From: Xiaotian Wu Date: Fri, 5 Nov 2021 08:52:27 +0000 (+0800) Subject: seccomp: add LoongArch 64bit support X-Git-Tag: v255-rc1~777^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f9d3fb6b5e3bd49d336fccd6604a4942b901e8d4;p=thirdparty%2Fsystemd.git seccomp: add LoongArch 64bit support --- diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c index 61798e166cc..a4eda80ea0b 100644 --- a/src/nspawn/nspawn-oci.c +++ b/src/nspawn/nspawn-oci.c @@ -1643,6 +1643,9 @@ static int oci_seccomp_arch_from_string(const char *name, uint32_t *ret) { } table[] = { { "SCMP_ARCH_AARCH64", SCMP_ARCH_AARCH64 }, { "SCMP_ARCH_ARM", SCMP_ARCH_ARM }, +#ifdef SCMP_ARCH_LOONGARCH64 + { "SCMP_ARCH_LOONGARCH64", SCMP_ARCH_LOONGARCH64 }, +#endif { "SCMP_ARCH_MIPS", SCMP_ARCH_MIPS }, { "SCMP_ARCH_MIPS64", SCMP_ARCH_MIPS64 }, { "SCMP_ARCH_MIPS64N32", SCMP_ARCH_MIPS64N32 }, diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 6dc10f2f3ad..de78de3b80d 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -47,6 +47,8 @@ uint32_t seccomp_local_archs[] = { SCMP_ARCH_AARCH64, /* native */ #elif defined(__arm__) SCMP_ARCH_ARM, +#elif defined(__loongarch_lp64) + SCMP_ARCH_LOONGARCH64, #elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32 SCMP_ARCH_MIPSEL, SCMP_ARCH_MIPS, /* native */ @@ -126,6 +128,10 @@ const char* seccomp_arch_to_string(uint32_t c) { return "arm"; case SCMP_ARCH_AARCH64: return "arm64"; +#ifdef SCMP_ARCH_LOONGARCH64 + case SCMP_ARCH_LOONGARCH64: + return "loongarch64"; +#endif case SCMP_ARCH_MIPS: return "mips"; case SCMP_ARCH_MIPS64: @@ -183,6 +189,10 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) { *ret = SCMP_ARCH_ARM; else if (streq(n, "arm64")) *ret = SCMP_ARCH_AARCH64; +#ifdef SCMP_ARCH_LOONGARCH64 + else if (streq(n, "loongarch64")) + *ret = SCMP_ARCH_LOONGARCH64; +#endif else if (streq(n, "mips")) *ret = SCMP_ARCH_MIPS; else if (streq(n, "mips64")) @@ -1381,6 +1391,9 @@ int seccomp_protect_sysctl(void) { if (IN_SET(arch, SCMP_ARCH_AARCH64, +#ifdef SCMP_ARCH_LOONGARCH64 + SCMP_ARCH_LOONGARCH64, +#endif #ifdef SCMP_ARCH_RISCV64 SCMP_ARCH_RISCV64, #endif @@ -1463,6 +1476,9 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) { case SCMP_ARCH_X32: case SCMP_ARCH_ARM: case SCMP_ARCH_AARCH64: +#ifdef SCMP_ARCH_LOONGARCH64 + case SCMP_ARCH_LOONGARCH64: +#endif case SCMP_ARCH_MIPSEL64N32: case SCMP_ARCH_MIPS64N32: case SCMP_ARCH_MIPSEL64: @@ -1719,7 +1735,7 @@ static int add_seccomp_syscall_filter(scmp_filter_ctx seccomp, } /* For known architectures, check that syscalls are indeed defined or not. */ -#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || (defined(__riscv) && __riscv_xlen == 64) +#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch_lp64) || (defined(__riscv) && __riscv_xlen == 64) assert_cc(SCMP_SYS(shmget) > 0); assert_cc(SCMP_SYS(shmat) > 0); assert_cc(SCMP_SYS(shmdt) > 0); @@ -1768,16 +1784,19 @@ int seccomp_memory_deny_write_execute(void) { case SCMP_ARCH_X86_64: case SCMP_ARCH_X32: case SCMP_ARCH_AARCH64: +#ifdef SCMP_ARCH_LOONGARCH64 + case SCMP_ARCH_LOONGARCH64: +#endif #ifdef SCMP_ARCH_RISCV64 case SCMP_ARCH_RISCV64: #endif - filter_syscall = SCMP_SYS(mmap); /* amd64, x32, arm64 and riscv64 have only mmap */ + filter_syscall = SCMP_SYS(mmap); /* amd64, x32, arm64, loongarch64 and riscv64 have only mmap */ shmat_syscall = SCMP_SYS(shmat); break; /* Please add more definitions here, if you port systemd to other architectures! */ -#if !defined(__i386__) && !defined(__x86_64__) && !defined(__hppa__) && !defined(__hppa64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__) && !(defined(__riscv) && __riscv_xlen == 64) +#if !defined(__i386__) && !defined(__x86_64__) && !defined(__hppa__) && !defined(__hppa64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__) && !(defined(__riscv) && __riscv_xlen == 64) && !defined(__loongarch_lp64) #warning "Consider adding the right mmap() syscall definitions here!" #endif } diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 2d06098dddf..ecf383f43c3 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -126,6 +126,9 @@ TEST(architecture_table) { "x32\0" "arm\0" "arm64\0" +#ifdef SCMP_ARCH_LOONGARCH64 + "loongarch64\0" +#endif "mips\0" "mips64\0" "mips64-n32\0" @@ -631,7 +634,7 @@ TEST(memory_deny_write_execute_mmap) { assert_se(seccomp_memory_deny_write_execute() >= 0); p = mmap(NULL, page_size(), PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1,0); -#if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__) +#if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch_lp64) assert_se(p == MAP_FAILED); assert_se(errno == EPERM); #endif @@ -703,7 +706,7 @@ TEST(memory_deny_write_execute_shmat) { p = shmat(shmid, NULL, SHM_EXEC); log_debug_errno(p == MAP_FAILED ? errno : 0, "shmat(SHM_EXEC): %m"); -#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) +#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch_lp64) assert_se(p == MAP_FAILED); assert_se(errno == EPERM); #endif