From 626384dcde05d0d8a6ea79b1189450dbba671dc1 Mon Sep 17 00:00:00 2001 From: khy Date: Fri, 12 May 2023 15:35:12 +0800 Subject: [PATCH 1/2] cherry-pick `add sw patch #20ead624ed837d467ff4c9607d46c027bbc84ac3`. Signed-off-by: khy Signed-off-by: Weisson --- 20006-systemd-Add-sw64.patch | 94 ++++++++++++++++++++++++++++++++++++ systemd.spec | 6 ++- 2 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 20006-systemd-Add-sw64.patch diff --git a/20006-systemd-Add-sw64.patch b/20006-systemd-Add-sw64.patch new file mode 100644 index 0000000..f1e0e6a --- /dev/null +++ b/20006-systemd-Add-sw64.patch @@ -0,0 +1,94 @@ +From 1d1259c0bada01ed92d991b44be1f53042837187 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 12 May 2023 15:33:42 +0800 +Subject: [PATCH] Add sw64 architecture + +Signed-off-by: rpm-build +--- + src/basic/architecture.c | 3 +++ + src/basic/architecture.h | 4 ++++ + src/basic/missing.h | 2 +- + src/basic/missing_syscall.h | 4 +++- + 4 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/src/basic/architecture.c b/src/basic/architecture.c +index 96bbf97..72b98a3 100644 +--- a/src/basic/architecture.c ++++ b/src/basic/architecture.c +@@ -120,6 +120,8 @@ int uname_architecture(void) { + { "arceb", ARCHITECTURE_ARC_BE }, + #elif defined(__loongarch64) + { "loongarch64", ARCHITECTURE_LOONGARCH64 }, ++#elif defined(__sw_64__) ++ { "sw_64" , ARCHITECTURE_SW_64 }, + #else + #error "Please register your architecture here!" + #endif +@@ -176,6 +178,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = { + [ARCHITECTURE_ARC] = "arc", + [ARCHITECTURE_ARC_BE] = "arc-be", + [ARCHITECTURE_LOONGARCH64] = "loongarch64", ++ [ARCHITECTURE_SW_64] = "sw_64", + }; + + DEFINE_STRING_TABLE_LOOKUP(architecture, int); +diff --git a/src/basic/architecture.h b/src/basic/architecture.h +index 22e9108..c317c75 100644 +--- a/src/basic/architecture.h ++++ b/src/basic/architecture.h +@@ -45,6 +45,7 @@ enum { + ARCHITECTURE_ARC, + ARCHITECTURE_ARC_BE, + ARCHITECTURE_LOONGARCH64, ++ ARCHITECTURE_SW_64, + _ARCHITECTURE_MAX, + _ARCHITECTURE_INVALID = -1 + }; +@@ -233,6 +234,9 @@ int uname_architecture(void); + #elif defined(__loongarch64) + # define native_architecture() ARCHITECTURE_LOONGARCH64 + # define LIB_ARCH_TUPLE "loongarch64-linux-gnu" ++#elif defined(__sw_64__) ++# define native_architecture() ARCHITECTURE_SW_64 ++# define LIB_ARCH_TUPLE "sw_64-linux-gnu" + #else + # error "Please register your architecture here!" + #endif +diff --git a/src/basic/missing.h b/src/basic/missing.h +index b937661..c2913b5 100644 +--- a/src/basic/missing.h ++++ b/src/basic/missing.h +@@ -646,7 +646,7 @@ struct input_mask { + */ + + #ifndef __O_TMPFILE +-#if defined(__alpha__) ++#if defined(__alpha__) || defined(__sw_64__) + #define __O_TMPFILE 0100000000 + #elif defined(__parisc__) || defined(__hppa__) + #define __O_TMPFILE 0400000000 +diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h +index 014dd2b..3acf59f 100644 +--- a/src/basic/missing_syscall.h ++++ b/src/basic/missing_syscall.h +@@ -182,7 +182,7 @@ static inline int missing_setns(int fd, int nstype) { + /* ======================================================================= */ + + static inline pid_t raw_getpid(void) { +-#if defined(__alpha__) ++#if defined(__alpha__) || defined(__sw_64__) + return (pid_t) syscall(__NR_getxpid); + #else + return (pid_t) syscall(__NR_getpid); +@@ -405,6 +405,8 @@ static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size) { + # define __NR_statx 360 + # elif defined __x86_64__ + # define __NR_statx 332 ++# elif defined __sw_64__ ++# define __NR_statx 518 + # else + # warning "__NR_statx not defined for your architecture" + # endif +-- +2.31.1 + diff --git a/systemd.spec b/systemd.spec index 6bdc75f..ad82942 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.4 +%define anolis_release .0.5 #global gitcommit 