diff --git a/10012-seccomp-add-loongarch-support.patch b/10012-seccomp-add-loongarch-support.patch index 69b1b9022cc6f07633d501ad64c0d7c2445f3960..6aba34f2c6b92383b1cbaf7616a529aa56f4208f 100644 --- a/10012-seccomp-add-loongarch-support.patch +++ b/10012-seccomp-add-loongarch-support.patch @@ -1,14 +1,14 @@ -From 1894533699f7e01c80e896c5d022275777344492 Mon Sep 17 00:00:00 2001 +From 4c7025f5198be3d055c0e5ad68d364a57e8a7dcc Mon Sep 17 00:00:00 2001 From: rpm-build Date: Thu, 22 Sep 2022 10:33:54 +0800 Subject: [PATCH] seccomp: add loongarch support --- - src/shared/seccomp-util.c | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) + src/shared/seccomp-util.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index c57c409..63a875c 100644 +index c57c409..1eec0be 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -42,6 +42,8 @@ const uint32_t seccomp_local_archs[] = { @@ -20,60 +20,82 @@ index c57c409..63a875c 100644 #elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32 SCMP_ARCH_MIPSEL, SCMP_ARCH_MIPS, /* native */ -@@ -136,6 +138,10 @@ const char* seccomp_arch_to_string(uint32_t c) { - return "s390"; - case SCMP_ARCH_S390X: - return "s390x"; -+#if defined(__loongarch__) +@@ -114,6 +116,8 @@ const char* seccomp_arch_to_string(uint32_t c) { + return "arm"; + case SCMP_ARCH_AARCH64: + return "arm64"; + case SCMP_ARCH_LOONGARCH64: + return "loongarch64"; -+#endif - default: - return NULL; - } -@@ -181,6 +187,10 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) { - *ret = SCMP_ARCH_S390; - else if (streq(n, "s390x")) - *ret = SCMP_ARCH_S390X; -+#if defined(__loongarch__) + case SCMP_ARCH_MIPS: + return "mips"; + case SCMP_ARCH_MIPS64: +@@ -159,6 +163,8 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) { + *ret = SCMP_ARCH_ARM; + else if (streq(n, "arm64")) + *ret = SCMP_ARCH_AARCH64; + else if (streq(n, "loongarch64")) + *ret = SCMP_ARCH_LOONGARCH64; -+#endif - else - return -EINVAL; + else if (streq(n, "mips")) + *ret = SCMP_ARCH_MIPS; + else if (streq(n, "mips64")) +@@ -1206,7 +1212,7 @@ int seccomp_protect_sysctl(void) { -@@ -1209,6 +1219,11 @@ int seccomp_protect_sysctl(void) { - if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64)) + log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); + +- if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64)) ++ if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64, SCMP_ARCH_LOONGARCH64)) /* No _sysctl syscall */ continue; -+#if defined(__loongarch__) -+ if (IN_SET(arch, SCMP_ARCH_LOONGARCH64)) -+ /* No _sysctl syscall */ -+ continue; -+#endif - r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); - if (r < 0) -@@ -1267,6 +1282,9 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { - case SCMP_ARCH_PPC: - case SCMP_ARCH_PPC64: - case SCMP_ARCH_PPC64LE: -+#if defined(__loongarch__) +@@ -1251,6 +1257,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { + case SCMP_ARCH_X32: + case SCMP_ARCH_ARM: + case SCMP_ARCH_AARCH64: + case SCMP_ARCH_LOONGARCH64: -+#endif - default: - /* These we either know we don't support (i.e. are the ones that do use socketcall()), or we - * don't know */ -@@ -1543,6 +1561,9 @@ int seccomp_memory_deny_write_execute(void) { + case SCMP_ARCH_MIPSEL64N32: + case SCMP_ARCH_MIPS64N32: + case SCMP_ARCH_MIPSEL64: +@@ -1496,7 +1503,7 @@ static int add_seccomp_syscall_filter(scmp_filter_ctx seccomp, + } + + /* For known architectures, check that syscalls are indeed defined or not. */ +-#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) ++#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch__) + assert_cc(SCMP_SYS(shmget) > 0); + assert_cc(SCMP_SYS(shmat) > 0); + assert_cc(SCMP_SYS(shmdt) > 0); +@@ -1543,13 +1550,14 @@ int seccomp_memory_deny_write_execute(void) { case SCMP_ARCH_X86_64: case SCMP_ARCH_X32: case SCMP_ARCH_AARCH64: -+#if defined(__loongarch__) + case SCMP_ARCH_LOONGARCH64: -+#endif filter_syscall = SCMP_SYS(mmap); /* amd64, x32, and arm64 have only mmap */ shmat_syscall = SCMP_SYS(shmat); break; + + /* Please add more definitions here, if you port systemd to other architectures! */ + +-#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) ++#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__loongarch__) + #warning "Consider adding the right mmap() syscall definitions here!" + #endif + } +@@ -1573,13 +1581,13 @@ int seccomp_memory_deny_write_execute(void) { + if (r < 0) + continue; + } +- ++ if (!IN_SET(arch, SCMP_ARCH_LOONGARCH64)){ + r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(mprotect), + 1, + SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC)); + if (r < 0) + continue; +- ++ } + #ifdef __NR_pkey_mprotect + r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect), + 1, -- 2.27.0 diff --git a/systemd.spec b/systemd.spec index d13e7fec5a6985bf3c7c705ab052df9f1c9a7ed1..0e82d3ae5a55630e190684d73b495baf40e41774 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.4 +%define anolis_release .0.5 #global gitcommit 10e465b5321bd53c1fc59ffab27e724535c6bc0f %{?gitcommit:%global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})} @@ -1464,6 +1464,9 @@ fi %files tests -f .file-list-tests %changelog +* Mon Dec 19 2022 Liwei Ge - 239-58.0.5.8 +- seccomp: remove loongarch64 switch + * Wed Nov 02 2022 Yuanhong Peng - 239-58.0.4.8 - core: fix a null reference case in load_from_path() - sysctl: Don't pass null directive argument to '%s'