From 73e133c103460d74376aef35b13a49f3b184aa770c38029b1a822f69ec28d8d2 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 16 Apr 2015 15:09:37 +0000 Subject: [PATCH] Accepting request 295668 from home:k0da:branches:security OBS-URL: https://build.opensuse.org/request/show/295668 OBS-URL: https://build.opensuse.org/package/show/security/libseccomp?expand=0&rev=32 --- libseccomp-ppc64le.patch | 453 +++++++++++++++++++++++++++++++++++++++ libseccomp.changes | 5 + libseccomp.spec | 5 +- 3 files changed, 461 insertions(+), 2 deletions(-) create mode 100644 libseccomp-ppc64le.patch diff --git a/libseccomp-ppc64le.patch b/libseccomp-ppc64le.patch new file mode 100644 index 0000000..4335c20 --- /dev/null +++ b/libseccomp-ppc64le.patch @@ -0,0 +1,453 @@ +Index: libseccomp-2.2.0/include/seccomp.h.in +=================================================================== +--- libseccomp-2.2.0.orig/include/seccomp.h.in ++++ libseccomp-2.2.0/include/seccomp.h.in +@@ -169,6 +169,10 @@ struct scmp_arg_cmp { + * The PowerPC64 architecture token + */ + #define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64 ++#ifndef AUDIT_ARCH_PPC64LE ++#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif ++#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE + + /** + * Convert a syscall name into the associated syscall number +Index: libseccomp-2.2.0/src/arch-ppc64.c +=================================================================== +--- libseccomp-2.2.0.orig/src/arch-ppc64.c ++++ libseccomp-2.2.0/src/arch-ppc64.c +@@ -30,9 +30,12 @@ const struct arch_def arch_def_ppc64 = { + .token = SCMP_ARCH_PPC64, + .token_bpf = AUDIT_ARCH_PPC64, + .size = ARCH_SIZE_64, +-#ifdef __LITTLE_ENDIAN__ +- .endian = ARCH_ENDIAN_LITTLE, +-#else + .endian = ARCH_ENDIAN_BIG, +-#endif ++}; ++ ++const struct arch_def arch_def_ppc64le = { ++ .token = SCMP_ARCH_PPC64LE, ++ .token_bpf = AUDIT_ARCH_PPC64LE, ++ .size = ARCH_SIZE_64, ++ .endian = ARCH_ENDIAN_LITTLE, + }; +Index: libseccomp-2.2.0/src/arch-ppc64.h +=================================================================== +--- libseccomp-2.2.0.orig/src/arch-ppc64.h ++++ libseccomp-2.2.0/src/arch-ppc64.h +@@ -27,19 +27,11 @@ + #include "arch.h" + #include "system.h" + +-#define ppc64_arg_count_max 6 +- + extern const struct arch_def arch_def_ppc64; +- +-#ifdef __LITTLE_ENDIAN__ +-#define ppc64_arg_offset_lo(x) (arch_arg_offset(x)) +-#define ppc64_arg_offset_hi(x) (arch_arg_offset(x) + 4) +-#else +-#define ppc64_arg_offset_lo(x) (arch_arg_offset(x) + 4) +-#define ppc64_arg_offset_hi(x) (arch_arg_offset(x)) +-#endif ++extern const struct arch_def arch_def_ppc64le; + + int ppc64_syscall_resolve_name(const char *name); + const char *ppc64_syscall_resolve_num(int num); + ++const char *ppc64_syscall_iterate_name(unsigned int spot); + #endif +Index: libseccomp-2.2.0/src/arch.c +=================================================================== +--- libseccomp-2.2.0.orig/src/arch.c ++++ libseccomp-2.2.0/src/arch.c +@@ -82,8 +82,10 @@ const struct arch_def *arch_def_native = + const struct arch_def *arch_def_native = &arch_def_s390; + #elif __s390x__ + const struct arch_def *arch_def_native = &arch_def_s390x; +-#elif __powerpc64__ ++#elif __powerpc64__ && __BIG_ENDIAN__ + const struct arch_def *arch_def_native = &arch_def_ppc64; ++#elif __powerpc64__ && __LITTLE_ENDIAN__ ++const struct arch_def *arch_def_native = &arch_def_ppc64le; + #elif __powerpc__ + const struct arch_def *arch_def_native = &arch_def_ppc; + #else +@@ -140,6 +142,8 @@ const struct arch_def *arch_def_lookup(u + return &arch_def_s390x; + case SCMP_ARCH_PPC64: + return &arch_def_ppc64; ++ case SCMP_ARCH_PPC64LE: ++ return &arch_def_ppc64le; + case SCMP_ARCH_PPC: + return &arch_def_ppc; + } +@@ -178,6 +182,10 @@ const struct arch_def *arch_def_lookup_n + return &arch_def_mips64n32; + else if (strcmp(arch_name, "mipsel64n32") == 0) + return &arch_def_mipsel64n32; ++ else if (strcmp(arch_name, "ppc64") == 0) ++ return &arch_def_ppc64; ++ else if (strcmp(arch_name, "ppc64le") == 0) ++ return &arch_def_ppc64le; + + return NULL; + } +@@ -301,6 +309,7 @@ int arch_syscall_resolve_name(const stru + case SCMP_ARCH_S390X: + return