3
0
forked from pool/libseccomp

Accepting request 295668 from home:k0da:branches:security

OBS-URL: https://build.opensuse.org/request/show/295668
OBS-URL: https://build.opensuse.org/package/show/security/libseccomp?expand=0&rev=32
This commit is contained in:
Marcus Meissner 2015-04-16 15:09:37 +00:00 committed by Git OBS Bridge
parent 41da53f084
commit 73e133c103
3 changed files with 461 additions and 2 deletions

453
libseccomp-ppc64le.patch Normal file
View File

@ -0,0 +1,453 @@
Index: libseccomp-2.2.0/include/seccomp.h.in
===================================================================
--- libseccomp-2.2.0.orig/include/seccomp.h.in
+++ libseccomp-2.2.0/include/seccomp.h.in
@@ -169,6 +169,10 @@ struct scmp_arg_cmp {
* The PowerPC64 architecture token
*/
#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
+#ifndef AUDIT_ARCH_PPC64LE
+#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif
+#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE
/**
* Convert a syscall name into the associated syscall number
Index: libseccomp-2.2.0/src/arch-ppc64.c
===================================================================
--- libseccomp-2.2.0.orig/src/arch-ppc64.c
+++ libseccomp-2.2.0/src/arch-ppc64.c
@@ -30,9 +30,12 @@ const struct arch_def arch_def_ppc64 = {
.token = SCMP_ARCH_PPC64,
.token_bpf = AUDIT_ARCH_PPC64,
.size = ARCH_SIZE_64,
-#ifdef __LITTLE_ENDIAN__
- .endian = ARCH_ENDIAN_LITTLE,
-#else
.endian = ARCH_ENDIAN_BIG,
-#endif
+};
+
+const struct arch_def arch_def_ppc64le = {
+ .token = SCMP_ARCH_PPC64LE,
+ .token_bpf = AUDIT_ARCH_PPC64LE,
+ .size = ARCH_SIZE_64,
+ .endian = ARCH_ENDIAN_LITTLE,
};
Index: libseccomp-2.2.0/src/arch-ppc64.h
===================================================================
--- libseccomp-2.2.0.orig/src/arch-ppc64.h
+++ libseccomp-2.2.0/src/arch-ppc64.h
@@ -27,19 +27,11 @@
#include "arch.h"
#include "system.h"
-#define ppc64_arg_count_max 6
-
extern const struct arch_def arch_def_ppc64;
-
-#ifdef __LITTLE_ENDIAN__
-#define ppc64_arg_offset_lo(x) (arch_arg_offset(x))
-#define ppc64_arg_offset_hi(x) (arch_arg_offset(x) + 4)
-#else
-#define ppc64_arg_offset_lo(x) (arch_arg_offset(x) + 4)
-#define ppc64_arg_offset_hi(x) (arch_arg_offset(x))
-#endif
+extern const struct arch_def arch_def_ppc64le;
int ppc64_syscall_resolve_name(const char *name);
const char *ppc64_syscall_resolve_num(int num);
+const char *ppc64_syscall_iterate_name(unsigned int spot);
#endif
Index: libseccomp-2.2.0/src/arch.c
===================================================================
--- libseccomp-2.2.0.orig/src/arch.c
+++ libseccomp-2.2.0/src/arch.c
@@ -82,8 +82,10 @@ const struct arch_def *arch_def_native =
const struct arch_def *arch_def_native = &arch_def_s390;
#elif __s390x__
const struct arch_def *arch_def_native = &arch_def_s390x;
-#elif __powerpc64__
+#elif __powerpc64__ && __BIG_ENDIAN__
const struct arch_def *arch_def_native = &arch_def_ppc64;
+#elif __powerpc64__ && __LITTLE_ENDIAN__
+const struct arch_def *arch_def_native = &arch_def_ppc64le;
#elif __powerpc__
const struct arch_def *arch_def_native = &arch_def_ppc;
#else
@@ -140,6 +142,8 @@ const struct arch_def *arch_def_lookup(u
return &arch_def_s390x;
case SCMP_ARCH_PPC64:
return &arch_def_ppc64;
+ case SCMP_ARCH_PPC64LE:
+ return &arch_def_ppc64le;
case SCMP_ARCH_PPC:
return &arch_def_ppc;
}
@@ -178,6 +182,10 @@ const struct arch_def *arch_def_lookup_n
return &arch_def_mips64n32;
else if (strcmp(arch_name, "mipsel64n32") == 0)
return &arch_def_mipsel64n32;
+ else if (strcmp(arch_name, "ppc64") == 0)
+ return &arch_def_ppc64;
+ else if (strcmp(arch_name, "ppc64le") == 0)
+ return &arch_def_ppc64le;
return NULL;
}
@@ -301,6 +309,7 @@ int arch_syscall_resolve_name(const stru
case SCMP_ARCH_S390X:
return s390x_syscall_resolve_name(name);
case SCMP_ARCH_PPC64:
+ case SCMP_ARCH_PPC64LE:
return ppc64_syscall_resolve_name(name);
case SCMP_ARCH_PPC:
return ppc_syscall_resolve_name(name);
@@ -346,6 +355,7 @@ const char *arch_syscall_resolve_num(con
case SCMP_ARCH_S390X:
return s390x_syscall_resolve_num(num);
case SCMP_ARCH_PPC64:
+ case SCMP_ARCH_PPC64LE:
return ppc64_syscall_resolve_num(num);
case SCMP_ARCH_PPC:
return ppc_syscall_resolve_num(num);
