From b4b4d3773c3e6e416fd03378a57392c7c799cf1c Mon Sep 17 00:00:00 2001 From: rpm-build Date: Thu, 21 Sep 2023 18:27:14 +0800 Subject: [PATCH] add loongarch64 support not upstream modified files --- README.md | 1 + doc/man/man1/scmp_sys_resolver.1 | 2 +- doc/man/man3/seccomp_arch_add.3 | 1 + include/seccomp.h.in | 12 ++++ src/Makefile.am | 1 + src/arch-syscall-dump.c | 4 ++ src/arch-syscall-validate | 55 +++++++++++++++++ src/arch.c | 7 +++ src/gen_pfc.c | 2 + src/python/libseccomp.pxd | 1 + src/python/seccomp.pyx | 4 ++ src/syscalls.h | 2 + src/system.c | 1 + tests/15-basic-resolver.c | 1 + tests/16-sim-arch_basic.c | 6 ++ tests/16-sim-arch_basic.py | 1 + tests/23-sim-arch_all_le_basic.c | 3 + tests/23-sim-arch_all_le_basic.py | 1 + tests/36-sim-ipc_syscalls.c | 3 + tests/38-basic-pfc_coverage.c | 3 + tests/38-basic-pfc_coverage.pfc | 97 ++++++++++++++++++++++++++++++ tests/53-sim-binary_tree.c | 3 + tests/53-sim-binary_tree.py | 1 + tests/53-sim-binary_tree.tests | 80 ++++++++++++------------ tests/55-basic-pfc_binary_tree.c | 3 + tests/55-basic-pfc_binary_tree.pfc | 87 +++++++++++++++++++++++++++ tests/56-basic-iterate_syscalls.c | 1 + tests/56-basic-iterate_syscalls.py | 1 + tests/regression | 4 +- tools/scmp_arch_detect.c | 3 + tools/scmp_bpf_disasm.c | 2 + tools/scmp_bpf_sim.c | 2 + tools/util.c | 2 + tools/util.h | 11 ++++ 34 files changed, 366 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 61fe179..0b0439f 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,7 @@ The libseccomp library currently supports the architectures listed below: * 32-bit ARM EABI (arm) * 64-bit ARM (aarch64) * 64-bit SW (sw_64) +* 64-bit LoongArch (loongarch64) * 32-bit MIPS (mips) * 32-bit MIPS little endian (mipsel) * 64-bit MIPS (mips64) diff --git a/doc/man/man1/scmp_sys_resolver.1 b/doc/man/man1/scmp_sys_resolver.1 index 98c1e67..7b7421f 100644 --- a/doc/man/man1/scmp_sys_resolver.1 +++ b/doc/man/man1/scmp_sys_resolver.1 @@ -34,7 +34,7 @@ special manner by libseccomp depending on the operation. .B \-a \fIARCH The architecture to use for resolving the system call. Valid .I ARCH -values are "x86", "x86_64", "x32", "arm","sw_64", "aarch64", "mips", "mipsel", "mips64", +values are "x86", "x86_64", "x32", "arm","sw_64", "loongarch64", "aarch64", "mips", "mipsel", "mips64", "mipsel64", "mips64n32", "mipsel64n32", "parisc", "parisc64", "ppc", "ppc64", "ppc64le", "s390" and "s390x". .TP diff --git a/doc/man/man3/seccomp_arch_add.3 b/doc/man/man3/seccomp_arch_add.3 index 92fdbfa..444c930 100644 --- a/doc/man/man3/seccomp_arch_add.3 +++ b/doc/man/man3/seccomp_arch_add.3 @@ -18,6 +18,7 @@ seccomp_arch_add, seccomp_arch_remove, seccomp_arch_exist, seccomp_arch_native \ .B #define SCMP_ARCH_ARM .B #define SCMP_ARCH_AARCH64 .B #define SCMP_ARCH_SW_64 +.B #define SCMP_ARCH_LOONGARCH64 .B #define SCMP_ARCH_MIPS .B #define SCMP_ARCH_MIPS64 .B #define SCMP_ARCH_MIPS64N32 diff --git a/include/seccomp.h.in b/include/seccomp.h.in index 