PNR_spu_run }, +++ { "ssetmask", __PNR_ssetmask }, +++ { "stat", __PNR_stat }, +++ { "stat64", __PNR_stat64 }, +++ { "statfs", 43 }, +++ { "statfs64", __PNR_statfs64 }, +++ { "statx", 291 }, +++ { "stime", __PNR_stime }, +++ { "stty", __PNR_stty }, +++ { "subpage_prot", __PNR_subpage_prot }, +++ { "swapcontext", __PNR_swapcontext }, +++ { "swapoff", 225 }, +++ { "swapon", 224 }, +++ { "switch_endian", __PNR_switch_endian }, +++ { "symlink", __PNR_symlink }, +++ { "symlinkat", 36 }, +++ { "sync", 81 }, +++ { "sync_file_range", 84 }, +++ { "sync_file_range2", __PNR_sync_file_range2 }, +++ { "syncfs", 267 }, +++ { "syscall", __PNR_syscall }, +++ { "sys_debug_setcontext", __PNR_sys_debug_setcontext }, +++ { "sysfs", __PNR_sysfs }, +++ { "sysinfo", 179 }, +++ { "syslog", 116 }, +++ { "sysmips", __PNR_sysmips }, +++ { "tee", 77 }, +++ { "tgkill", 131 }, +++ { "time", __PNR_time }, +++ { "timer_create", 107 }, +++ { "timer_delete", 111 }, +++ { "timer_getoverrun", 109 }, +++ { "timer_gettime", 108 }, +++ { "timer_gettime64", __PNR_timer_gettime64 }, +++ { "timer_settime", 110 }, +++ { "timer_settime64", __PNR_timer_settime64 }, +++ { "timerfd", __PNR_timerfd }, +++ { "timerfd_create", 85 }, +++ { "timerfd_gettime", 87 }, +++ { "timerfd_gettime64", __PNR_timerfd_gettime64 }, +++ { "timerfd_settime", 86 }, +++ { "timerfd_settime64", __PNR_timerfd_settime64 }, +++ { "times", 153 }, +++ { "tkill", 130 }, +++ { "truncate", 45 }, +++ { "truncate64", __PNR_truncate64 }, +++ { "tuxcall", __PNR_tuxcall }, +++ { "ugetrlimit", __PNR_ugetrlimit }, +++ { "ulimit", __PNR_ulimit }, +++ { "umask", 166 }, +++ { "umount", __PNR_umount }, +++ { "umount2", 39 }, +++ { "uname", 160 }, +++ { "unlink", __PNR_unlink }, +++ { "unlinkat", 35 }, +++ { "unshare", 97 }, +++ { "uselib", __PNR_uselib }, +++ { "userfaultfd", 282 }, +++ { "usr26", __PNR_usr26 }, +++ { "usr32", __PNR_usr32 }, +++ { "ustat", __PNR_ustat }, +++ { "utime", __PNR_utime }, +++ { "utimensat", 88 }, +++ { "utimensat_time64", __PNR_utimensat_time64 }, +++ { "utimes", __PNR_utimes }, +++ { "vfork", __PNR_vfork }, +++ { "vhangup", 58 }, +++ { "vm86", __PNR_vm86 }, +++ { "vm86old", __PNR_vm86old }, +++ { "vmsplice", 75 }, +++ { "vserver", __PNR_vserver }, +++ { "wait4", 260 }, +++ { "waitid", 95 }, +++ { "waitpid", __PNR_waitpid }, +++ { "write", 64 }, +++ { "writev", 66 }, +++ { NULL, __NR_SCMP_ERROR }, +++}; +++ +++/** +++ * Resolve a syscall name to a number +++ * @param name the syscall name +++ * +++ * Resolve the given syscall name to the syscall number using the syscall table. +++ * Returns the syscall number on success, including negative pseudo syscall +++ * numbers; returns __NR_SCMP_ERROR on failure. +++ * +++ */ +++int riscv64_syscall_resolve_name(const char *name) +++{ +++ unsigned int iter; +++ const struct arch_syscall_def *table = riscv64_syscall_table; +++ +++ /* XXX - plenty of room for future improvement here */ +++ for (iter = 0; table[iter].name != NULL; iter++) { +++ if (strcmp(name, table[iter].name) == 0) +++ return table[iter].num; +++ } +++ +++ return __NR_SCMP_ERROR; +++} +++ +++/** +++ * Resolve a syscall number to a name +++ * @param num the syscall number +++ * +++ * Resolve the given syscall number to the syscall name using the syscall table. +++ * Returns a pointer to the syscall name string on success, including pseudo +++ * syscall names; returns NULL on failure. +++ * +++ */ +++const char *riscv64_syscall_resolve_num(int num) +++{ +++ unsigned int iter; +++ const struct arch_syscall_def *table = riscv64_syscall_table; +++ +++ /* XXX - plenty of room for future improvement here */ +++ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { +++ if (num == table[iter].num) +++ return table[iter].name; +++ } +++ +++ return NULL; +++} +++ +++ +++/** +++ * Iterate through the syscall table and return the syscall mapping +++ * @param spot the offset into the syscall table +++ * +++ * Return the syscall mapping at position @spot or NULL on failure. This +++ * function should only ever be used internally by libseccomp. +++ * +++ */ +++const struct arch_syscall_def *riscv64_syscall_iterate(unsigned int spot) +++{ +++ /* XXX - no safety checks here */ +++ return &riscv64_syscall_table[spot]; +++} ++diff --git a/src/arch-riscv64.c b/src/arch-riscv64.c ++new file mode 100644 ++index 0000000..67bc926 ++--- /dev/null +++++ b/src/arch-riscv64.c ++@@ -0,0 +1,31 @@ +++/* +++ * This library is free software; you can redistribute it and/or modify it +++ * under the terms of version 2.1 of the GNU Lesser General Public License as +++ * published by the Free Software Foundation. +++ * +++ * This library is distributed in the hope that it will be useful, but WITHOUT +++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +++ * for more details. +++ * +++ * You should have received a copy of the GNU Lesser General Public License +++ * along with this library; if not, see . +++ */ +++ +++#include +++#include +++#include +++ +++#include "arch.h" +++#include "arch-riscv64.h" +++ +++const struct arch_def arch_def_riscv64 = { +++ .token = SCMP_ARCH_RISCV64, +++ .token_bpf = AUDIT_ARCH_RISCV64, +++ .size = ARCH_SIZE_64, +++ .endian = ARCH_ENDIAN_LITTLE, +++ .syscall_resolve_name = riscv64_syscall_resolve_name, +++ .syscall_resolve_num = riscv64_syscall_resolve_num, +++ .syscall_rewrite = NULL, +++ .rule_add = NULL, +++}; ++diff --git a/src/arch-riscv64.h b/src/arch-riscv64.h ++new file mode 100644 ++index 0000000..16fca6b ++--- /dev/null +++++ b/src/arch-riscv64.h ++@@ -0,0 +1,30 @@ +++/* +++ * This library is free software; you can redistribute it and/or modify it +++ * under the terms of version 2.1 of the GNU Lesser General Public License as +++ * published by the Free Software Foundation. +++ * +++ * This library is distributed in the hope that it will be useful, but WITHOUT +++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +++ * for more details. +++ * +++ * You should have received a copy of the GNU Lesser General Public License +++ * along with this library; if not, see . +++ */ +++ +++#ifndef _ARCH_RISCV64_H +++#define _ARCH_RISCV64_H +++ +++#include +++ +++#include "arch.h" +++#include "system.h" +++ +++extern const struct arch_def arch_def_riscv64; +++ +++int riscv64_syscall_resolve_name(const char *name); +++const char *riscv64_syscall_resolve_num(int num); +++ +++const struct arch_syscall_def *riscv64_syscall_iterate(unsigned int spot); +++ +++#endif ++diff --git a/src/arch.c b/src/arch.c ++index bfa664f..83c2c9b 100644 ++--- a/src/arch.c +++++ b/src/arch.c ++@@ -41,6 +41,7 @@ ++ #include "arch-parisc.h" ++ #include "arch-ppc.h" ++ #include "arch-ppc64.h" +++#include "arch-riscv64.h" ++ #include "arch-s390.h" ++ #include "arch-s390x.h" ++ #include "db.h" ++@@ -94,6 +95,8 @@ const struct arch_def *arch_def_native = &arch_def_ppc; ++ const struct arch_def *arch_def_native = &arch_def_s390x; ++ #elif __s390__ ++ const struct arch_def *arch_def_native = &arch_def_s390; +++#elif __riscv && __riscv_xlen == 64 +++const struct arch_def *arch_def_native = &arch_def_riscv64; ++ #else ++ #error the arch code needs to know about your machine type ++ #endif /* machine type guess */ ++@@ -156,6 +159,8 @@ const struct arch_def *arch_def_lookup(uint32_t token) ++ return &arch_def_s390; ++ case SCMP_ARCH_S390X: ++ return &arch_def_s390x; +++ case SCMP_ARCH_RISCV64: +++ return &arch_def_riscv64; ++ } ++ ++ return NULL; ++@@ -206,6 +211,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name) ++ return &arch_def_s390; ++ else if (strcmp(arch_name, "s390x") == 0) ++ return &arch_def_s390x; +++ else if (strcmp(arch_name, "riscv64") == 0) +++ return &arch_def_riscv64; ++ ++ return NULL; ++ } ++diff --git a/src/gen_pfc.c b/src/gen_pfc.c ++index 75d8507..8186f0d 100644 ++--- a/src/gen_pfc.c +++++ b/src/gen_pfc.c ++@@ -87,6 +87,8 @@ static const char *_pfc_arch(const struct arch_def *arch) ++ return "s390x"; ++ case SCMP_ARCH_S390: ++ return "s390"; +++ case SCMP_ARCH_RISCV64: +++ return "riscv64"; ++ default: ++ return "UNKNOWN"; ++ } ++diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd ++index 8ae84d9..f1194b6 100644 ++--- a/src/python/libseccomp.pxd +++++ b/src/python/libseccomp.pxd ++@@ -51,6 +51,7 @@ cdef extern from "seccomp.h": ++ SCMP_ARCH_PPC64LE ++ SCMP_ARCH_S390 ++ SCMP_ARCH_S390X +++ SCMP_ARCH_RISCV64 ++ ++ cdef enum scmp_filter_attr: ++ SCMP_FLTATR_ACT_DEFAULT ++diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx ++index 44e4925..113fbf4 100644 ++--- a/src/python/seccomp.pyx +++++ b/src/python/seccomp.pyx ++@@ -214,6 +214,7 @@ cdef class Arch: ++ PARISC64 - 64-bit PA-RISC ++ PPC64 - 64-bit PowerPC ++ PPC - 32-bit PowerPC +++ RISCV64 - 64-bit RISC-V ++ """ ++ ++ cdef int _token ++@@ -237,6 +238,7 @@ cdef class Arch: ++ PPC64LE = libseccomp.SCMP_ARCH_PPC64LE ++ S390 = libseccomp.SCMP_ARCH_S390 ++ S390X = libseccomp.SCMP_ARCH_S390X +++ RISCV64 = libseccomp.SCMP_ARCH_RISCV64 ++ ++ def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE): ++ """ Initialize the architecture object. ++diff --git a/src/system.c b/src/system.c ++index 8e5aafc..bcd7e3c 100644 ++--- a/src/system.c +++++ b/src/system.c ++@@ -80,6 +80,7 @@ int sys_chk_seccomp_syscall(void) ++ case SCMP_ARCH_PPC64LE: ++ case SCMP_ARCH_S390: ++ case SCMP_ARCH_S390X: +++ case SCMP_ARCH_RISCV64: ++ break; ++ default: ++ goto unsupported; ++diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c ++index 0c1eefe..2679270 100644 ++--- a/tests/15-basic-resolver.c +++++ b/tests/15-basic-resolver.c ++@@ -45,6 +45,7 @@ unsigned int arch_list[] = { ++ SCMP_ARCH_S390X, ++ SCMP_ARCH_PARISC, ++ SCMP_ARCH_PARISC64, +++ SCMP_ARCH_RISCV64, ++ -1 ++ }; ++ ++diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c ++index 5413e18..0b141e1 100644 ++--- a/tests/16-sim-arch_basic.c +++++ b/tests/16-sim-arch_basic.c ++@@ -90,6 +90,9 @@ int main(int argc, char *argv[]) ++ if (rc != 0) ++ goto out; ++ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE); +++ if (rc != 0) +++ goto out; +++ rc = seccomp_arch_add(ctx, SCMP_ARCH_RISCV64); ++ if (rc != 0) ++ goto out; ++ ++@@ -156,6 +159,9 @@ int main(int argc, char *argv[]) ++ rc = seccomp_arch_remove(ctx, SCMP_ARCH_PPC64LE); ++ if (rc != 0) ++ goto out; +++ rc = seccomp_arch_remove(ctx, SCMP_ARCH_RISCV64); +++ if (rc != 0) +++ goto out; ++ ++ out: ++ seccomp_release(ctx); ++diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py ++index 7d7a05f..846553f 100755 ++--- a/tests/16-sim-arch_basic.py +++++ b/tests/16-sim-arch_basic.py ++@@ -44,6 +44,7 @@ def test(args): ++ f.add_arch(Arch("mipsel64")) ++ f.add_arch(Arch("mipsel64n32")) ++ f.add_arch(Arch("ppc64le")) +++ f.add_arch(Arch("riscv64")) ++ f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) ++ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) ++ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) ++diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c ++index 5672980..32739e5 100644 ++--- a/tests/23-sim-arch_all_le_basic.c +++++ b/tests/23-sim-arch_all_le_basic.c ++@@ -69,6 +69,9 @@ int main(int argc, char *argv[]) ++ if (rc != 0) ++ goto out; ++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le")); +++ if (rc != 0) +++ goto out; +++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("riscv64")); ++ if (rc != 0) ++ goto out; ++ ++diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py ++index 5927f37..33eedb1 100755 ++--- a/tests/23-sim-arch_all_le_basic.py +++++ b/tests/23-sim-arch_all_le_basic.py ++@@ -40,6 +40,7 @@ def test(args): ++ f.add_arch(Arch("mipsel64")) ++ f.add_arch(Arch("mipsel64n32")) ++ f.add_arch(Arch("ppc64le")) +++ f.add_arch(Arch("riscv64")) ++ f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) ++ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) ++ f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) ++diff --git a/tests/regression b/tests/regression ++index 56822fb..ef98c3d 100755 ++--- a/tests/regression +++++ b/tests/regression ++@@ -25,7 +25,8 @@ GLBL_ARCH_LE_SUPPORT=" \ ++ x86 x86_64 x32 \ ++ arm aarch64 \ ++ mipsel mipsel64 mipsel64n32 \ ++- ppc64le" +++ ppc64le \ +++ riscv64" ++ GLBL_ARCH_BE_SUPPORT=" \ ++ mips mips64 mips64n32 \ ++ parisc parisc64 \ ++@@ -46,6 +47,7 @@ GLBL_ARCH_64B_SUPPORT=" \ ++ mips64 \ ++ parisc64 \ ++ ppc64 \ +++ riscv64 \ ++ s390x" ++ ++ GLBL_SYS_ARCH="../tools/scmp_arch_detect" ++@@ -777,7 +779,7 @@ function run_test_live() { ++ ++ # setup the arch specific return values ++ case "$arch" in ++- x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x) +++ x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64) ++ rc_kill_process=159 ++ rc_kill=159 ++ rc_allow=160 ++diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c ++index ad43f2d..b844a68 100644 ++--- a/tools/scmp_arch_detect.c +++++ b/tools/scmp_arch_detect.c ++@@ -120,6 +120,9 @@ int main(int argc, char *argv[]) ++ case SCMP_ARCH_S390X: ++ printf("s390x\n"); ++ break; +++ case SCMP_ARCH_RISCV64: +++ printf("riscv64\n"); +++ break; ++ default: ++ printf("unknown\n"); ++ } ++diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c ++index 27fba9a..5c914b4 100644 ++--- a/tools/scmp_bpf_disasm.c +++++ b/tools/scmp_bpf_disasm.c ++@@ -508,6 +508,8 @@ int main(int argc, char *argv[]) ++ arch = AUDIT_ARCH_S390; ++ else if (strcmp(optarg, "s390x") == 0) ++ arch = AUDIT_ARCH_S390X; +++ else if (strcmp(optarg, "riscv64") == 0) +++ arch = AUDIT_ARCH_RISCV64; ++ else ++ exit_usage(argv[0]); ++ break; ++diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c ++index 4d30822..a381314 100644 ++--- a/tools/scmp_bpf_sim.c +++++ b/tools/scmp_bpf_sim.c ++@@ -285,6 +285,8 @@ int main(int argc, char *argv[]) ++ arch = AUDIT_ARCH_S390; ++ else if (strcmp(optarg, "s390x") == 0) ++ arch = AUDIT_ARCH_S390X; +++ else if (strcmp(optarg, "riscv64") == 0) +++ arch = AUDIT_ARCH_RISCV64; ++ else ++ exit_fault(EINVAL); ++ break; ++diff --git a/tools/util.c b/tools/util.c ++index 7122335..741b2a2 100644 ++--- a/tools/util.c +++++ b/tools/util.c ++@@ -78,6 +78,8 @@ ++ #define ARCH_NATIVE AUDIT_ARCH_S390X ++ #elif __s390__ ++ #define ARCH_NATIVE AUDIT_ARCH_S390 +++#elif __riscv && __riscv_xlen == 64 +++#define ARCH_NATIVE AUDIT_ARCH_RISCV64 ++ #else ++ #error the simulator code needs to know about your machine type ++ #endif ++diff --git a/tools/util.h b/tools/util.h ++index 08c4839..6c2ca33 100644 ++--- a/tools/util.h +++++ b/tools/util.h ++@@ -72,6 +72,13 @@ ++ #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++ #endif ++ +++#ifndef AUDIT_ARCH_RISCV64 +++#ifndef EM_RISCV +++#define EM_RISCV 243 +++#endif /* EM_RISCV */ +++#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +++#endif /* AUDIT_ARCH_RISCV64 */ +++ ++ extern uint32_t arch; ++ ++ uint16_t ttoh16(uint32_t arch, uint16_t val); diff --cc debian/patches/series index 0000000,0000000..6975c72 new file mode 100644 --- /dev/null +++ b/debian/patches/series @@@ -1,0 -1,0 +1,2 @@@ ++cython3.patch ++riscv64_support.patch diff --cc debian/python-seccomp.install index 0000000,0000000..a71458d new file mode 100644 --- /dev/null +++ b/debian/python-seccomp.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/python2.*/dist-packages/seccomp.so diff --cc debian/python3-seccomp.install index 0000000,0000000..97a45dc new file mode 100644 --- /dev/null +++ b/debian/python3-seccomp.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/python3.*/site-packages/seccomp.cpython-*.so diff --cc debian/rules index 0000000,0000000..54d5951 new file mode 100755 --- /dev/null +++ b/debian/rules @@@ -1,0 -1,0 +1,37 @@@ ++#!/usr/bin/make -f ++# -*- makefile -*- ++ ++# Uncomment this to turn on verbose mode. ++#export DH_VERBOSE=1 ++ ++# Enable verbose build details. ++export V=1 ++ ++include /usr/share/dpkg/architecture.mk ++ ++%: ++ifeq ($(filter nopython,$(DEB_BUILD_PROFILES)),) ++ dh $@ --with python3 ++else ++ dh $@ ++endif ++ ++ifeq ($(filter nopython,$(DEB_BUILD_PROFILES)),) ++ ++override_dh_auto_install: ++ dh_auto_install ++ for pyver in `py3versions -s`; do \ ++ set -e; \ ++ if python3 -c "pyver='$$pyver'; exit(0 if float(pyver[6:]) >= 3.8 else 1)"; then \ ++ export _PYTHON_SYSCONFIGDATA_NAME='_sysconfigdata__${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}'; \ ++ else \ ++ export _PYTHON_SYSCONFIGDATA_NAME='_sysconfigdata_m_${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}'; \ ++ fi; \ ++ dh_auto_configure -- --enable-python PYTHON=$$pyver; \ ++ dh_auto_install --sourcedirectory=src/python -- PYTHON=$$pyver; \ ++ done ++endif ++ ++override_dh_auto_clean: ++ dh_auto_clean ++ rm -f regression.out diff --cc debian/seccomp.install index 0000000,0000000..1df36c6 new file mode 100644 --- /dev/null +++ b/debian/seccomp.