Index: libseccomp-2.2.0/src/gen_pfc.c
===================================================================
--- libseccomp-2.2.0.orig/src/gen_pfc.c
+++ libseccomp-2.2.0/src/gen_pfc.c
@@ -79,6 +79,8 @@ static const char *_pfc_arch(const struc
return "ppc";
case SCMP_ARCH_PPC64:
return "ppc64";
+ case SCMP_ARCH_PPC64LE:
+ return "ppc64le";
default:
return "UNKNOWN";
}
Index: libseccomp-2.2.0/tools/scmp_arch_detect.c
===================================================================
--- libseccomp-2.2.0.orig/tools/scmp_arch_detect.c
+++ libseccomp-2.2.0/tools/scmp_arch_detect.c
@@ -111,6 +111,9 @@ int main(int argc, char *argv[])
case SCMP_ARCH_PPC64:
printf("ppc64\n");
break;
+ case SCMP_ARCH_PPC64LE:
+ printf("ppc64le\n");
+ break;
default:
printf("unknown\n");
}
Index: libseccomp-2.2.0/tools/scmp_bpf_sim.c
===================================================================
--- libseccomp-2.2.0.orig/tools/scmp_bpf_sim.c
+++ libseccomp-2.2.0/tools/scmp_bpf_sim.c
@@ -250,13 +250,15 @@ int main(int argc, char *argv[])
else if (strcmp(optarg, "mipsel64n32") == 0)
arch = AUDIT_ARCH_MIPSEL64N32;
else if (strcmp(optarg, "s390") == 0)
- sys_data.arch = AUDIT_ARCH_S390;
+ arch = AUDIT_ARCH_S390;
else if (strcmp(optarg, "s390x") == 0)
- sys_data.arch = AUDIT_ARCH_S390X;
+ arch = AUDIT_ARCH_S390X;
else if (strcmp(optarg, "ppc") == 0)
- sys_data.arch = AUDIT_ARCH_PPC;
+ arch = AUDIT_ARCH_PPC;
else if (strcmp(optarg, "ppc64") == 0)
- sys_data.arch = AUDIT_ARCH_PPC64;
+ arch = AUDIT_ARCH_PPC64;
+ else if (strcmp(optarg, "ppc64le") == 0)
+ arch = AUDIT_ARCH_PPC64LE;
else
exit_fault(EINVAL);
break;
Index: libseccomp-2.2.0/tools/util.c
===================================================================
--- libseccomp-2.2.0.orig/tools/util.c
+++ libseccomp-2.2.0/tools/util.c
@@ -66,8 +66,10 @@
#define ARCH_NATIVE AUDIT_ARCH_S390
#elif __s390x__
#define ARCH_NATIVE AUDIT_ARCH_S390X
-#elif __powerpc64__
+#elif __powerpc64__ && __BIG_ENDIAN__
#define ARCH_NATIVE AUDIT_ARCH_PPC64
+#elif __powerpc64__ && __LITTLE_ENDIAN__
+#define ARCH_NATIVE AUDIT_ARCH_PPC64LE
#elif __powerpc__
#define ARCH_NATIVE AUDIT_ARCH_PPC
#else
Index: libseccomp-2.2.0/include/seccomp.h
===================================================================
--- libseccomp-2.2.0.orig/include/seccomp.h
+++ libseccomp-2.2.0/include/seccomp.h
@@ -151,6 +151,30 @@ struct scmp_arg_cmp {
#define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32
/**
+ * The S390X architecture token
+ */
+#define SCMP_ARCH_S390X AUDIT_ARCH_S390X
+
+/**
+ * The S390 architecture token
+ */
+#define SCMP_ARCH_S390 AUDIT_ARCH_S390
+
+/**
+ * The PowerPC architecture token
+ */
+#define SCMP_ARCH_PPC AUDIT_ARCH_PPC
+
+/**
+ * The PowerPC64 architecture token
+ */
+#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
+#ifndef AUDIT_ARCH_PPC64LE
+#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif
+#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE
+
+/**
* Convert a syscall name into the associated syscall number
* @param x the syscall name
*/
Index: libseccomp-2.2.0/tools/util.h
===================================================================
--- libseccomp-2.2.0.orig/tools/util.h
+++ libseccomp-2.2.0/tools/util.h
@@ -47,6 +47,10 @@
#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#endif
+#ifndef AUDIT_ARCH_PPC64LE
+#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif
+
extern uint32_t arch;
void exit_usage(const char *program);
Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c
===================================================================
--- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.c
+++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c
@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32"));
if (rc != 0)
goto out;
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
+ if (rc != 0)
+ goto out;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
Index: libseccomp-2.2.0/tests/16-sim-arch_basic.c
===================================================================
--- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.c
+++ libseccomp-2.2.0/tests/16-sim-arch_basic.c
@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32);
if (rc != 0)
goto out;