5364c62..c7caaa7 100644 --- a/include/seccomp.h.in +++ b/include/seccomp.h.in @@ -160,6 +160,18 @@ struct scmp_arg_cmp { #endif /* AUDIT_ARCH_AARCH64 */ #define SCMP_ARCH_AARCH64 AUDIT_ARCH_AARCH64 +/** + * The LoongArch architecture tokens + */ +/* 64-bit LoongArch audit support is not upstream yet */ +#ifndef AUDIT_ARCH_LOONGARCH64 +#ifndef EM_LOONGARCH +#define EM_LOONGARCH 258 +#endif /* EM_LOONGARCH */ +#define AUDIT_ARCH_LOONGARCH64 (EM_LOONGARCH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +#endif /* AUDIT_ARCH_LOONGARCH64 */ +#define SCMP_ARCH_LOONGARCH64 AUDIT_ARCH_LOONGARCH64 + /** * The MIPS architecture tokens */ diff --git a/src/Makefile.am b/src/Makefile.am index 4bca273..5b2e5ff 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -33,6 +33,7 @@ SOURCES_ALL = \ arch-arm.h arch-arm.c \ arch-sw_64.h arch-sw_64.c \ arch-aarch64.h arch-aarch64.c \ + arch-loongarch64.h arch-loongarch64.c \ arch-mips.h arch-mips.c \ arch-mips64.h arch-mips64.c \ arch-mips64n32.h arch-mips64n32.c \ diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c index 216958a..1ec6bc4 100644 --- a/src/arch-syscall-dump.c +++ b/src/arch-syscall-dump.c @@ -35,6 +35,7 @@ #include "arch-x32.h" #include "arch-arm.h" #include "arch-sw_64.h" +#include "arch-loongarch64.h" #include "arch-mips.h" #include "arch-mips64.h" #include "arch-mips64n32.h" @@ -110,6 +111,9 @@ int main(int argc, char *argv[]) case SCMP_ARCH_AARCH64: sys = aarch64_syscall_iterate(iter); break; + case SCMP_ARCH_LOONGARCH64: + sys = loongarch64_syscall_iterate(iter); + break; case SCMP_ARCH_MIPS: case SCMP_ARCH_MIPSEL: sys = mips_syscall_iterate(iter); diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate index 647833b..78cca9d 100755 --- a/src/arch-syscall-validate +++ b/src/arch-syscall-validate @@ -312,6 +312,53 @@ function dump_lib_aarch64() { dump_lib_arch aarch64 | mangle_lib_syscall aarch64 } +# +# Dump the loongarch64 syscall table +# +# Arguments: +# 1 path to the kernel source +# +# Dump the architecture's syscall table to stdout. +# +function dump_sys_loongarch64() { + local sed_filter="" + + sed_filter+='s/__NR3264_fadvise64/223/;' + sed_filter+='s/__NR3264_fcntl/25/;' + sed_filter+='s/__NR3264_fstatfs/44/;' + sed_filter+='s/__NR3264_fstatat/79/;' + sed_filter+='s/__NR3264_fstat/80/;' + sed_filter+='s/__NR3264_ftruncate/46/;' + sed_filter+='s/__NR3264_lseek/62/;' + sed_filter+='s/__NR3264_lstat/1039/;' + sed_filter+='s/__NR3264_mmap/222/;' + sed_filter+='s/__NR3264_sendfile/71/;' + sed_filter+='s/__NR3264_statfs/43/;' + sed_filter+='s/__NR3264_stat/1038/;' + sed_filter+='s/__NR3264_truncate/45/;' + + gcc -E -dM -I$1/include/uapi \ + -D__BITS_PER_LONG=64 \ + -D__ARCH_WANT_NEW_STAT \ + -D__ARCH_WANT_SYS_CLONE \ + -D__ARCH_WANT_SYS_CLONE3 \ + $1/arch/loongarch/include/uapi/asm/unistd.h | \ + grep "^#define __NR_" | \ + sed '/__NR_syscalls/d' | \ + sed '/__NR_arch_specific_syscall/d' | \ + sed 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+\(.