10e465b5321bd53c1fc59ffab27e724535c6bc0f %{?gitcommit:%global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})} @@ -1066,6 +1066,7 @@ Patch20001: 20001-hwdb-parse_hwdb_dot_py.patch Patch20003: 20003-core-introduce-cgroup-full-delegation-for-compabilit.patch Patch20004: 20004-Update-vendor-ids-for-ieisystem-0750.patch Patch20005: 20005-default-enable-full-delegation-on-device-cgroup.patch +Patch20006: 20006-systemd-Add-sw64.patch # lifsea only patch %if %{defined lifsea_dist} @@ -1792,6 +1793,9 @@ fi %files tests -f .file-list-tests %changelog +* Thu Apr 18 2024 wxiat - 239-78.0.5 +- cherry-pick `add sw patch #20ead624ed837d467ff4c9607d46c027bbc84ac3`. + * Wed Apr 3 2024 zhongling.h - 239-78.0.4 - Remove patch 20002 as it inhibits systemd device cgroup slice creation - Add patch 20005 to enable device cgroup full delegation by default -- Gitee From c542c9eb6fb466feba5bcd92cef505ac4e7241b5 Mon Sep 17 00:00:00 2001 From: Weisson Date: Sun, 7 Apr 2024 17:56:24 +0800 Subject: [PATCH 2/2] add seccomp support and test-seccomp test case support for sw_64. Signed-off-by: Weisson --- 20007-add-seccomp-support-for-sw_64.patch | 96 +++++++++++++++++++ ...t-test-test-seccomp-support-on-sw_64.patch | 43 +++++++++ systemd.spec | 8 +- 3 files changed, 146 insertions(+), 1 deletion(-) create mode 100644 20007-add-seccomp-support-for-sw_64.patch create mode 100644 20008-Fix-unit-test-test-seccomp-support-on-sw_64.patch diff --git a/20007-add-seccomp-support-for-sw_64.patch b/20007-add-seccomp-support-for-sw_64.patch new file mode 100644 index 0000000..f3cda33 --- /dev/null +++ b/20007-add-seccomp-support-for-sw_64.patch @@ -0,0 +1,96 @@ +From a8b1f7bfc0190af52e863ddc821701d32e6c3c97 Mon Sep 17 00:00:00 2001 +From: Weisson +Date: Sun, 7 Apr 2024 15:45:26 +0800 +Subject: [PATCH 1/1] add seccomp support for sw_64. + +Signed-off-by: Weisson +--- + src/shared/seccomp-util.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index 8b0d366..2cedca5 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -44,6 +44,8 @@ const uint32_t seccomp_local_archs[] = { + SCMP_ARCH_ARM, + #elif defined(__loongarch__) + SCMP_ARCH_LOONGARCH64, ++#elif defined(__sw_64__) ++ SCMP_ARCH_SW_64, + #elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32 + SCMP_ARCH_MIPSEL, + SCMP_ARCH_MIPS, /* native */ +@@ -114,6 +116,8 @@ const char* seccomp_arch_to_string(uint32_t c) { + return "x32"; + case SCMP_ARCH_ARM: + return "arm"; ++ case SCMP_ARCH_SW_64: ++ return "sw_64"; + case SCMP_ARCH_AARCH64: + return "arm64"; + case SCMP_ARCH_LOONGARCH64: +@@ -163,6 +167,8 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) { + *ret = SCMP_ARCH_ARM; + else if (streq(n, "arm64")) + *ret = SCMP_ARCH_AARCH64; ++ else if (streq(n, "sw_64")) ++ *ret = SCMP_ARCH_SW_64; + else if (streq(n, "loongarch64")) + *ret = SCMP_ARCH_LOONGARCH64; + else if (streq(n, "mips")) +@@ -1246,7 +1252,7 @@ int seccomp_protect_sysctl(void) { + + log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); + +- if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64, SCMP_ARCH_LOONGARCH64)) ++ if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64, SCMP_ARCH_LOONGARCH64, SCMP_ARCH_SW_64)) + /* No _sysctl syscall */ + continue; + +@@ -1291,6 +1297,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { + case SCMP_ARCH_X32: + case SCMP_ARCH_ARM: + case SCMP_ARCH_AARCH64: ++ case SCMP_ARCH_SW_64: + case SCMP_ARCH_LOONGARCH64: + case SCMP_ARCH_MIPSEL64N32: + case SCMP_ARCH_MIPS64N32: +@@ -1536,7 +1543,7 @@ static int add_seccomp_syscall_filter(scmp_filter_ctx seccomp, + } + + /* For known architectures, check that syscalls are indeed defined or not. */ +-#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch__) ++#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch__) || defined(__sw_64__) + assert_cc(SCMP_SYS(shmget) > 0); + assert_cc(SCMP_SYS(shmat) > 