From 4c2f18f6cca5a89c1e0828a18f01e90ac40fc9b9 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Mon, 2 May 2022 17:08:56 +0900
Subject: [PATCH] seccomp: support riscv64

Corresponds to containerd PR 6882

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 profiles/seccomp/default.json     | 15 +++++++++++++++
 profiles/seccomp/default_linux.go | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
index 80213ddaca1ae..f929fd0fa5451 100644
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@@ -48,6 +48,10 @@
 			"subArchitectures": [
 				"SCMP_ARCH_S390"
 			]
+		},
+		{
+			"architecture": "SCMP_ARCH_RISCV64",
+			"subArchitectures": null
 		}
 	],
 	"syscalls": [
@@ -540,6 +544,17 @@
 				]
 			}
 		},
+		{
+			"names": [
+				"riscv_flush_icache"
+			],
+			"action": "SCMP_ACT_ALLOW",
+			"includes": {
+				"arches": [
+					"riscv64"
+				]
+			}
+		},
 		{
 			"names": [
 				"open_by_handle_at"
diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
index e51f1018aabe8..f314fd59cc5a5 100644
--- a/profiles/seccomp/default_linux.go
+++ b/profiles/seccomp/default_linux.go
@@ -38,6 +38,10 @@ func arches() []Architecture {
 			Arch:      specs.ArchS390X,
 			SubArches: []specs.Arch{specs.ArchS390},
 		},
+		{
+			Arch:      specs.ArchRISCV64,
+			SubArches: nil,
+		},
 	}
 }
 
@@ -533,6 +537,17 @@ func DefaultProfile() *Seccomp {
 				Arches: []string{"s390", "s390x"},
 			},
 		},
+		{
+			LinuxSyscall: specs.LinuxSyscall{
+				Names: []string{
+					"riscv_flush_icache",
+				},
+				Action: specs.ActAllow,
+			},
+			Includes: &Filter{
+				Arches: []string{"riscv64"},
+			},
+		},
 		{
 			LinuxSyscall: specs.LinuxSyscall{
 				Names: []string{