s390x_syscall_resolve_name(name); + case SCMP_ARCH_PPC64: ++ case SCMP_ARCH_PPC64LE: + return ppc64_syscall_resolve_name(name); + case SCMP_ARCH_PPC: + return ppc_syscall_resolve_name(name); +@@ -346,6 +355,7 @@ const char *arch_syscall_resolve_num(con + case SCMP_ARCH_S390X: + return s390x_syscall_resolve_num(num); + case SCMP_ARCH_PPC64: ++ case SCMP_ARCH_PPC64LE: + return ppc64_syscall_resolve_num(num); + case SCMP_ARCH_PPC: + return ppc_syscall_resolve_num(num); +Index: libseccomp-2.2.0/src/gen_pfc.c +=================================================================== +--- libseccomp-2.2.0.orig/src/gen_pfc.c ++++ libseccomp-2.2.0/src/gen_pfc.c +@@ -79,6 +79,8 @@ static const char *_pfc_arch(const struc + return "ppc"; + case SCMP_ARCH_PPC64: + return "ppc64"; ++ case SCMP_ARCH_PPC64LE: ++ return "ppc64le"; + default: + return "UNKNOWN"; + } +Index: libseccomp-2.2.0/tools/scmp_arch_detect.c +=================================================================== +--- libseccomp-2.2.0.orig/tools/scmp_arch_detect.c ++++ libseccomp-2.2.0/tools/scmp_arch_detect.c +@@ -111,6 +111,9 @@ int main(int argc, char *argv[]) + case SCMP_ARCH_PPC64: + printf("ppc64\n"); + break; ++ case SCMP_ARCH_PPC64LE: ++ printf("ppc64le\n"); ++ break; + default: + printf("unknown\n"); + } +Index: libseccomp-2.2.0/tools/scmp_bpf_sim.c +=================================================================== +--- libseccomp-2.2.0.orig/tools/scmp_bpf_sim.c ++++ libseccomp-2.2.0/tools/scmp_bpf_sim.c +@@ -250,13 +250,15 @@ int main(int argc, char *argv[]) + else if (strcmp(optarg, "mipsel64n32") == 0) + arch = AUDIT_ARCH_MIPSEL64N32; + else if (strcmp(optarg, "s390") == 0) +- sys_data.arch = AUDIT_ARCH_S390; ++ arch = AUDIT_ARCH_S390; + else if (strcmp(optarg, "s390x") == 0) +- sys_data.arch = AUDIT_ARCH_S390X; ++ arch = AUDIT_ARCH_S390X; + else if (strcmp(optarg, "ppc") == 0) +- sys_data.arch = AUDIT_ARCH_PPC; ++ arch = AUDIT_ARCH_PPC; + else if (strcmp(optarg, "ppc64") == 0) +- sys_data.arch = AUDIT_ARCH_PPC64; ++ arch = AUDIT_ARCH_PPC64; ++ else if (strcmp(optarg, "ppc64le") == 0) ++ arch = AUDIT_ARCH_PPC64LE; + else + exit_fault(EINVAL); + break; +Index: libseccomp-2.2.0/tools/util.c +=================================================================== +--- libseccomp-2.2.0.orig/tools/util.c ++++ libseccomp-2.2.0/tools/util.c +@@ -66,8 +66,10 @@ + #define ARCH_NATIVE AUDIT_ARCH_S390 + #elif __s390x__ + #define ARCH_NATIVE AUDIT_ARCH_S390X +-#elif __powerpc64__ ++#elif __powerpc64__ && __BIG_ENDIAN__ + #define ARCH_NATIVE AUDIT_ARCH_PPC64 ++#elif __powerpc64__ && __LITTLE_ENDIAN__ ++#define ARCH_NATIVE AUDIT_ARCH_PPC64LE + #elif __powerpc__ + #define ARCH_NATIVE AUDIT_ARCH_PPC + #else +Index: libseccomp-2.2.0/include/seccomp.h +=================================================================== +--- libseccomp-2.2.0.orig/include/seccomp.h ++++ libseccomp-2.2.0/include/seccomp.h +@@ -151,6 +151,30 @@ struct scmp_arg_cmp { + #define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32 + + /** ++ * The S390X architecture token ++ */ ++#define SCMP_ARCH_S390X AUDIT_ARCH_S390X ++ ++/** ++ * The S390 architecture token ++ */ ++#define SCMP_ARCH_S390 AUDIT_ARCH_S390 ++ ++/** ++ * The PowerPC architecture token ++ */ ++#define SCMP_ARCH_PPC AUDIT_ARCH_PPC ++ ++/** ++ * The PowerPC64 architecture token ++ */ ++#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64 ++#ifndef AUDIT_ARCH_PPC64LE ++#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif ++#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE ++ ++/** + * Convert a syscall name into the associated syscall number + * @param x the syscall name + */ +Index: libseccomp-2.2.0/tools/util.h +=================================================================== +--- libseccomp-2.2.0.orig/tools/util.h ++++ libseccomp-2.2.0/tools/util.h +@@ -47,6 +47,10 @@ + #define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) + #endif + ++#ifndef AUDIT_ARCH_PPC64LE ++#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif ++ + extern uint32_t arch; + + void exit_usage(const char *program); +Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c +=================================================================== +--- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.c ++++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c +@@ -68,6 +68,9 @@ int main(int argc, char *argv[]) + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32")); + if (rc != 0) + goto out; ++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le")); ++ if (rc != 0) ++ goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); +Index: libseccomp-2.2.0/tests/16-sim-arch_basic.c +=================================================================== +--- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.c ++++ libseccomp-2.2.0/tests/16-sim-arch_basic.c +@@ -68,6 +68,9 @@ int main(int argc, char *argv[]) + rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32); + if (rc != 0) + goto out; ++ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE); ++ if (rc != 0) ++ goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); +Index: libseccomp-2.2.0/src/arch-syscall-dump.c +=================================================================== +--- libseccomp-2.2.0.orig/src/arch-syscall-dump.c ++++ libseccomp-2.2.0/src/arch-syscall-dump.c +@@ -38,6 +38,7 @@ + #include "arch-mips64.h" + #include "arch-mips64n32.h" + #include "arch-aarch64.h" ++#include "arch-ppc64.h" + + /** + * Print the usage information to stderr and exit +@@ -112,6 +113,10 @@ int main(int argc, char *argv[]) + case SCMP_ARCH_AARCH64: + sys_name = aarch64_syscall_iterate_name(iter); + break; ++ case SCMP_ARCH_PPC64: ++ case SCMP_ARCH_PPC64LE: ++ sys_name = ppc64_syscall_iterate_name(iter); ++ break; + default: + /* invalid arch */ + exit_usage(argv[0]); +Index: libseccomp-2.2.0/src/arch-ppc64-syscalls.c +=================================================================== +--- libseccomp-2.2.0.orig/src/arch-ppc64-syscalls.c ++++ libseccomp-2.2.0/src/arch-ppc64-syscalls.c +@@ -425,3 +425,16 @@ const char *ppc64_syscall_resolve_num(in + + return NULL; + } ++/** ++ * Iterate through the syscall table and return the syscall name ++ * @param spot the offset into the syscall table ++ * ++ * Return the syscall name at position @spot or NULL on failure. This function ++ * should only ever be used internally by libseccomp. ++ * ++ */ ++const char *ppc64_syscall_iterate_name(unsigned int spot) ++{ ++ /* XXX - no safety checks here */ ++ return ppc64_syscall_table[spot].name; ++} +Index: libseccomp-2.2.0/tests/16-sim-arch_basic.py +=================================================================== +--- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.py ++++ libseccomp-2.2.0/tests/16-sim-arch_basic.py +@@ -39,6 +39,8 @@ def test(args): + f.add_arch(Arch("mipsel")) + f.add_arch(Arch("mipsel64")) + f.add_arch(Arch("mipsel64n32")) ++ f.add_arch(Arch("ppc64")) ++ f.add_arch(Arch("ppc64le")) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py +=================================================================== +--- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.py ++++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py +@@ -39,6 +39,7 @@ def test(args): + f.add_arch(Arch("mipsel")) + f.add_arch(Arch("mipsel64")) + f.add_arch(Arch("mipsel64n32")) ++ f.add_arch(Arch("ppc64le")) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +Index: libseccomp-2.2.0/tools/scmp_bpf_disasm.c +=================================================================== +--- libseccomp-2.2.0.orig/tools/scmp_bpf_disasm.c ++++ libseccomp-2.2.0/tools/scmp_bpf_disasm.c +@@ -334,6 +334,10 @@ int main(int argc, char *argv[]) + arch = AUDIT_ARCH_MIPS64N32; + else if (strcmp(optarg, "mipsel64n32") == 0) + arch = AUDIT_ARCH_MIPSEL64N32; ++ else if (strcmp(optarg, "ppc64") == 0) ++ arch = AUDIT_ARCH_PPC64; ++ else if (strcmp(optarg, "ppc64le") == 0) ++ arch = AUDIT_ARCH_PPC64LE; + else + exit_usage(argv[0]); + break; +Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c +=================================================================== +--- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.c ++++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c +@@ -52,6 +52,9 @@ int main(int argc, char *argv[]) + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32")); + if (rc != 0) + goto out; ++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64")); ++ if (rc != 0) ++ goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); +Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py +=================================================================== +--- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.py ++++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py +@@ -33,6 +33,7 @@ def test(args): + f.add_arch(Arch("mips")) + f.add_arch(Arch("mips64")) + f.add_arch(Arch("mips64n32")) ++ f.add_arch(Arch("ppc64")) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +Index: libseccomp-2.2.0/src/arch-syscall-validate +=================================================================== +--- libseccomp-2.2.0.orig/src/arch-syscall-validate ++++ libseccomp-2.2.0/src/arch-syscall-validate +@@ -303,6 +303,35 @@ function dump_lib_mips64n32() { + } + + # ++# Dump the ppc64 system syscall table ++# ++# Arguments: ++# 1 path to the kernel source ++# ++# Dump the architecture's syscall table to stdout. ++# ++function dump_sys_ppc64() { ++ gcc -E -dM -I$1/arch/powerpc/include/uapi $1/arch/powerpc/include/uapi/asm/unistd.h | \ ++ grep "^#define __NR_" | sort | \ ++ grep -v "^#define __NR_O32_" | \ ++ grep -v "^#define __NR_N32_" | \ ++ grep -v "^#define __NR_64_" | \ ++ grep -v "^#define __NR_Linux" | \ ++ grep -v "^#define __NR_unused" | \ ++ grep -v "^#define __NR_reserved" | \ ++ sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_Linux[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/' ++} ++ ++# ++# Dump the ppc64 library syscall table ++# ++# Dump the library's syscall table to stdout. ++# ++function dump_lib_ppc64() { ++ $LIB_SYS_DUMP -a ppc64 | sed -e '/[^\t]\+\t-[0-9]\+/d' ++} ++ ++# + # Dump the system syscall table + # + # Arguments: +@@ -337,6 +366,9 @@ function dump_sys() { + mips64n32) + dump_sys_mips64n32 "$2" + ;; ++ ppc64) ++ dump_sys_ppc64 "$2" ++ ;; + *) + echo "" + ;; +@@ -377,6 +409,9 @@ function dump_lib() { + mips64n32) + dump_lib_mips64n32 "$2" + ;; ++ ppc64) ++ dump_lib_ppc64 "$2" ++ ;; + *) + echo "" + ;; +@@ -413,7 +448,7 @@ shift $(($OPTIND - 1)) + + # defaults + if [[ $arches == "" ]]; then +- arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32" ++ arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64" + fi + + # sanity checks +Index: libseccomp-2.2.0/tests/regression +=================================================================== +--- libseccomp-2.2.0.orig/tests/regression ++++ libseccomp-2.2.0/tests/regression +@@ -21,8 +21,8 @@ + # along with this library; if not, see . + # + +-GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32" +-GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32" ++GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32 ppc64le" ++GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32 ppc64" + + GLBL_SYS_ARCH="../tools/scmp_arch_detect" + GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver" diff --git a/libseccomp.changes b/libseccomp.changes index 9a58614..27fca77 100644 --- a/libseccomp.changes +++ b/libseccomp.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Apr 13 15:05:05 UTC 2015 - dvaleev@suse.com + +- Fix ppc64le build: libseccomp-ppc64le.patch + ------------------------------------------------------------------- Fri Apr 10 16:52:55 UTC 2015 - afaerber@suse.de diff --git a/libseccomp.spec b/libseccomp.spec index fcda261..832dbbe 100644 --- a/libseccomp.spec +++ b/libseccomp.spec @@ -32,6 +32,7 @@ Patch1: no-static.diff Patch2: 0001-tools-add-the-missing-elf.h-header-file.patch Patch3: libseccomp-s390x-support.patch Patch4: libseccomp-arm-syscall-fixes.patch +Patch5: libseccomp-ppc64le.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake >= 1.11 @@ -99,7 +100,7 @@ This subpackage contains debug utilities for the seccomp interface. %prep %setup -q -%patch -P 1 -P 2 -P 3 -P 4 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1 %build autoreconf -fi @@ -112,7 +113,7 @@ find "%buildroot/%_libdir" -type f -name "*.la" -delete %fdupes %buildroot/%_prefix %check -%ifarch ppc ppc64 s390 s390x +%ifarch ppc s390 s390x make check || true #pushd tests/ #./regression -v