0); + assert_cc(SCMP_SYS(shmdt) > 0); +@@ -1583,6 +1590,7 @@ int seccomp_memory_deny_write_execute(void) { + case SCMP_ARCH_X86_64: + case SCMP_ARCH_X32: + case SCMP_ARCH_AARCH64: ++ case SCMP_ARCH_SW_64: + case SCMP_ARCH_LOONGARCH64: + filter_syscall = SCMP_SYS(mmap); /* amd64, x32, and arm64 have only mmap */ + shmat_syscall = SCMP_SYS(shmat); +@@ -1590,7 +1598,7 @@ int seccomp_memory_deny_write_execute(void) { + + /* Please add more definitions here, if you port systemd to other architectures! */ + +-#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__loongarch__) ++#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__loongarch__) && !defined(__sw_64__) + #warning "Consider adding the right mmap() syscall definitions here!" + #endif + } +@@ -1614,7 +1622,7 @@ int seccomp_memory_deny_write_execute(void) { + if (r < 0) + continue; + } +- if (!IN_SET(arch, SCMP_ARCH_LOONGARCH64)){ ++ if (!IN_SET(arch, SCMP_ARCH_LOONGARCH64, SCMP_ARCH_SW_64)){ + r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(mprotect), + 1, + SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC)); +-- +2.31.1 + diff --git a/20008-Fix-unit-test-test-seccomp-support-on-sw_64.patch b/20008-Fix-unit-test-test-seccomp-support-on-sw_64.patch new file mode 100644 index 0000000..ac70671 --- /dev/null +++ b/20008-Fix-unit-test-test-seccomp-support-on-sw_64.patch @@ -0,0 +1,43 @@ +From 573700e701553081bd2bdb9081da0a1215f5ed97 Mon Sep 17 00:00:00 2001 +From: Weisson +Date: Sun, 7 Apr 2024 17:13:11 +0800 +Subject: [PATCH] Fix unit-test: test-seccomp support on sw_64. + +Signed-off-by: Weisson +--- + src/test/test-seccomp.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c +index 286f01b..c04eb66 100644 +--- a/src/test/test-seccomp.c ++++ b/src/test/test-seccomp.c +@@ -55,6 +55,7 @@ static void test_architecture_table(void) { + "x32\0" + "arm\0" + "arm64\0" ++ "sw_64\0" + "mips\0" + "mips64\0" + "mips64-n32\0" +@@ -403,7 +404,7 @@ static void test_memory_deny_write_execute_mmap(void) { + assert_se(seccomp_memory_deny_write_execute() >= 0); + + p = mmap(NULL, page_size(), PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1,0); +-#if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__) ++#if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__) || defined(__sw_64__) + assert_se(p == MAP_FAILED); + assert_se(errno == EPERM); + #else /* unknown architectures */ +@@ -450,7 +451,7 @@ static void test_memory_deny_write_execute_shmat(void) { + assert_se(seccomp_memory_deny_write_execute() >= 0); + + p = shmat(shmid, NULL, SHM_EXEC); +-#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) ++#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__sw_64__) + assert_se(p == MAP_FAILED); + assert_se(errno == EPERM); + #else /* __i386__, __powerpc64__, and "unknown" architectures */ +-- +2.31.1 + diff --git a/systemd.spec b/systemd.spec index ad82942..cb2f21b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.5 +%define anolis_release .0.6 #global gitcommit 10e465b5321bd53c1fc59ffab27e724535c6bc0f %{?gitcommit:%global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})} @@ -1067,6 +1067,8 @@ Patch20003: 20003-core-introduce-cgroup-full-delegation-for-compabilit.patch Patch20004: 20004-Update-vendor-ids-for-ieisystem-0750.patch Patch20005: 20005-default-enable-full-delegation-on-device-cgroup.patch Patch20006: 20006-systemd-Add-sw64.patch +Patch20007: 20007-add-seccomp-support-for-sw_64.patch +Patch20008: 20008-Fix-unit-test-test-seccomp-support-on-sw_64.patch # lifsea only patch %if %{defined lifsea_dist} @@ -1793,6 +1795,10 @@ fi %files tests -f .file-list-tests %changelog +* Thu Apr 18 2024 Weisson - 239-78.0.6 +- add seccomp support for sw_64. +- add test-seccomp support for sw_64. + * Thu Apr 18 2024 wxiat - 239-78.0.5 - cherry-pick `add sw patch #20ead624ed837d467ff4c9607d46c027bbc84ac3`. -- Gitee