Hello community, here is the log from the commit of package libseccomp for openSUSE:Factory checked in at 2015-04-23 07:55:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libseccomp (Old) and /work/SRC/openSUSE:Factory/.libseccomp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libseccomp" Changes: -------- --- /work/SRC/openSUSE:Factory/libseccomp/libseccomp.changes 2015-04-02 16:01:35.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libseccomp.new/libseccomp.changes 2015-04-23 07:55:19.000000000 +0200 @@ -1,0 +2,11 @@ +Mon Apr 13 15:05:05 UTC 2015 - [email protected] + +- Fix ppc64le build: libseccomp-ppc64le.patch + +------------------------------------------------------------------- +Fri Apr 10 16:52:55 UTC 2015 - [email protected] + +- Fix some arm syscall constants + libseccomp-arm-syscall-fixes.patch + +------------------------------------------------------------------- New: ---- libseccomp-arm-syscall-fixes.patch libseccomp-ppc64le.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libseccomp.spec ++++++ --- /var/tmp/diff_new_pack.3DwrDr/_old 2015-04-23 07:55:20.000000000 +0200 +++ /var/tmp/diff_new_pack.3DwrDr/_new 2015-04-23 07:55:20.000000000 +0200 @@ -31,6 +31,8 @@ Patch1: no-static.diff Patch2: 0001-tools-add-the-missing-elf.h-header-file.patch Patch3: libseccomp-s390x-support.patch +Patch4: libseccomp-arm-syscall-fixes.patch +Patch5: libseccomp-ppc64le.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake >= 1.11 @@ -98,7 +100,7 @@ %prep %setup -q -%patch -P 1 -P 2 -P 3 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1 %build autoreconf -fi @@ -111,7 +113,7 @@ %fdupes %buildroot/%_prefix %check -%ifarch ppc ppc64 s390 s390x +%ifarch ppc s390 s390x make check || true #pushd tests/ #./regression -v ++++++ libseccomp-arm-syscall-fixes.patch ++++++ >From d1019115acdc8460c9a1f8a878768001a3c32431 Mon Sep 17 00:00:00 2001 From: Paul Moore <[email protected]> Date: Fri, 10 Apr 2015 10:31:04 -0400 Subject: [PATCH] arm: fix some problems with the syscall table The 32-bit ARM syscall table mistakenly included syscall definitions for the syscalls below. This patch redefines those syscalls to libseccomp's pseudo-syscall numbers and corrects the arch-syscall-validate to correctly list the 32-bit ARM syscalls. * time * umount * stime * alarm * utime * getrlimit * select * readdir * mmap * socketcall * syscall * ipc Reported-by: Andreas Farber <[email protected]> Signed-off-by: Paul Moore <[email protected]> --- include/seccomp.h.in | 10 ++++++++++ src/arch-arm-syscalls.c | 24 ++++++++++++------------ src/arch-syscall-validate | 2 +- 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/include/seccomp.h.in b/include/seccomp.h.in index 6a115d1..9a28e4a 100644 --- a/include/seccomp.h.in +++ b/include/seccomp.h.in @@ -1424,6 +1424,16 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd); #define __NR_utimes __PNR_utimes #endif /* __NR_utimes */ +#define __PNR_getrlimit -10180 +#ifndef __NR_getrlimit +#define __NR_getrlimit __PNR_getrlimit +#endif /* __NR_utimes */ + +#define __PNR_mmap -10181 +#ifndef __NR_mmap +#define __NR_mmap __PNR_mmap +#endif /* __NR_utimes */ + #ifdef __cplusplus } #endif diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c index 8876135..b574ccc 100644 --- a/src/arch-arm-syscalls.c +++ b/src/arch-arm-syscalls.c @@ -49,7 +49,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "add_key", (__NR_SYSCALL_BASE + 309) }, { "adjtimex", (__NR_SYSCALL_BASE + 124) }, { "afs_syscall", __PNR_afs_syscall }, - { "alarm", (__NR_SYSCALL_BASE + 27) }, + { "alarm", __PNR_alarm }, { "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) }, { "arm_sync_file_range", (__NR_SYSCALL_BASE + 341) }, { "arch_prctl", __PNR_arch_prctl }, @@ -156,7 +156,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "getresgid32", (__NR_SYSCALL_BASE + 211) }, { "getresuid", (__NR_SYSCALL_BASE + 165) }, { "getresuid32", (__NR_SYSCALL_BASE + 209) }, - { "getrlimit", (__NR_SYSCALL_BASE + 76) }, + { "getrlimit", __PNR_getrlimit }, { "getrusage", (__NR_SYSCALL_BASE + 77) }, { "getsid", (__NR_SYSCALL_BASE + 147) }, { "getsockname", (__NR_SYSCALL_BASE + 286) }, @@ -183,7 +183,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "iopl", __PNR_iopl }, { "ioprio_get", (__NR_SYSCALL_BASE + 315) }, { "ioprio_set", (__NR_SYSCALL_BASE + 314) }, - { "ipc", (__NR_SYSCALL_BASE + 117) }, + { "ipc", __PNR_ipc }, { "kcmp", (__NR_SYSCALL_BASE + 378) }, { "kexec_file_load", __PNR_kexec_file_load }, { "kexec_load", (__NR_SYSCALL_BASE + 347) }, @@ -215,7 +215,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "mknodat", (__NR_SYSCALL_BASE + 324) }, { "mlock", (__NR_SYSCALL_BASE + 150) }, { "mlockall", (__NR_SYSCALL_BASE + 152) }, - { "mmap", (__NR_SYSCALL_BASE + 90) }, + { "mmap", __PNR_mmap }, { "mmap2", (__NR_SYSCALL_BASE + 192) }, { "modify_ldt", __PNR_modify_ldt }, { "mount", (__NR_SYSCALL_BASE + 21) }, @@ -279,7 +279,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "quotactl", (__NR_SYSCALL_BASE + 131) }, { "read", (__NR_SYSCALL_BASE + 3) }, { "readahead", (__NR_SYSCALL_BASE + 225) }, - { "readdir", (__NR_SYSCALL_BASE + 89) }, + { "readdir", __PNR_readdir }, { "readlink", (__NR_SYSCALL_BASE + 85) }, { "readlinkat", (__NR_SYSCALL_BASE + 332) }, { "readv", (__NR_SYSCALL_BASE + 145) }, @@ -318,7 +318,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "sched_yield", (__NR_SYSCALL_BASE + 158) }, { "seccomp", (__NR_SYSCALL_BASE + 383) }, { "security", __PNR_security }, - { "select", (__NR_SYSCALL_BASE + 82) }, + { "select", __PNR_select }, { "semctl", (__NR_SYSCALL_BASE + 300) }, { "semget", (__NR_SYSCALL_BASE + 299) }, { "semop", (__NR_SYSCALL_BASE + 298) }, @@ -378,7 +378,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "sigreturn", (__NR_SYSCALL_BASE + 119) }, { "sigsuspend", (__NR_SYSCALL_BASE + 72) }, { "socket", (__NR_SYSCALL_BASE + 281) }, - { "socketcall", (__NR_SYSCALL_BASE + 102) }, + { "socketcall", __PNR_socketcall }, { "socketpair", (__NR_SYSCALL_BASE + 288) }, { "splice", (__NR_SYSCALL_BASE + 340) }, { "ssetmask", __PNR_ssetmask }, @@ -386,7 +386,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "stat64", (__NR_SYSCALL_BASE + 195) }, { "statfs", (__NR_SYSCALL_BASE + 99) }, { "statfs64", (__NR_SYSCALL_BASE + 266) }, - { "stime", (__NR_SYSCALL_BASE + 25) }, + { "stime", __PNR_stime }, { "stty", __PNR_stty }, { "swapoff", (__NR_SYSCALL_BASE + 115) }, { "swapon", (__NR_SYSCALL_BASE + 87) }, @@ -396,14 +396,14 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "sync_file_range", __PNR_sync_file_range }, { "sync_file_range2", (__NR_SYSCALL_BASE + 341) }, { "syncfs", (__NR_SYSCALL_BASE + 373) }, - { "syscall", (__NR_SYSCALL_BASE + 113) }, + { "syscall", __PNR_syscall }, { "sysfs", (__NR_SYSCALL_BASE + 135) }, { "sysinfo", (__NR_SYSCALL_BASE + 116) }, { "syslog", (__NR_SYSCALL_BASE + 103) }, { "sysmips", __PNR_sysmips }, { "tee", (__NR_SYSCALL_BASE + 342) }, { "tgkill", (__NR_SYSCALL_BASE + 268) }, - { "time", (__NR_SYSCALL_BASE + 13) }, + { "time", __PNR_time }, { "timer_create", (__NR_SYSCALL_BASE + 257) }, { "timer_delete", (__NR_SYSCALL_BASE + 261) }, { "timer_getoverrun", (__NR_SYSCALL_BASE + 260) }, @@ -421,7 +421,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "ugetrlimit", (__NR_SYSCALL_BASE + 191) }, { "ulimit", __PNR_ulimit }, { "umask", (__NR_SYSCALL_BASE + 60) }, - { "umount", (__NR_SYSCALL_BASE + 22) }, + { "umount", __PNR_umount }, { "umount2", (__NR_SYSCALL_BASE + 52) }, { "uname", (__NR_SYSCALL_BASE + 122) }, { "unlink", (__NR_SYSCALL_BASE + 10) }, @@ -429,7 +429,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ { "unshare", (__NR_SYSCALL_BASE + 337) }, { "uselib", (__NR_SYSCALL_BASE + 86) }, { "ustat", (__NR_SYSCALL_BASE + 62) }, - { "utime", (__NR_SYSCALL_BASE + 30) }, + { "utime", __PNR_utime }, { "utimensat", (__NR_SYSCALL_BASE + 348) }, { "utimes", (__NR_SYSCALL_BASE + 269) }, { "vfork", (__NR_SYSCALL_BASE + 190) }, diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate index 2cbf696..1616c9f 100755 --- a/src/arch-syscall-validate +++ b/src/arch-syscall-validate @@ -146,7 +146,7 @@ function dump_lib_x32() { # function dump_sys_arm() { # NOTE: arm_sync_file_range() and sync_file_range2() share values - cat $1/arch/arm/include/uapi/asm/unistd.h | \ + gcc -E -dM -D __ARM_EABI__ $1/arch/arm/include/uapi/asm/unistd.h | \ grep "^#define __NR_" | sort | \ grep -v "^#define __NR_OABI_SYSCALL_BASE" | \ grep -v "^#define __NR_SYSCALL_BASE" | \ -- 2.1.4 ++++++ libseccomp-ppc64le.patch ++++++ Index: libseccomp-2.2.0/include/seccomp.h.in =================================================================== --- libseccomp-2.2.0.orig/include/seccomp.h.in +++ libseccomp-2.2.0/include/seccomp.h.in @@ -169,6 +169,10 @@ struct scmp_arg_cmp { * The PowerPC64 architecture token */ #define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64 +#ifndef AUDIT_ARCH_PPC64LE +#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +#endif +#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE /** * Convert a syscall name into the associated syscall number Index: libseccomp-2.2.0/src/arch-ppc64.c =================================================================== --- libseccomp-2.2.0.orig/src/arch-ppc64.c +++ libseccomp-2.2.0/src/arch-ppc64.c @@ -30,9 +30,12 @@ const struct arch_def arch_def_ppc64 = { .token = SCMP_ARCH_PPC64, .token_bpf = AUDIT_ARCH_PPC64, .size = ARCH_SIZE_64, -#ifdef __LITTLE_ENDIAN__ - .endian = ARCH_ENDIAN_LITTLE, -#else .endian = ARCH_ENDIAN_BIG, -#endif +}; + +const struct arch_def arch_def_ppc64le = { + .token = SCMP_ARCH_PPC64LE, + .token_bpf = AUDIT_ARCH_PPC64LE, + .size = ARCH_SIZE_64, + .endian = ARCH_ENDIAN_LITTLE, }; Index: libseccomp-2.2.0/src/arch-ppc64.h =================================================================== --- libseccomp-2.2.0.orig/src/arch-ppc64.h +++ libseccomp-2.2.0/src/arch-ppc64.h @@ -27,19 +27,11 @@ #include "arch.h" #include "system.h" -#define ppc64_arg_count_max 6 - extern const struct arch_def arch_def_ppc64; - -#ifdef __LITTLE_ENDIAN__ -#define ppc64_arg_offset_lo(x) (arch_arg_offset(x)) -#define ppc64_arg_offset_hi(x) (arch_arg_offset(x) + 4) -#else -#define ppc64_arg_offset_lo(x) (arch_arg_offset(x) + 4) -#define ppc64_arg_offset_hi(x) (arch_arg_offset(x)) -#endif +extern const struct arch_def arch_def_ppc64le; int ppc64_syscall_resolve_name(const char *name); const char *ppc64_syscall_resolve_num(int num); +const char *ppc64_syscall_iterate_name(unsigned int spot); #endif Index: libseccomp-2.2.0/src/arch.c =================================================================== --- libseccomp-2.2.0.orig/src/arch.c +++ libseccomp-2.2.0/src/arch.c @@ -82,8 +82,10 @@ const struct arch_def *arch_def_native = const struct arch_def *arch_def_native = &arch_def_s390; #elif __s390x__ const struct arch_def *arch_def_native = &arch_def_s390x; -#elif __powerpc64__ +#elif __powerpc64__ && __BIG_ENDIAN__ const struct arch_def *arch_def_native = &arch_def_ppc64; +#elif __powerpc64__ && __LITTLE_ENDIAN__ +const struct arch_def *arch_def_native = &arch_def_ppc64le; #elif __powerpc__ const struct arch_def *arch_def_native = &arch_def_ppc; #else @@ -140,6 +142,8 @@ const struct arch_def *arch_def_lookup(u return &arch_def_s390x; case SCMP_ARCH_PPC64: return &arch_def_ppc64; + case SCMP_ARCH_PPC64LE: + return &arch_def_ppc64le; case