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
+ if (rc != 0)
+ goto out;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
Index: libseccomp-2.2.0/src/arch-syscall-dump.c
===================================================================
--- libseccomp-2.2.0.orig/src/arch-syscall-dump.c
+++ libseccomp-2.2.0/src/arch-syscall-dump.c
@@ -38,6 +38,7 @@
#include "arch-mips64.h"
#include "arch-mips64n32.h"
#include "arch-aarch64.h"
+#include "arch-ppc64.h"
/**
* Print the usage information to stderr and exit
@@ -112,6 +113,10 @@ int main(int argc, char *argv[])
case SCMP_ARCH_AARCH64:
sys_name = aarch64_syscall_iterate_name(iter);
break;
+ case SCMP_ARCH_PPC64:
+ case SCMP_ARCH_PPC64LE:
+ sys_name = ppc64_syscall_iterate_name(iter);
+ break;
default:
/* invalid arch */
exit_usage(argv[0]);
Index: libseccomp-2.2.0/src/arch-ppc64-syscalls.c
===================================================================
--- libseccomp-2.2.0.orig/src/arch-ppc64-syscalls.c
+++ libseccomp-2.2.0/src/arch-ppc64-syscalls.c
@@ -425,3 +425,16 @@ const char *ppc64_syscall_resolve_num(in
return NULL;
}
+/**
+ * Iterate through the syscall table and return the syscall name
+ * @param spot the offset into the syscall table
+ *
+ * Return the syscall name at position @spot or NULL on failure. This function
+ * should only ever be used internally by libseccomp.
+ *
+ */
+const char *ppc64_syscall_iterate_name(unsigned int spot)
+{
+ /* XXX - no safety checks here */
+ return ppc64_syscall_table[spot].name;
+}
Index: libseccomp-2.2.0/tests/16-sim-arch_basic.py
===================================================================
--- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.py
+++ libseccomp-2.2.0/tests/16-sim-arch_basic.py
@@ -39,6 +39,8 @@ def test(args):
f.add_arch(Arch("mipsel"))
f.add_arch(Arch("mipsel64"))
f.add_arch(Arch("mipsel64n32"))
+ f.add_arch(Arch("ppc64"))
+ f.add_arch(Arch("ppc64le"))
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py
===================================================================
--- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.py
+++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py
@@ -39,6 +39,7 @@ def test(args):
f.add_arch(Arch("mipsel"))
f.add_arch(Arch("mipsel64"))
f.add_arch(Arch("mipsel64n32"))
+ f.add_arch(Arch("ppc64le"))
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
Index: libseccomp-2.2.0/tools/scmp_bpf_disasm.c
===================================================================
--- libseccomp-2.2.0.orig/tools/scmp_bpf_disasm.c
+++ libseccomp-2.2.0/tools/scmp_bpf_disasm.c
@@ -334,6 +334,10 @@ int main(int argc, char *argv[])
arch = AUDIT_ARCH_MIPS64N32;
else if (strcmp(optarg, "mipsel64n32") == 0)
arch = AUDIT_ARCH_MIPSEL64N32;
+ else if (strcmp(optarg, "ppc64") == 0)
+ arch = AUDIT_ARCH_PPC64;
+ else if (strcmp(optarg, "ppc64le") == 0)
+ arch = AUDIT_ARCH_PPC64LE;
else
exit_usage(argv[0]);
break;
Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c
===================================================================
--- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.c
+++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c
@@ -52,6 +52,9 @@ int main(int argc, char *argv[])
rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
if (rc != 0)
goto out;
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
+ if (rc != 0)
+ goto out;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py
===================================================================
--- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.py
+++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py
@@ -33,6 +33,7 @@ def test(args):
f.add_arch(Arch("mips"))
f.add_arch(Arch("mips64"))
f.add_arch(Arch("mips64n32"))
+ f.add_arch(Arch("ppc64"))
f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
Index: libseccomp-2.2.0/src/arch-syscall-validate
===================================================================
--- libseccomp-2.2.0.orig/src/arch-syscall-validate
+++ libseccomp-2.2.0/src/arch-syscall-validate
@@ -303,6 +303,35 @@ function dump_lib_mips64n32() {
}
#
+# Dump the ppc64 system syscall table
+#
+# Arguments:
+# 1 path to the kernel source
+#
+# Dump the architecture's syscall table to stdout.
