From 41da53f084b964769a1d1de19b5c37d5e158a921d39e0f0a058d3ce5d95d41dc Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 10 Apr 2015 19:27:34 +0000 Subject: [PATCH 1/2] Accepting request 295335 from home:a_faerber:branches:security Fix some arm syscall constants OBS-URL: https://build.opensuse.org/request/show/295335 OBS-URL: https://build.opensuse.org/package/show/security/libseccomp?expand=0&rev=31 --- libseccomp-arm-syscall-fixes.patch | 179 +++++++++++++++++++++++++++++ libseccomp.changes | 6 + libseccomp.spec | 3 +- 3 files changed, 187 insertions(+), 1 deletion(-) create mode 100644 libseccomp-arm-syscall-fixes.patch diff --git a/libseccomp-arm-syscall-fixes.patch b/libseccomp-arm-syscall-fixes.patch new file mode 100644 index 0000000..981c8aa --- /dev/null +++ b/libseccomp-arm-syscall-fixes.patch @@ -0,0 +1,179 @@ +From d1019115acdc8460c9a1f8a878768001a3c32431 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Fri, 10 Apr 2015 10:31:04 -0400 +Subject: [PATCH] arm: fix some problems with the syscall table + +The 32-bit ARM syscall table mistakenly included syscall definitions +for the syscalls below. This patch redefines those syscalls to +libseccomp's pseudo-syscall numbers and corrects the +arch-syscall-validate to correctly list the 32-bit ARM syscalls. + + * time + * umount + * stime + * alarm + * utime + * getrlimit + * select + * readdir + * mmap + * socketcall + * syscall + * ipc + +Reported-by: Andreas Farber +Signed-off-by: Paul Moore +--- + include/seccomp.h.in | 10 ++++++++++ + src/arch-arm-syscalls.c | 24 ++++++++++++------------ + src/arch-syscall-validate | 2 +- + 3 files changed, 23 insertions(+), 13 deletions(-) + +diff --git a/include/seccomp.h.in b/include/seccomp.h.in +index 6a115d1..9a28e4a 100644 +--- a/include/seccomp.h.in ++++ b/include/seccomp.h.in +@@ -1424,6 +1424,16 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd); + #define __NR_utimes __PNR_utimes + #endif /* __NR_utimes */ + ++#define __PNR_getrlimit -10180 ++#ifndef __NR_getrlimit ++#define __NR_getrlimit __PNR_getrlimit ++#endif /* __NR_utimes */ ++ ++#define __PNR_mmap -10181 ++#ifndef __NR_mmap ++#define __NR_mmap __PNR_mmap ++#endif /* __NR_utimes */ ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c +index 8876135..b574ccc 100644 +--- a/src/arch-arm-syscalls.c ++++ b/src/arch-arm-syscalls.c +@@ -49,7 +49,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "add_key", (__NR_SYSCALL_BASE + 309) }, + { "adjtimex", (__NR_SYSCALL_BASE + 124) }, + { "afs_syscall", __PNR_afs_syscall }, +- { "alarm", (__NR_SYSCALL_BASE + 27) }, ++ { "alarm", __PNR_alarm }, + { "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) }, + { "arm_sync_file_range", (__NR_SYSCALL_BASE + 341) }, + { "arch_prctl", __PNR_arch_prctl }, +@@ -156,7 +156,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "getresgid32", (__NR_SYSCALL_BASE + 211) }, + { "getresuid", (__NR_SYSCALL_BASE + 165) }, + { "getresuid32", (__NR_SYSCALL_BASE + 209) }, +- { "getrlimit", (__NR_SYSCALL_BASE + 76) }, ++ { "getrlimit", __PNR_getrlimit }, + { "getrusage", (__NR_SYSCALL_BASE + 77) }, + { "getsid", (__NR_SYSCALL_BASE + 147) }, + { "getsockname", (__NR_SYSCALL_BASE + 286) }, +@@ -183,7 +183,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "iopl", __PNR_iopl }, + { "ioprio_get", (__NR_SYSCALL_BASE + 315) }, + { "ioprio_set", (__NR_SYSCALL_BASE + 314) }, +- { "ipc", (__NR_SYSCALL_BASE + 117) }, ++ { "ipc", __PNR_ipc }, + { "kcmp", (__NR_SYSCALL_BASE + 378) }, + { "kexec_file_load", __PNR_kexec_file_load }, + { "kexec_load", (__NR_SYSCALL_BASE + 347) }, +@@ -215,7 +215,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "mknodat", (__NR_SYSCALL_BASE + 324) }, + { "mlock", (__NR_SYSCALL_BASE + 150) }, + { "mlockall", (__NR_SYSCALL_BASE + 152) }, +- { "mmap", (__NR_SYSCALL_BASE + 90) }, ++ { "mmap", __PNR_mmap }, + { "mmap2", (__NR_SYSCALL_BASE + 192) }, + { "modify_ldt", __PNR_modify_ldt }, + { "mount", (__NR_SYSCALL_BASE + 21) }, +@@ -279,7 +279,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "quotactl", (__NR_SYSCALL_BASE + 131) }, + { "read", (__NR_SYSCALL_BASE + 3) }, + { "readahead", (__NR_SYSCALL_BASE + 225) }, +- { "readdir", (__NR_SYSCALL_BASE + 89) }, ++ { "readdir", __PNR_readdir }, + { "readlink", (__NR_SYSCALL_BASE + 85) }, + { "readlinkat", (__NR_SYSCALL_BASE + 332) }, + { "readv", (__NR_SYSCALL_BASE + 145) }, +@@ -318,7 +318,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "sched_yield", (__NR_SYSCALL_BASE + 158) }, + { "seccomp", (__NR_SYSCALL_BASE + 383) }, + { "security", __PNR_security }, +- { "select", (__NR_SYSCALL_BASE + 82) }, ++ { "select", __PNR_select }, + { "semctl", (__NR_SYSCALL_BASE + 300) }, + { "semget", (__NR_SYSCALL_BASE + 299) }, + { "semop", (__NR_SYSCALL_BASE + 298) }, +@@ -378,7 +378,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "sigreturn", (__NR_SYSCALL_BASE + 119) }, + { "sigsuspend", (__NR_SYSCALL_BASE + 72) }, + { "socket", (__NR_SYSCALL_BASE + 281) }, +- { "socketcall", (__NR_SYSCALL_BASE + 102) }, ++ { "socketcall", __PNR_socketcall }, + { "socketpair", (__NR_SYSCALL_BASE + 288) }, + { "splice", (__NR_SYSCALL_BASE + 340) }, + { "ssetmask", __PNR_ssetmask }, +@@ -386,7 +386,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "stat64", (__NR_SYSCALL_BASE + 195) }, + { "statfs", (__NR_SYSCALL_BASE + 99) }, + { "statfs64", (__NR_SYSCALL_BASE + 266) }, +- { "stime", (__NR_SYSCALL_BASE + 25) }, ++ { "stime", __PNR_stime }, + { "stty", __PNR_stty }, + { "swapoff", (__NR_SYSCALL_BASE + 115) }, + { "swapon", (__NR_SYSCALL_BASE + 87) }, +@@ -396,14 +396,14 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "sync_file_range", __PNR_sync_file_range }, + { "sync_file_range2", (__NR_SYSCALL_BASE + 341) }, + { "syncfs", (__NR_SYSCALL_BASE + 373) }, +- { "syscall", (__NR_SYSCALL_BASE + 113) }, ++ { "syscall", __PNR_syscall }, + { "sysfs", (__NR_SYSCALL_BASE + 135) }, + { "sysinfo", (__NR_SYSCALL_BASE + 116) }, + { "syslog", (__NR_SYSCALL_BASE + 103) }, + { "sysmips", __PNR_sysmips }, + { "tee", (__NR_SYSCALL_BASE + 342) }, + { "tgkill", (__NR_SYSCALL_BASE + 268) }, +- { "time", (__NR_SYSCALL_BASE + 13) }, ++ { "time", __PNR_time }, + { "timer_create", (__NR_SYSCALL_BASE + 257) }, + { "timer_delete", (__NR_SYSCALL_BASE + 261) }, + { "timer_getoverrun", (__NR_SYSCALL_BASE + 260) }, +@@ -421,7 +421,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "ugetrlimit", (__NR_SYSCALL_BASE + 191) }, + { "ulimit", __PNR_ulimit }, + { "umask", (__NR_SYSCALL_BASE + 60) }, +- { "umount", (__NR_SYSCALL_BASE + 22) }, ++ { "umount", __PNR_umount }, + { "umount2", (__NR_SYSCALL_BASE + 52) }, + { "uname", (__NR_SYSCALL_BASE + 122) }, + { "unlink", (__NR_SYSCALL_BASE + 10) }, +@@ -429,7 +429,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ + { "unshare", (__NR_SYSCALL_BASE + 337) }, + { "uselib", (__NR_SYSCALL_BASE + 86) }, + { "ustat", (__NR_SYSCALL_BASE + 62) }, +- { "utime", (__NR_SYSCALL_BASE + 30) }, ++ { "utime", __PNR_utime }, + { "utimensat", (__NR_SYSCALL_BASE + 348) }, + { "utimes", (__NR_SYSCALL_BASE + 269) }, + { "vfork", (__NR_SYSCALL_BASE + 190) }, +diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate +index 2cbf696..1616c9f 100755 +--- a/src/arch-syscall-validate ++++ b/src/arch-syscall-validate +@@ -146,7 +146,7 @@ function dump_lib_x32() { + # + function dump_sys_arm() { + # NOTE: arm_sync_file_range() and sync_file_range2() share values +- cat $1/arch/arm/include/uapi/asm/unistd.h | \ ++ gcc -E -dM -D __ARM_EABI__ $1/arch/arm/include/uapi/asm/unistd.h | \ + grep "^#define __NR_" | sort | \ + grep -v "^#define __NR_OABI_SYSCALL_BASE" | \ + grep -v "^#define __NR_SYSCALL_BASE" | \ +-- +2.1.4 + diff --git a/libseccomp.changes b/libseccomp.changes index c6bc4a1..9a58614 100644 --- a/libseccomp.changes +++ b/libseccomp.