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/bin/* diff --cc debian/seccomp.manpages index 0000000,0000000..5ea05fe new file mode 100644 --- /dev/null +++ b/debian/seccomp.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/share/man/man1/* diff --cc debian/source/format index 0000000,0000000..163aaf8 new file mode 100644 --- /dev/null +++ b/debian/source/format @@@ -1,0 -1,0 +1,1 @@@ ++3.0 (quilt) diff --cc debian/tests/common index 0000000,0000000..e02e8db new file mode 100644 --- /dev/null +++ b/debian/tests/common @@@ -1,0 -1,0 +1,12 @@@ ++SRCDIR="$(pwd)" ++ ++mkdir "$AUTOPKGTEST_TMP/tests" "$AUTOPKGTEST_TMP/tools" ++cp -a tests/. "$AUTOPKGTEST_TMP/tests/" ++ ++cd "$AUTOPKGTEST_TMP/tests" ++ ++# build tools needed for tests ++for tool in scmp_api_level scmp_arch_detect scmp_sys_resolver; do ++ echo "Building $tool ..." ++ gcc -O2 -g "$SRCDIR/tools/$tool.c" "$SRCDIR/tools/util.c" -lseccomp -o ../tools/$tool ++done diff --cc debian/tests/control index 0000000,0000000..3d2c4ba new file mode 100644 --- /dev/null +++ b/debian/tests/control @@@ -1,0 -1,0 +1,7 @@@ ++Tests: testsuite-live ++Depends: libseccomp-dev, build-essential ++Restrictions: isolation-machine ++ ++Tests: testsuite-live-python3 ++Depends: libseccomp-dev, build-essential, python3-seccomp ++Restrictions: isolation-machine, allow-stderr diff --cc debian/tests/testsuite-live index 0000000,0000000..bbf20d0 new file mode 100644 --- /dev/null +++ b/debian/tests/testsuite-live @@@ -1,0 -1,0 +1,17 @@@ ++#!/bin/sh ++ ++set -eu ++ ++. debian/tests/common ++ ++# manually build necessary files against the installed libseccomp ++ ++# build live tests ++for filename in *-live-*.tests; do ++ testname=$(echo "$filename" | cut -f 1 -d '.') ++ echo "Building $testname ..." ++ gcc -O2 -g "${testname}.c" util.c -pthread -lseccomp -o "$testname" ++done ++ ++echo "Running test suite ..." ++./regression -T live diff --cc debian/tests/testsuite-live-python2 index 0000000,0000000..9c9ded4 new file mode 100644 --- /dev/null +++ b/debian/tests/testsuite-live-python2 @@@ -1,0 -1,0 +1,8 @@@ ++#!/bin/sh ++ ++set -eu ++ ++. debian/tests/common ++ ++echo "Running test suite ..." ++./regression -T live -m python diff --cc debian/tests/testsuite-live-python3 index 0000000,0000000..f4fb094 new file mode 100644 --- /dev/null +++ b/debian/tests/testsuite-live-python3 @@@ -1,0 -1,0 +1,13 @@@ ++#!/bin/sh ++ ++set -eu ++ ++. debian/tests/common ++ ++# make sure "python" points to python3 as this is not configurable ++# in the regression script ++mkdir python3env ++ln -s /usr/bin/python3 python3env/python ++ ++echo "Running test suite ..." ++PATH="$(pwd)/python3env:$PATH" ./regression -T live -m python diff --cc debian/watch index 0000000,0000000..5689edc new file mode 100644 --- /dev/null +++ b/debian/watch @@@ -1,0 -1,0 +1,6 @@@ ++# See uscan(1) for format ++version=3 ++opts=dversionmangle=s/\+dfsg// \ ++https://github.com/seccomp/libseccomp/releases \ ++ /download/v.*/libseccomp-(.*)\.tar\.gz \ ++ debian uupdate