*\)/\1,\2/' | \ + sed $sed_filter | sort +} + +# +# Dump the loongarch64 library syscall table +# +# Dump the library's syscall table to stdout. +# +function dump_lib_loongarch64() { + dump_lib_arch loongarch64 | mangle_lib_syscall loongarch64 +} + # # Dump the mips system syscall table # @@ -604,6 +651,9 @@ function dump_sys() { aarch64) dump_sys_aarch64 "$2" ;; + loongarch64) + dump_sys_loongarch64 "$2" + ;; mips) dump_sys_mips "$2" ;; @@ -671,6 +721,9 @@ function dump_lib() { aarch64) dump_lib_aarch64 ;; + loongarch64) + dump_lib_loongarch64 + ;; mips) dump_lib_mips ;; @@ -734,6 +787,7 @@ function gen_csv() { abi_list="" abi_list+=" x86 x86_64 x32" abi_list+=" arm aarch64" + abi_list+=" loongarch64" abi_list+=" mips mips64 mips64n32" abi_list+=" parisc parisc64" abi_list+=" ppc ppc64" @@ -824,6 +878,7 @@ if [[ $opt_arches == "" ]]; then opt_arches=" \ x86 x86_64 x32 \ arm aarch64 \ + loongarch64 \ mips mips64 mips64n32 \ parisc parisc64 \ ppc ppc64 \ diff --git a/src/arch.c b/src/arch.c index 13ba0bd..be090b5 100644 --- a/src/arch.c +++ b/src/arch.c @@ -36,6 +36,7 @@ #include "arch-arm.h" #include "arch-aarch64.h" #include "arch-sw_64.h" +#include "arch-loongarch64.h" #include "arch-mips.h" #include "arch-mips64.h" #include "arch-mips64n32.h" @@ -65,6 +66,8 @@ const struct arch_def *arch_def_native = &arch_def_arm; const struct arch_def *arch_def_native = &arch_def_sw_64; #elif __aarch64__ const struct arch_def *arch_def_native = &arch_def_aarch64; +#elif __loongarch64 +const struct arch_def *arch_def_native = &arch_def_loongarch64; #elif __mips__ && _MIPS_SIM == _MIPS_SIM_ABI32 #if __MIPSEB__ const struct arch_def *arch_def_native = &arch_def_mips; @@ -139,6 +142,8 @@ const struct arch_def *arch_def_lookup(uint32_t token) return &arch_def_sw_64; case SCMP_ARCH_AARCH64: return &arch_def_aarch64; + case SCMP_ARCH_LOONGARCH64: + return &arch_def_loongarch64; case SCMP_ARCH_MIPS: return &arch_def_mips; case SCMP_ARCH_MIPSEL: @@ -193,6 +198,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name) return &arch_def_sw_64; else if (strcmp(arch_name, "aarch64") == 0) return &arch_def_aarch64; + else if (strcmp(arch_name, "loongarch64") == 0) + return &arch_def_loongarch64; else if (strcmp(arch_name, "mips") == 0) return &arch_def_mips; else if (strcmp(arch_name, "mipsel") == 0) diff --git a/src/gen_pfc.c b/src/gen_pfc.c index 1ce5adf..9aa38e5 100644 --- a/src/gen_pfc.c +++ b/src/gen_pfc.c @@ -63,6 +63,8 @@ static const char *_pfc_arch(const struct arch_def *arch) return "sw_64"; case SCMP_ARCH_AARCH64: return "aarch64"; + case SCMP_ARCH_LOONGARCH64: + return "loongarch64"; case SCMP_ARCH_MIPS: return "mips"; case SCMP_ARCH_MIPSEL: diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd index d51ebad..49fd4e3 100644 --- a/src/python/libseccomp.pxd +++ b/src/python/libseccomp.pxd @@ -39,6 +39,7 @@ cdef extern from "seccomp.h": SCMP_ARCH_ARM SCMP_ARCH_SW_64 SCMP_ARCH_AARCH64 + SCMP_ARCH_LOONGARCH64 SCMP_ARCH_MIPS SCMP_ARCH_MIPS64 