Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFE: add RISC-V support #108

Closed
wants to merge 3 commits into from
Closed

RFE: add RISC-V support #108

wants to merge 3 commits into from

Conversation

Icenowy
Copy link

@Icenowy Icenowy commented Feb 20, 2018

No description provided.

@Icenowy
arch: add pseudo number for renameat syscall
9bde95d 
On newer architectures renameat syscall has been superseded by renameat2
syscall.

Add pseudo syscall number for renameat.

Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
@Icenowy
arch: add RISC-V specific syscall
ebb7900 
The RISC-V architecture port of Linux has a arch-specific syscall for
flushing I-cache.

Add this syscall and its pseudo number.

Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
@Icenowy
arch: add support for RISC-V 64-bit architecture
d36ff0b 
RISC-V is a brand new architecture, which gained mainline Linux support
at 4.15.

Add syscalls for it.

A hack in tools/util.c is also added as the RISC-V architecture has not
yet audit support.

Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
@coveralls
Copy link

Coverage Status

Coverage decreased (-0.4%) to 91.467% when pulling d36ff0b on Icenowy:riscv into a6cc633 on seccomp:master.

@pcmoore pcmoore mentioned this pull request Feb 20, 2018
Closed
shlevy
shlevy reviewed Feb 20, 2018
View reviewed changes
src/arch-riscv64-syscalls.c
@@ -0,0 +1,528 @@
/**
* Enhanced Seccomp AArch64 Syscall Table
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy-paste error?

@pcmoore
Copy link
Member

pcmoore commented Feb 20, 2018

Thanks @Icenowy, do you know the current status of the kernel support?

For reference, I just created issue #110 to track the different PRs.

@pcmoore pcmoore changed the title Add RISC-V support RFE: add RISC-V support Feb 20, 2018
shlevy
shlevy reviewed Feb 20, 2018
View reviewed changes
src/arch-riscv64.h
@@ -0,0 +1,36 @@
/**
* Enhanced Seccomp AArch64 Syscall Table
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto

shlevy
shlevy reviewed Feb 20, 2018
View reviewed changes
src/arch-syscall-validate
@@ -376,6 +376,47 @@ function dump_lib_ppc64() {
dump_lib_arch ppc64
}

#
# Dump the aarch64 system syscall table
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto

shlevy
shlevy reviewed Feb 20, 2018
View reviewed changes
src/arch.c
@@ -152,6 +155,8 @@ const struct arch_def *arch_def_lookup(uint32_t token)
return &arch_def_ppc64;
case SCMP_ARCH_PPC64LE:
return &arch_def_ppc64le;
case SCMP_ARCH_RISCV64:
return &arch_def_ppc64;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto

@shlevy
Copy link

shlevy commented Feb 20, 2018

Awesome! I have a use case that needs to block setuid binary creation, I'll hopefully test that in qemu-system and qemu-user this week (hardware is coming in a few months 😄 )

@sorear
Copy link

sorear commented Feb 20, 2018

@pcmoore Kernel support is upstream in 4.15.0. (More drivers are needed to boot, they are expected in 4.17, but 4.15 has the complete uapi)

@pcmoore
Copy link
Member

pcmoore commented Feb 21, 2018

Kernel support is upstream in 4.15.0 ...

@sorear I'm looking at Linus' tree right now (v4.16-rc2+) and I don't see HAVE_ARCH_SECCOMP_FILTER in the RISC-V Kconfigs, what am I missing?

@pcmoore
Copy link
Member

pcmoore commented Feb 21, 2018

@Icenowy I haven't looked closely, but it looks like you are missing a lot of the test bits needed to verify the RISC-V support.

@sorear
Copy link

sorear commented Feb 22, 2018

I'm looking at Linus' tree right now (v4.16-rc2+) and I don't see HAVE_ARCH_SECCOMP_FILTER in the RISC-V Kconfigs, what am I missing?

Ah, sorry, I thought you meant the port in general. I don't know about seccomp status.

@pcmoore
Copy link
Member

pcmoore commented Feb 22, 2018
edited
Loading

@sorear while the general Linux RISC-V support is important, for the purposes of libseccomp, if the HAVE_ARCH_SECCOMP_FILTER support is not there for RISC-V then there is nothing we can do.

If you, or someone else, is planning on adding the Linux Kernel support soon we can consider reviewing this PR and possibly merging it into a development branch if it would help you, but if the kernel support is not in progress I'm going to recommend we close this PR.

Please note that closing this PR doesn't mean I'm rejecting the idea of libseccomp on RISC-V, it's just the opposite, I would be very happy to add RISC-V support! See #110 for the tracking issue.

@pcmoore
Copy link
Member

pcmoore commented Apr 5, 2018

Looking at Linus' tree today, it appears that kernel support is still missing, I'm going to close this PR, please reopen or resubmit when the kernel has the necessary seccomp-bpf support (see above).

@pcmoore pcmoore closed this Apr 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shlevy shlevy shlevy left review comments

Assignees
No one assigned
Labels
enhancement priority/low
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Icenowy @coveralls @pcmoore @shlevy @sorear