SCMP_ARCH_PPC: return &arch_def_ppc; } @@ -178,6 +182,10 @@ const struct arch_def *arch_def_lookup_n return &arch_def_mips64n32; else if (strcmp(arch_name, "mipsel64n32") == 0) return &arch_def_mipsel64n32; + else if (strcmp(arch_name, "ppc64") == 0) + return &arch_def_ppc64; + else if (strcmp(arch_name, "ppc64le") == 0) + return &arch_def_ppc64le; return NULL; } @@ -301,6 +309,7 @@ int arch_syscall_resolve_name(const stru case SCMP_ARCH_S390X: return s390x_syscall_resolve_name(name); case SCMP_ARCH_PPC64: + case SCMP_ARCH_PPC64LE: return ppc64_syscall_resolve_name(name); case SCMP_ARCH_PPC: return ppc_syscall_resolve_name(name); @@ -346,6 +355,7 @@ const char *arch_syscall_resolve_num(con case SCMP_ARCH_S390X: return s390x_syscall_resolve_num(num); case SCMP_ARCH_PPC64: + case SCMP_ARCH_PPC64LE: return ppc64_syscall_resolve_num(num); case SCMP_ARCH_PPC: return ppc_syscall_resolve_num(num); Index: libseccomp-2.2.0/src/gen_pfc.c =================================================================== --- libseccomp-2.2.0.orig/src/gen_pfc.c +++ libseccomp-2.2.0/src/gen_pfc.c @@ -79,6 +79,8 @@ static const char *_pfc_arch(const struc return "ppc"; case SCMP_ARCH_PPC64: return "ppc64"; + case SCMP_ARCH_PPC64LE: + return "ppc64le"; default: return "UNKNOWN"; } Index: libseccomp-2.2.0/tools/scmp_arch_detect.c =================================================================== --- libseccomp-2.2.0.orig/tools/scmp_arch_detect.c +++ libseccomp-2.2.0/tools/scmp_arch_detect.c @@ -111,6 +111,9 @@ int main(int argc, char *argv[]) case SCMP_ARCH_PPC64: printf("ppc64\n"); break; + case SCMP_ARCH_PPC64LE: + printf("ppc64le\n"); + break; default: printf("unknown\n"); } Index: libseccomp-2.2.0/tools/scmp_bpf_sim.c =================================================================== --- libseccomp-2.2.0.orig/tools/scmp_bpf_sim.c +++ libseccomp-2.2.0/tools/scmp_bpf_sim.c @@ -250,13 +250,15 @@ int main(int argc, char *argv[]) else if (strcmp(optarg, "mipsel64n32") == 0) arch = AUDIT_ARCH_MIPSEL64N32; else if (strcmp(optarg, "s390") == 0) - sys_data.arch = AUDIT_ARCH_S390; + arch = AUDIT_ARCH_S390; else if (strcmp(optarg, "s390x") == 0) - sys_data.arch = AUDIT_ARCH_S390X; + arch = AUDIT_ARCH_S390X; else if (strcmp(optarg, "ppc") == 0) - sys_data.arch = AUDIT_ARCH_PPC; + arch = AUDIT_ARCH_PPC; else if (strcmp(optarg, "ppc64") == 0) - sys_data.arch = AUDIT_ARCH_PPC64; + arch = AUDIT_ARCH_PPC64; + else if (strcmp(optarg, "ppc64le") == 0) + arch = AUDIT_ARCH_PPC64LE; else exit_fault(EINVAL); break; Index: libseccomp-2.2.0/tools/util.c =================================================================== --- libseccomp-2.2.0.orig/tools/util.c +++ libseccomp-2.2.0/tools/util.c @@ -66,8 +66,10 @@ #define ARCH_NATIVE AUDIT_ARCH_S390 #elif __s390x__ #define ARCH_NATIVE AUDIT_ARCH_S390X -#elif __powerpc64__ +#elif __powerpc64__ && __BIG_ENDIAN__ #define ARCH_NATIVE AUDIT_ARCH_PPC64 +#elif __powerpc64__ && __LITTLE_ENDIAN__ +#define ARCH_NATIVE AUDIT_ARCH_PPC64LE #elif __powerpc__ #define ARCH_NATIVE AUDIT_ARCH_PPC #else Index: libseccomp-2.2.0/include/seccomp.h =================================================================== --- libseccomp-2.2.0.orig/include/seccomp.h +++ libseccomp-2.2.0/include/seccomp.h @@ -151,6 +151,30 @@ struct scmp_arg_cmp { #define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32 /** + * The S390X architecture token + */ +#define SCMP_ARCH_S390X AUDIT_ARCH_S390X + +/** + * The S390 architecture token + */ +#define SCMP_ARCH_S390 AUDIT_ARCH_S390 + +/** + * The PowerPC architecture token + */ +#define SCMP_ARCH_PPC AUDIT_ARCH_PPC + +/** + * The PowerPC64 architecture token + */ +#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64 +#ifndef AUDIT_ARCH_PPC64LE +#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +#endif +#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE + +/** * Convert a syscall name into the associated syscall number * @param x the syscall name */ Index: libseccomp-2.2.0/tools/util.h =================================================================== --- libseccomp-2.2.0.orig/tools/util.h +++ libseccomp-2.2.0/tools/util.h @@ -47,6 +47,10 @@ #define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #endif +#ifndef AUDIT_ARCH_PPC64LE +#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +#endif + extern uint32_t arch; void exit_usage(const char *program); Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c =================================================================== --- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.c +++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c @@ -68,6 +68,9 @@ int main(int argc, char *argv[]) rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32")); if (rc != 0) goto out; + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le")); + if (rc != 0) + goto out; rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); Index: libseccomp-2.2.0/tests/16-sim-arch_basic.c =================================================================== --- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.c +++ libseccomp-2.2.0/tests/16-sim-arch_basic.c @@ -68,6 +68,9 @@ int main(int argc, char *argv[]) rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32); if (rc != 0) goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE); + if (rc != 0) + goto out; rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); Index: libseccomp-2.2.0/src/arch-syscall-dump.c =================================================================== --- libseccomp-2.2.0.orig/src/arch-syscall-dump.c +++ libseccomp-2.2.0/src/arch-syscall-dump.c @@ -38,6 +38,7 @@ #include "arch-mips64.h" #include "arch-mips64n32.h" #include "arch-aarch64.h" +#include "arch-ppc64.h" /** * Print the usage information to stderr and exit @@ -112,6 +113,10 @@ int main(int argc, char *argv[]) case SCMP_ARCH_AARCH64: sys_name = aarch64_syscall_iterate_name(iter); break; + case SCMP_ARCH_PPC64: + case SCMP_ARCH_PPC64LE: + sys_name = ppc64_syscall_iterate_name(iter); + break; default: /* invalid arch */ exit_usage(argv[0]); Index: libseccomp-2.2.0/src/arch-ppc64-syscalls.c =================================================================== --- libseccomp-2.2.0.orig/src/arch-ppc64-syscalls.c +++ libseccomp-2.2.0/src/arch-ppc64-syscalls.c @@ -425,3 +425,16 @@ const char *ppc64_syscall_resolve_num(in return NULL; } +/** + * Iterate through the syscall table and return the syscall name + * @param spot the offset into the syscall table + * + * Return the syscall name at position @spot or NULL on failure. This function + * should only ever be used internally by libseccomp. + * + */ +const char *ppc64_syscall_iterate_name(unsigned int spot) +{ + /* XXX - no safety checks here */ + return ppc64_syscall_table[spot].name; +} Index: libseccomp-2.2.0/tests/16-sim-arch_basic.py =================================================================== --- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.py +++ libseccomp-2.2.0/tests/16-sim-arch_basic.py @@ -39,6 +39,8 @@ def test(args): f.add_arch(Arch("mipsel")) f.add_arch(Arch("mipsel64")) f.add_arch(Arch("mipsel64n32")) + f.add_arch(Arch("ppc64")) + f.add_arch(Arch("ppc64le")) f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py =================================================================== --- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.py +++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py @@ -39,6 +39,7 @@ def test(args): f.add_arch(Arch("mipsel")) f.add_arch(Arch("mipsel64")) f.add_arch(Arch("mipsel64n32")) + f.add_arch(Arch("ppc64le")) f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) Index: libseccomp-2.2.0/tools/scmp_bpf_disasm.c =================================================================== --- libseccomp-2.2.0.orig/tools/scmp_bpf_disasm.c +++ libseccomp-2.2.0/tools/scmp_bpf_disasm.c @@ -334,6 +334,10 @@ int main(int argc, char *argv[]) arch = AUDIT_ARCH_MIPS64N32; else if (strcmp(optarg, "mipsel64n32") == 0) arch = AUDIT_ARCH_MIPSEL64N32; + else if (strcmp(optarg, "ppc64") == 0) + arch = AUDIT_ARCH_PPC64; + else if (strcmp(optarg, "ppc64le") == 0) + arch = AUDIT_ARCH_PPC64LE; else exit_usage(argv[0]); break; Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c =================================================================== --- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.c +++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c @@ -52,6 +52,9 @@ int main(int argc, char *argv[]) rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32")); if (rc != 0) goto out; + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64")); + if (rc != 0) + goto out; rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py =================================================================== --- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.py +++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py @@ -33,6 +33,7 @@ def test(args): f.add_arch(Arch("mips")) f.add_arch(Arch("mips64")) f.add_arch(Arch("mips64n32")) + f.add_arch(Arch("ppc64")) f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) Index: libseccomp-2.2.0/src/arch-syscall-validate =================================================================== --- libseccomp-2.2.0.orig/src/arch-syscall-validate +++ libseccomp-2.2.0/src/arch-syscall-validate @@ -303,6 +303,35 @@ function dump_lib_mips64n32() { } # +# Dump the ppc64 system syscall table +# +# Arguments: +# 1 path to the kernel source +# +# Dump the architecture's syscall table to stdout. +# +function dump_sys_ppc64() { + gcc -E -dM -I$1/arch/powerpc/include/uapi $1/arch/powerpc/include/uapi/asm/unistd.h | \ + grep "^#define __NR_" | sort | \ + grep -v "^#define __NR_O32_" | \ + grep -v "^#define __NR_N32_" | \ + grep -v "^#define __NR_64_" | \ + grep -v "^#define __NR_Linux" | \ + grep -v "^#define __NR_unused" | \ + grep -v "^#define __NR_reserved" | \ + sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_Linux[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/' +} + +# +# Dump the ppc64 library syscall table +# +# Dump the library's syscall table to stdout. +# +function dump_lib_ppc64() { + $LIB_SYS_DUMP -a ppc64 | sed -e '/[^\t]\+\t-[0-9]\+/d' +} + +# # Dump the system syscall table # # Arguments: @@ -337,6 +366,9 @@ function dump_sys() { mips64n32) dump_sys_mips64n32 "$2" ;; + ppc64) + dump_sys_ppc64 "$2" + ;; *) echo "" ;; @@ -377,6 +409,9 @@ function dump_lib() { mips64n32) dump_lib_mips64n32 "$2" ;; + ppc64) + dump_lib_ppc64 "$2" + ;; *) echo "" ;; @@ -413,7 +448,7 @@ shift $(($OPTIND - 1)) # defaults if [[ $arches == "" ]]; then - arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32" + arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64" fi # sanity checks Index: libseccomp-2.2.0/tests/regression =================================================================== --- libseccomp-2.2.0.orig/tests/regression +++ libseccomp-2.2.0/tests/regression @@ -21,8 +21,8 @@ # along with this library; if not, see <http://www.gnu.org/licenses>. # -GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32" -GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32" +GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32 ppc64le" +GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32 ppc64" GLBL_SYS_ARCH="../tools/scmp_arch_detect" GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