+#
+function dump_sys_ppc64() {
+ gcc -E -dM -I$1/arch/powerpc/include/uapi $1/arch/powerpc/include/uapi/asm/unistd.h | \
+ grep "^#define __NR_" | sort | \
+ grep -v "^#define __NR_O32_" | \
+ grep -v "^#define __NR_N32_" | \
+ grep -v "^#define __NR_64_" | \
+ grep -v "^#define __NR_Linux" | \
+ grep -v "^#define __NR_unused" | \
+ grep -v "^#define __NR_reserved" | \
+ sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_Linux[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/'
+}
+
+#
+# Dump the ppc64 library syscall table
+#
+# Dump the library's syscall table to stdout.
+#
+function dump_lib_ppc64() {
+ $LIB_SYS_DUMP -a ppc64 | sed -e '/[^\t]\+\t-[0-9]\+/d'
+}
+
+#
# Dump the system syscall table
#
# Arguments:
@@ -337,6 +366,9 @@ function dump_sys() {
mips64n32)
dump_sys_mips64n32 "$2"
;;
+ ppc64)
+ dump_sys_ppc64 "$2"
+ ;;
*)
echo ""
;;
@@ -377,6 +409,9 @@ function dump_lib() {
mips64n32)
dump_lib_mips64n32 "$2"
;;
+ ppc64)
+ dump_lib_ppc64 "$2"
+ ;;
*)
echo ""
;;
@@ -413,7 +448,7 @@ shift $(($OPTIND - 1))
# defaults
if [[ $arches == "" ]]; then
- arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32"
+ arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64"
fi
# sanity checks
Index: libseccomp-2.2.0/tests/regression
===================================================================
--- libseccomp-2.2.0.orig/tests/regression
+++ libseccomp-2.2.0/tests/regression
@@ -21,8 +21,8 @@
# along with this library; if not, see <http://www.gnu.org/licenses>.
#
-GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32"
-GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32"
+GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32 ppc64le"
+GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32 ppc64"
GLBL_SYS_ARCH="../tools/scmp_arch_detect"
GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Apr 13 15:05:05 UTC 2015 - dvaleev@suse.com
- Fix ppc64le build: libseccomp-ppc64le.patch
-------------------------------------------------------------------
Fri Apr 10 16:52:55 UTC 2015 - afaerber@suse.de

View File

@ -32,6 +32,7 @@ Patch1: no-static.diff
Patch2: 0001-tools-add-the-missing-elf.h-header-file.patch
Patch3: libseccomp-s390x-support.patch
Patch4: libseccomp-arm-syscall-fixes.patch
Patch5: libseccomp-ppc64le.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: autoconf
BuildRequires: automake >= 1.11
@ -99,7 +100,7 @@ This subpackage contains debug utilities for the seccomp interface.
%prep
%setup -q
%patch -P 1 -P 2 -P 3 -P 4 -p1
%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1
%build
autoreconf -fi
@ -112,7 +113,7 @@ find "%buildroot/%_libdir" -type f -name "*.la" -delete
%fdupes %buildroot/%_prefix
%check
%ifarch ppc ppc64 s390 s390x
%ifarch ppc s390 s390x
make check || true
#pushd tests/
#./regression -v