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Apr 10 16:52:55 UTC 2015 - afaerber@suse.de + +- Fix some arm syscall constants + libseccomp-arm-syscall-fixes.patch + ------------------------------------------------------------------- Sun Mar 29 00:28:59 UTC 2015 - jengelh@inai.de diff --git a/libseccomp.spec b/libseccomp.spec index b097ec9..fcda261 100644 --- a/libseccomp.spec +++ b/libseccomp.spec @@ -31,6 +31,7 @@ Source2: https://github.com/seccomp/libseccomp/releases/download/v%versio Patch1: no-static.diff Patch2: 0001-tools-add-the-missing-elf.h-header-file.patch Patch3: libseccomp-s390x-support.patch +Patch4: libseccomp-arm-syscall-fixes.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake >= 1.11 @@ -98,7 +99,7 @@ This subpackage contains debug utilities for the seccomp interface. %prep %setup -q -%patch -P 1 -P 2 -P 3 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -p1 %build autoreconf -fi From 73e133c103460d74376aef35b13a49f3b184aa770c38029b1a822f69ec28d8d2 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 16 Apr 2015 15:09:37 +0000 Subject: [PATCH 2/2] Accepting request 295668 from home:k0da:branches:security OBS-URL: https://build.opensuse.org/request/show/295668 OBS-URL: https://build.opensuse.org/package/show/security/libseccomp?expand=0&rev=32 --- libseccomp-ppc64le.patch | 453 +++++++++++++++++++++++++++++++++++++++ libseccomp.changes | 5 + libseccomp.spec | 5 +- 3 files changed, 461 insertions(+), 2 deletions(-) create mode 100644 libseccomp-ppc64le.patch diff --git a/libseccomp-ppc64le.patch b/libseccomp-ppc64le.patch new file mode 100644 index 0000000..4335c20 --- /dev/null +++ b/libseccomp-ppc64le.patch @@ -0,0 +1,453 @@ +Index: libseccomp-2.2.0/include/seccomp.h.in +=================================================================== +--- libseccomp-2.2.0.orig/include/seccomp.h.in ++++ libseccomp-2.2.0/include/seccomp.h.in +@@ -169,6 +169,10 @@ struct scmp_arg_cmp { + * The PowerPC64 architecture token + */ + #define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64 ++#ifndef AUDIT_ARCH_PPC64LE ++#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif ++#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE + + /** + * Convert a syscall name into the associated syscall number +Index: libseccomp-2.2.0/src/arch-ppc64.c +=================================================================== +--- libseccomp-2.2.0.orig/src/arch-ppc64.c ++++ libseccomp-2.2.0/src/arch-ppc64.c +@@ -30,9 +30,12 @@ const struct arch_def arch_def_ppc64 = { + .token = SCMP_ARCH_PPC64, + .token_bpf = AUDIT_ARCH_PPC64, + .size = ARCH_SIZE_64, +-#ifdef __LITTLE_ENDIAN__ +- .endian = ARCH_ENDIAN_LITTLE, +-#else + .endian = ARCH_ENDIAN_BIG, +-#endif ++}; ++ ++const struct arch_def arch_def_ppc64le = { ++ .token = SCMP_ARCH_PPC64LE, ++ .token_bpf = AUDIT_ARCH_PPC64LE, ++ .size = ARCH_SIZE_64, ++ .endian = ARCH_ENDIAN_LITTLE, + }; +Index: libseccomp-2.2.0/src/arch-ppc64.h +=================================================================== +--- libseccomp-2.2.0.orig/src/arch-ppc64.h ++++ libseccomp-2.2.0/src/arch-ppc64.h +@@ -27,19 +27,11 @@ + #include "arch.h" + #include "system.h" + +-#define ppc64_arg_count_max 6 +- + extern const struct arch_def arch_def_ppc64; +- +-#ifdef __LITTLE_ENDIAN__ +-#define ppc64_arg_offset_lo(x) (arch_arg_offset(x)) +-#define ppc64_arg_offset_hi(x) (arch_arg_offset(x) + 4) +-#else +-#define ppc64_arg_offset_lo(x) (arch_arg_offset(x) + 4) +-#define ppc64_arg_offset_hi(x) (arch_arg_offset(x)) +-#endif ++extern const struct arch_def arch_def_ppc64le; + + int ppc64_syscall_resolve_name(const char *name); + const char *ppc64_syscall_resolve_num(int num); + ++const char *ppc64_syscall_iterate_name(unsigned int spot); + #endif +Index: libseccomp-2.2.0/src/arch.c +=================================================================== +--- libseccomp-2.2.0.orig/src/arch.c ++++ libseccomp-2.2.0/src/arch.c +@@ -82,8 +82,10 @@ const struct arch_def *arch_def_native = + const struct arch_def *arch_def_native = &arch_def_s390; + #elif __s390x__ + const struct arch_def *arch_def_native = &arch_def_s390x; +-#elif __powerpc64__ ++#elif __powerpc64__ && __BIG_ENDIAN__ + const struct arch_def *arch_def_native = &arch_def_ppc64; ++#elif __powerpc64__ && __LITTLE_ENDIAN__ ++const struct arch_def *arch_def_native = &arch_def_ppc64le; + #elif __powerpc__ + const struct arch_def *arch_def_native = &arch_def_ppc; + #else +@@ -140,6 +142,8 @@ const struct arch_def *arch_def_lookup(u + return &arch_def_s390x; + case SCMP_ARCH_PPC64: + return &arch_def_ppc64; ++ case SCMP_ARCH_PPC64LE: ++ return &arch_def_ppc64le; + case SCMP_ARCH_PPC: + return &arch_def_ppc; + } +@@ -178,6 +182,10 @@ const struct arch_def *arch_def_lookup_n + return &arch_def_mips64n32; + else if (strcmp(arch_name, "mipsel64n32") == 0) + return &arch_def_mipsel64n32; ++ else if (strcmp(arch_name, "ppc64") == 0) ++ return &arch_def_ppc64; ++ else if (strcmp(arch_name, "ppc64le") == 0) ++ return &arch_def_ppc64le; + + return NULL; + } +@@ -301,6 +309,7 @@ int arch_syscall_resolve_name(const stru + case SCMP_ARCH_S390X: + return s390x_syscall_resolve_name(name); + case SCMP_ARCH_PPC64: ++ case SCMP_ARCH_PPC64LE: + return ppc64_syscall_resolve_name(name); + case SCMP_ARCH_PPC: + return ppc_syscall_resolve_name(name); +@@ -346,6 +355,7 @@ const char *arch_syscall_resolve_num(con + case SCMP_ARCH_S390X: + return s390x_syscall_resolve_num(num); + case SCMP_ARCH_PPC64: ++ case SCMP_ARCH_PPC64LE: + return ppc64_syscall_resolve_num(num); + case SCMP_ARCH_PPC: + return ppc_syscall_resolve_num(num); +Index: libseccomp-2.2.0/src/gen_pfc.c +=================================================================== +--- libseccomp-2.2.0.orig/src/gen_pfc.c ++++ libseccomp-2.2.0/src/gen_pfc.c +@@ -79,6 +79,8 @@ static const char *_pfc_arch(const struc + return "ppc"; + case SCMP_ARCH_PPC64: + return "ppc64"; ++ case SCMP_ARCH_PPC64LE: ++ return "ppc64le"; + default: + return "UNKNOWN"; + } +Index: libseccomp-2.2.0/tools/scmp_arch_detect.c +=================================================================== +--- libseccomp-2.2.0.orig/tools/scmp_arch_detect.c ++++ libseccomp-2.2.0/tools/scmp_arch_detect.c +@@ -111,6 +111,9 @@ int main(int argc, char *argv[]) + case SCMP_ARCH_PPC64: + printf("ppc64\n"); + break; ++ case SCMP_ARCH_PPC64LE: ++ printf("ppc64le\n"); ++ break; + default: + printf("unknown\n"); + } +Index: libseccomp-2.2.0/tools/scmp_bpf_sim.c +=================================================================== +--- libseccomp-2.2.0.orig/tools/scmp_bpf_sim.c ++++ libseccomp-2.2.0/tools/scmp_bpf_sim.c +@@ -250,13 +250,15 @@ int main(int argc, char *argv[]) + else if (strcmp(optarg, "mipsel64n32") == 0) + arch = AUDIT_ARCH_MIPSEL64N32; + else if (strcmp(optarg, "s390") == 0) +- sys_data.arch = AUDIT_ARCH_S390; ++ arch = AUDIT_ARCH_S390; + else if (strcmp(optarg, "s390x") == 0) +- sys_data.arch = AUDIT_ARCH_S390X; ++ arch = AUDIT_ARCH_S390X; + else if (strcmp(optarg, "ppc") == 0) +- sys_data.arch = AUDIT_ARCH_PPC; ++ arch = AUDIT_ARCH_PPC; + else if (strcmp(optarg, "ppc64") == 0) +- sys_data.arch = AUDIT_ARCH_PPC64; ++ arch = AUDIT_ARCH_PPC64; ++ else if (strcmp(optarg, "ppc64le") == 0) ++ arch = AUDIT_ARCH_PPC64LE; + else + exit_fault(EINVAL); + break; +Index: libseccomp-2.2.0/tools/util.c +=================================================================== +--- libseccomp-2.2.0.orig/tools/util.c ++++ libseccomp-2.2.0/tools/util.c +@@ -66,8 +66,10 @@ + #define ARCH_NATIVE AUDIT_ARCH_S390 + #elif __s390x__ + #define ARCH_NATIVE AUDIT_ARCH_S390X +-#elif __powerpc64__ ++#elif __powerpc64__ && __BIG_ENDIAN__ + #define ARCH_NATIVE AUDIT_ARCH_PPC64 ++#elif __powerpc64__ && __LITTLE_ENDIAN__ ++#define ARCH_NATIVE AUDIT_ARCH_PPC64LE + #elif __powerpc__ + #define ARCH_NATIVE AUDIT_ARCH_PPC + #else +Index: libseccomp-2.2.0/include/seccomp.h +=================================================================== +--- libseccomp-2.2.0.orig/include/seccomp.h ++++ libseccomp-2.2.0/include/seccomp.h +@@ -151,6 +151,30 @@ struct scmp_arg_cmp { + #define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32 + + /** ++ * The S390X architecture token ++ */ ++#define SCMP_ARCH_S390X AUDIT_ARCH_S390X ++ ++/** ++ * The S390 architecture token ++ */ ++#define SCMP_ARCH_S390 AUDIT_ARCH_S390 ++ ++/** ++ * The PowerPC architecture token ++ */ ++#define SCMP_ARCH_PPC AUDIT_ARCH_PPC ++ ++/** ++ * The PowerPC64 architecture token ++ */ ++#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64 ++#ifndef AUDIT_ARCH_PPC64LE ++#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif ++#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE ++ ++/** + * Convert a syscall name into the associated syscall number + * @param x the syscall name + */ +Index: libseccomp-2.2.0/tools/util.h +=================================================================== +--- libseccomp-2.2.0.orig/tools/util.h ++++ libseccomp-2.2.0/tools/util.h +@@ -47,6 +47,10 @@ + #define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) + #endif + ++#ifndef AUDIT_ARCH_PPC64LE ++#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif ++ + extern uint32_t arch; + + void exit_usage(const char *program); +Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c +=================================================================== +--- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.c ++++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c +@@ -68,6 +68,9 @@ int main(int argc, char *argv[]) + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32")); + if (rc != 0) + goto out; ++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le")); ++ if (rc != 0) ++ goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); +Index: libseccomp-2.2.0/tests/16-sim-arch_basic.c +=================================================================== +--- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.c ++++ libseccomp-2.2.0/tests/16-sim-arch_basic.c +@@ -68,6 +68,9 @@ int main(int argc, char *argv[]) + rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32); + if (rc != 0) + goto out; ++ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE); ++ if (rc != 0) ++ goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); +Index: libseccomp-2.2.0/src/arch-syscall-dump.c +=================================================================== +--- libseccomp-2.2.0.orig/src/arch-syscall-dump.c ++++ libseccomp-2.2.0/src/arch-syscall-dump.c +@@ -38,6 +38,7 @@ + #include "arch-mips64.h" + #include "arch-mips64n32.h" + #include "arch-aarch64.h" ++#include "arch-ppc64.h" + + /** + * Print the usage information to stderr and exit +@@ -112,6 +113,10 @@ int main(int argc, char *argv[]) + case SCMP_ARCH_AARCH64: + sys_name = aarch64_syscall_iterate_name(iter); + break; ++ case SCMP_ARCH_PPC64: ++ case SCMP_ARCH_PPC64LE: ++ sys_name = ppc64_syscall_iterate_name(iter); ++ break; + default: + /* invalid arch */ + exit_usage(argv[0]); +Index: libseccomp-2.2.0/src/arch-ppc64-syscalls.c +=================================================================== +--- libseccomp-2.2.0.orig/src/arch-ppc64-syscalls.c ++++ libseccomp-2.2.0/src/arch-ppc64-syscalls.c +@@ -425,3 +425,16 @@ const char *ppc64_syscall_resolve_num(in + + return NULL; + } ++/** ++ * Iterate through the syscall table and return the syscall name ++ * @param spot the offset into the syscall table ++ * ++ * Return the syscall name at position @spot or NULL on failure. This function ++ * should only ever be used internally by libseccomp. ++ * ++ */ ++const char *ppc64_syscall_iterate_name(unsigned int spot) ++{ ++ /* XXX - no safety checks here */ ++ return ppc64_syscall_table[spot].name; ++} +Index: libseccomp-2.2.0/tests/16-sim-arch_basic.py +=================================================================== +--- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.py ++++ libseccomp-2.2.0/tests/16-sim-arch_basic.py +@@ -39,6 +39,8 @@ def test(args): + f.add_arch(Arch("mipsel")) + f.add_arch(Arch("mipsel64")) + f.add_arch(Arch("mipsel64n32")) ++ f.add_arch(Arch("ppc64")) ++ f.add_arch(Arch("ppc64le")) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py +=================================================================== +--- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.py ++++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py +@@ -39,6 +39,7 @@ def test(args): + f.add_arch(Arch("mipsel")) + f.add_arch(Arch("mipsel64")) + f.add_arch(Arch("mipsel64n32")) ++ f.add_arch(Arch("ppc64le")) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +Index: libseccomp-2.2.0/tools/scmp_bpf_disasm.c +=================================================================== +--- libseccomp-2.2.0.orig/tools/scmp_bpf_disasm.c ++++ libseccomp-2.2.0/tools/scmp_bpf_disasm.c +@@ -334,6 +334,10 @@ int main(int argc, char *argv[]) + arch = AUDIT_ARCH_MIPS64N32; + else if (strcmp(optarg, "mipsel64n32") == 0) + arch = AUDIT_ARCH_MIPSEL64N32; ++ else if (strcmp(optarg, "ppc64") == 0) ++ arch = AUDIT_ARCH_PPC64; ++ else if (strcmp(optarg, "ppc64le") == 0) ++ arch = AUDIT_ARCH_PPC64LE; + else + exit_usage(argv[0]); + break; +Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c +=================================================================== +--- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.c ++++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c +@@ -52,6 +52,9 @@ int main(int argc, char *argv[]) + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32")); + if (rc != 0) + goto out; ++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64")); ++ if (rc != 0) ++ goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); +Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py +=================================================================== +--- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.py ++++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py +@@ -33,6 +33,7 @@ def test(args): + f.add_arch(Arch("mips")) + f.add_arch(Arch("mips64")) + f.add_arch(Arch("mips64n32")) ++ f.add_arch(Arch("ppc64")) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +Index: libseccomp-2.2.0/src/arch-syscall-validate +=================================================================== +--- libseccomp-2.2.0.orig/src/arch-syscall-validate ++++ libseccomp-2.2.0/src/arch-syscall-validate +@@ -303,6 +303,35 @@ function dump_lib_mips64n32() { + } + + # ++# Dump the ppc64 system syscall table ++# ++# Arguments: ++# 1 path to the kernel source ++# ++# Dump the architecture's syscall table to stdout. ++# ++function dump_sys_ppc64() { ++ gcc -E -dM -I$1/arch/powerpc/include/uapi $1/arch/powerpc/include/uapi/asm/unistd.h | \ ++ grep "^#define __NR_" | sort | \ ++ grep -v "^#define __NR_O32_" | \ ++ grep -v "^#define __NR_N32_" | \ ++ grep -v "^#define __NR_64_" | \ ++ grep -v "^#define __NR_Linux" | \ ++ grep -v "^#define __NR_unused" | \ ++ grep -v "^#define __NR_reserved" | \ ++ sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_Linux[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/' ++} ++ ++# ++# Dump the ppc64 library syscall table ++# ++# Dump the library's syscall table to stdout. ++# ++function dump_lib_ppc64() { ++ $LIB_SYS_DUMP -a ppc64 | sed -e '/[^\t]\+\t-[0-9]\+/d' ++} ++ ++# + # Dump the system syscall table + # + # Arguments: +@@ -337,6 +366,9 @@ function dump_sys() { + mips64n32) + dump_sys_mips64n32 "$2" + ;; ++ ppc64) ++ dump_sys_ppc64 "$2" ++ ;; + *) + echo "" + ;; +@@ -377,6 +409,9 @@ function dump_lib() { + mips64n32) + dump_lib_mips64n32 "$2" + ;; ++ ppc64) ++ dump_lib_ppc64 "$2" ++ ;; + *) + echo "" + ;; +@@ -413,7 +448,7 @@ shift $(($OPTIND - 1)) + + # defaults + if [[ $arches == "" ]]; then +- arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32" ++ arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64" + fi + + # sanity checks +Index: libseccomp-2.2.0/tests/regression +=================================================================== +--- libseccomp-2.2.0.orig/tests/regression ++++ libseccomp-2.2.0/tests/regression +@@ -21,8 +21,8 @@ + # along with this library; if not, see . + # + +-GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32" +-GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32" ++GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32 ppc64le" ++GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32 ppc64" + + GLBL_SYS_ARCH="../tools/scmp_arch_detect" + GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver" diff --git a/libseccomp.changes b/libseccomp.changes index 9a58614..27fca77 100644 --- a/libseccomp.changes +++ b/libseccomp.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Apr 13 15:05:05 UTC 2015 - dvaleev@suse.com + +- Fix ppc64le build: libseccomp-ppc64le.patch + ------------------------------------------------------------------- Fri Apr 10 16:52:55 UTC 2015 - afaerber@suse.de diff --git a/libseccomp.spec b/libseccomp.spec index fcda261..832dbbe 100644 --- a/libseccomp.spec +++ b/libseccomp.spec @@ -32,6 +32,7 @@ Patch1: no-static.diff Patch2: 0001-tools-add-the-missing-elf.h-header-file.patch Patch3: libseccomp-s390x-support.patch Patch4: libseccomp-arm-syscall-fixes.patch +Patch5: libseccomp-ppc64le.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake >= 1.11 @@ -99,7 +100,7 @@ This subpackage contains debug utilities for the seccomp interface. %prep %setup -q -%patch -P 1 -P 2 -P 3 -P 4 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1 %build autoreconf -fi @@ -112,7 +113,7 @@ find "%buildroot/%_libdir" -type f -name "*.la" -delete %fdupes %buildroot/%_prefix %check -%ifarch ppc ppc64 s390 s390x +%ifarch ppc s390 s390x make check || true #pushd tests/ #./regression -v