diff --git a/0040-add-riscv64-seccomp.patch b/0040-add-riscv64-seccomp.patch new file mode 100644 index 0000000000000000000000000000000000000000..704437d35aa32ddc793b2cadfb0dfab5d8c9444b --- /dev/null +++ b/0040-add-riscv64-seccomp.patch @@ -0,0 +1,239 @@ +From ce7c70df1b0c53413f6ebfa6fa1b858a604d3e80 Mon Sep 17 00:00:00 2001 +From: ChenHongJi +Date: Fri, 15 Apr 2022 13:04:02 +0800 +Subject: [PATCH] add riscv64 seccomp + +Signed-off-by: ChenHongJi +--- + src/lxc/seccomp.c | 51 +++++++++++++++++++++++++++++++++++++++ + src/lxc/syscall_numbers.h | 26 ++++++++++++++++++++ + 2 files changed, 77 insertions(+) + +diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c +index ebbba80..727834d 100644 +--- a/src/lxc/seccomp.c ++++ b/src/lxc/seccomp.c +@@ -318,6 +318,7 @@ enum lxc_hostarch_t { + lxc_seccomp_arch_mipsel64n32, + lxc_seccomp_arch_s390x, + lxc_seccomp_arch_s390, ++ lxc_seccomp_arch_riscv64, + lxc_seccomp_arch_unknown = 999, + }; + +@@ -352,6 +353,8 @@ int get_hostarch(void) + return lxc_seccomp_arch_s390x; + else if (strncmp(uts.machine, "s390", 4) == 0) + return lxc_seccomp_arch_s390; ++ else if (strncmp(uts.machine, "riscv64", 7) == 0) ++ return lxc_seccomp_arch_riscv64; + return lxc_seccomp_arch_unknown; + } + +@@ -430,6 +433,11 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, + arch = SCMP_ARCH_S390; + break; + #endif ++#ifdef SCMP_ARCH_RISCV64 ++ case lxc_seccomp_arch_riscv64: ++ arch = SCMP_ARCH_RISCV64; ++ break; ++#endif + default: + return NULL; + } +@@ -778,6 +786,16 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c + default_policy_action, &ctx.architectures[2]); + if (!ctx.contexts[2]) + goto bad; ++#endif ++#ifdef SCMP_ARCH_RISCV64 ++ } else if (native_arch == lxc_seccomp_arch_riscv64) { ++ cur_rule_arch = lxc_seccomp_arch_all; ++ ++ ctx.lxc_arch[0] = lxc_seccomp_arch_riscv64; ++ ctx.contexts[0] = get_new_ctx(lxc_seccomp_arch_riscv64, ++ default_policy_action, &ctx.architectures[0]); ++ if (!ctx.contexts[0]) ++ goto bad; + #endif + } + +@@ -969,6 +987,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c + + cur_rule_arch = lxc_seccomp_arch_s390x; + } ++#endif ++#ifdef SCMP_ARCH_RISCV64 ++ else if (strcmp(line, "[riscv64]") == 0 || ++ strcmp(line, "[RISCV64]") == 0) { ++ if (native_arch != lxc_seccomp_arch_riscv64) { ++ cur_rule_arch = lxc_seccomp_arch_unknown; ++ continue; ++ } ++ ++ cur_rule_arch = lxc_seccomp_arch_riscv64; ++ } + #endif + else { + goto bad_arch; +@@ -1310,6 +1339,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c + &ctx.needs_merge[2]); + if (!ctx.contexts[2]) + goto bad; ++#endif ++#ifdef SCMP_ARCH_RISCV64 ++ } else if (native_arch == lxc_seccomp_arch_riscv64) { ++ cur_rule_arch = lxc_seccomp_arch_all; ++ ++ ctx.architectures[0] = SCMP_ARCH_RISCV64; ++ ctx.contexts[0] = get_new_ctx(lxc_seccomp_arch_riscv64, ++ default_policy_action, ++ &ctx.needs_merge[0]); ++ if (!ctx.contexts[0]) ++ goto bad; + #endif + } + +@@ -1508,6 +1548,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c + + cur_rule_arch = lxc_seccomp_arch_s390; + } ++#endif ++#ifdef SCMP_ARCH_RISCV64 ++ else if (strcmp(line, "[riscv64]") == 0 || ++ strcmp(line, "[RISCV64]") == 0) { ++ if (native_arch != lxc_seccomp_arch_riscv64) { ++ cur_rule_arch = lxc_seccomp_arch_unknown; ++ continue; ++ } ++ ++ cur_rule_arch = lxc_seccomp_arch_riscv64; ++ } + #endif + else { + goto bad_arch; +diff --git a/src/lxc/syscall_numbers.h b/src/lxc/syscall_numbers.h +index 42609d4..a8843b4 100644 +--- a/src/lxc/syscall_numbers.h ++++ b/src/lxc/syscall_numbers.h +@@ -49,6 +49,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_keyctl 5241 + #endif ++ #elif defined __riscv ++ #define __NR_keyctl 219 + #else + #define -1 + #warning "__NR_keyctl not defined for your architecture" +@@ -84,6 +86,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 + #define __NR_memfd_create 5314 + #endif ++ #elif defined __riscv ++ #define __NR_memfd_create 279 + #else + #define -1 + #warning "__NR_memfd_create not defined for your architecture" +@@ -117,6 +121,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_pivot_root 5151 + #endif ++ #elif defined __riscv ++ #define __NR_pivot_root 41 + #else + #define -1 + #warning "__NR_pivot_root not defined for your architecture" +@@ -150,6 +156,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_setns 5303 + #endif ++ #elif defined __riscv ++ #define __NR_setns 268 + #else + #define -1 + #warning "__NR_setns not defined for your architecture" +@@ -183,6 +191,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_sethostname 5165 + #endif ++ #elif defined __riscv ++ #define __NR_sethostname 161 + #else + #define -1 + #warning "__NR_sethostname not defined for your architecture" +@@ -216,6 +226,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_signalfd 5276 + #endif ++ #elif defined __riscv ++ #define __NR_signalfd -1 /* doesn't exist in riscv */ + #else + #define -1 + #warning "__NR_signalfd not defined for your architecture" +@@ -249,6 +261,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_signalfd4 5283 + #endif ++ #elif defined __riscv ++ #define __NR_signalfd4 74 + #else + #define -1 + #warning "__NR_signalfd4 not defined for your architecture" +@@ -282,6 +296,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_unshare 5262 + #endif ++ #elif defined __riscv ++ #define __NR_unshare 97 + #else + #define -1 + #warning "__NR_unshare not defined for your architecture" +@@ -315,6 +331,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_bpf 5315 + #endif ++ #elif defined __riscv ++ #define __NR_bpf 280 + #else + #define -1 + #warning "__NR_bpf not defined for your architecture" +@@ -348,6 +366,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_faccessat 5259 + #endif ++ #elif defined __riscv ++ #define __NR_faccessat 48 + #else + #define -1 + #warning "__NR_faccessat not defined for your architecture" +@@ -399,6 +419,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_seccomp 5312 + #endif ++ #elif defined __riscv ++ #define __NR_seccomp 277 + #else + #define -1 + #warning "__NR_seccomp not defined for your architecture" +@@ -432,6 +454,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_gettid 5178 + #endif ++ #elif defined __riscv ++ #define __NR_gettid 178 + #else + #define -1 + #warning "__NR_gettid not defined for your architecture" +@@ -469,6 +493,8 @@ + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_execveat 5316 + #endif ++ #elif defined __riscv ++ #define __NR_execveat 281 + #else + #define -1 + #warning "__NR_execveat not defined for your architecture" +-- +2.25.1 + diff --git a/lxc.spec b/lxc.spec index c7de1c8ce878ac6f4d628b58f790874f2b673727..611f07b36f793397ca2de2cf18eac1d9135aea33 100644 --- a/lxc.spec +++ b/lxc.spec @@ -1,4 +1,4 @@ -%global _release 2022040901 +%global _release 2022041501 Name: lxc Version: 4.0.3 @@ -47,6 +47,7 @@ Patch0036: 0036-compile-in-android-env.patch Patch0037: 0037-fix-always-print-and-temp-len.patch Patch0038: 0038-just-print-error-when-new-lock-failed.patch Patch0039: 0039-fix-bug-of-memory-free.patch +Patch0040: 0040-add-riscv64-seccomp.patch BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath BuildRequires: pkgconfig(libseccomp) @@ -218,6 +219,12 @@ make check %{_mandir}/*/man7/%{name}* %changelog +* Fri Apr 15 2022 ChenHongJi - 4.0.3-2022041501 +- Type:improve +- ID:NA +- SUG:NA +- DESC: add riscv64 seccomp + * Sat Apr 09 2022 wujing - 4.0.3-2022040901 - Type:bugfix - ID:NA diff --git a/series.conf b/series.conf index 9e9f9c2504a3a59e1e2ca5c708613ee6179cce6f..91b1d42dbc39e0ecc1e8fc328f96982299ca8115 100644 --- a/series.conf +++ b/series.conf @@ -37,3 +37,4 @@ 0037-fix-always-print-and-temp-len.patch 0038-just-print-error-when-new-lock-failed.patch 0039-fix-bug-of-memory-free.patch +0040-add-riscv64-seccomp.patch