SCMP_ARCH_MIPS64N32 diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx index 0095f43..e4e3cc2 100644 --- a/src/python/seccomp.pyx +++ b/src/python/seccomp.pyx @@ -205,6 +205,7 @@ cdef class Arch: ARM - ARM SW_64 - SW_64 AARCH64 - 64-bit ARM + LOONGARCH64 - 64-bit LoongArch MIPS - MIPS O32 ABI MIPS64 - MIPS 64-bit ABI MIPS64N32 - MIPS N32 ABI @@ -227,6 +228,7 @@ cdef class Arch: ARM = libseccomp.SCMP_ARCH_ARM SW_64 = libseccomp.SCMP_ARCH_SW_64 AARCH64 = libseccomp.SCMP_ARCH_AARCH64 + LOONGARCH64 = libseccomp.SCMP_ARCH_LOONGARCH64 MIPS = libseccomp.SCMP_ARCH_MIPS MIPS64 = libseccomp.SCMP_ARCH_MIPS64 MIPS64N32 = libseccomp.SCMP_ARCH_MIPS64N32 @@ -266,6 +268,8 @@ cdef class Arch: self._token = libseccomp.SCMP_ARCH_SW_64 elif arch == libseccomp.SCMP_ARCH_AARCH64: self._token = libseccomp.SCMP_ARCH_AARCH64 + elif arch == libseccomp.SCMP_ARCH_LOONGARCH64: + self._token = libseccomp.SCMP_ARCH_LOONGARCH64 elif arch == libseccomp.SCMP_ARCH_MIPS: self._token = libseccomp.SCMP_ARCH_MIPS elif arch == libseccomp.SCMP_ARCH_MIPS64: diff --git a/src/syscalls.h b/src/syscalls.h index 17c6f21..7e4aec6 100644 --- a/src/syscalls.h +++ b/src/syscalls.h @@ -14,6 +14,7 @@ #include "arch-aarch64.h" #include "arch-arm.h" #include "arch.h" +#include "arch-loongarch64.h" #include "arch-mips64.h" #include "arch-mips64n32.h" #include "arch-mips.h" @@ -42,6 +43,7 @@ struct arch_syscall_table { int x32; int arm; int aarch64; + int loongarch64; int mips; int mips64; int mips64n32; diff --git a/src/system.c b/src/system.c index f35da74..0ccc2dd 100644 --- a/src/system.c +++ b/src/system.c @@ -127,6 +127,7 @@ int sys_chk_seccomp_syscall(void) case SCMP_ARCH_ARM: case SCMP_ARCH_SW_64: case SCMP_ARCH_AARCH64: + case SCMP_ARCH_LOONGARCH64: case SCMP_ARCH_PPC64: case SCMP_ARCH_PPC64LE: case SCMP_ARCH_S390: diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c index 6db69e8..c79894f 100644 --- a/tests/15-basic-resolver.c +++ b/tests/15-basic-resolver.c @@ -32,6 +32,7 @@ unsigned int arch_list[] = { SCMP_ARCH_X32, SCMP_ARCH_ARM, SCMP_ARCH_AARCH64, + SCMP_ARCH_LOONGARCH64, SCMP_ARCH_MIPS, SCMP_ARCH_MIPS64, SCMP_ARCH_MIPS64N32, diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c index 0b141e1..ee1a4a5 100644 --- a/tests/16-sim-arch_basic.c +++ b/tests/16-sim-arch_basic.c @@ -78,6 +78,9 @@ int main(int argc, char *argv[]) if (rc != 0) goto out; rc = seccomp_arch_add(ctx, SCMP_ARCH_AARCH64); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_LOONGARCH64); if (rc != 0) goto out; rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL); @@ -145,6 +148,9 @@ int main(int argc, char *argv[]) if (rc != 0) goto out; rc = seccomp_arch_remove(ctx, SCMP_ARCH_AARCH64); + if (rc != 0) + goto out; + rc = seccomp_arch_remove(ctx, SCMP_ARCH_LOONGARCH64); if (rc != 0) goto out; rc = seccomp_arch_remove(ctx, SCMP_ARCH_MIPSEL); diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py index 846553f..ba38b91 100755 --- a/tests/16-sim-arch_basic.py +++ b/tests/16-sim-arch_basic.py @@ -40,6 +40,7 @@ def test(args): f.add_arch(Arch("x32")) f.add_arch(Arch("arm")) f.add_arch(Arch("aarch64")) + f.add_arch(Arch("loongarch64")) f.add_arch(Arch("mipsel")) f.add_arch(Arch("mipsel64")) f.add_arch(Arch("mipsel64n32")) diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c index 32739e5..d10d351 100644 --- a/tests/23-sim-arch_all_le_basic.c +++ b/tests/23-sim-arch_all_le_basic.c @@ -57,6 +57,9 @@ int main(int argc, char *argv[]) if (rc != 0) goto out; rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("aarch64")); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("loongarch64")); if (rc != 0) goto out; rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel")); diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py index 33eedb1..0cecbc9 100755 --- a/tests/23-sim-arch_all_le_basic.py +++ b/tests/23-sim-arch_all_le_basic.py @@ -36,6 +36,7 @@ def test(args): f.add_arch(Arch("x32")) f.add_arch(Arch("arm")) f.add_arch(Arch("aarch64")) + f.add_arch(Arch("loongarch64")) f.add_arch(Arch("mipsel")) f.add_arch(Arch("mipsel64")) f.add_arch(Arch("mipsel64n32")) diff --git a/tests/36-sim-ipc_syscalls.c b/tests/36-sim-ipc_syscalls.c index c9b575e..d3b7093 100644 --- a/tests/36-sim-ipc_syscalls.c +++ b/tests/36-sim-ipc_syscalls.c @@ -57,6 +57,9 @@ int main(int argc, char *argv[]) if (rc != 0) goto out; rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_LOONGARCH64); if (rc != 0) goto out; diff --git a/tests/38-basic-pfc_coverage.c b/tests/38-basic-pfc_coverage.c index c6829ac..d6ac796 100644 --- a/tests/38-basic-pfc_coverage.c +++ b/tests/38-basic-pfc_coverage.c @@ -64,6 +64,9 @@ int main(int argc, char *argv[]) if (rc < 0) goto out; rc = seccomp_arch_add(ctx, SCMP_ARCH_AARCH64); + if (rc < 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_LOONGARCH64); if (rc < 0) goto out; rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL); diff --git a/tests/38-basic-pfc_coverage.pfc b/tests/38-basic-pfc_coverage.pfc index 3109280..f287f1d 100644 --- a/tests/38-basic-pfc_coverage.pfc +++ b/tests/38-basic-pfc_coverage.pfc @@ -300,6 +300,103 @@ if ($arch == 3221225655) action KILL; # default action action ALLOW; +# filter for arch loongarch64 (3221225730) +if ($arch == 3221225730) + # filter for syscall "open" (4294957130) [priority: 65535] + if ($syscall == 4294957130) + action KILL; + # filter for syscall "exit_group" (94) [priority: 65535] + if ($syscall == 94) + action LOG; + # filter for syscall "exit" (93) [priority: 65535] + if ($syscall == 93) + action TRACE(1); + # filter for syscall "fstat" (80) [priority: 65535] + if ($syscall == 80) + action KILL_PROCESS; + # filter for syscall "close" (57) [priority: 65535] + if ($syscall == 57) + action ERRNO(1); + # filter for syscall "write" (64) [priority: 65527] + if ($syscall == 64) + if ($a0.hi32 == 0) + if ($a0.lo32 == 0) + else + if ($a1.hi32 > 0) + else + if ($a1.hi32 == 0) + if ($a1.lo32 > 1) + else + if ($a2.hi32 > 0) + else + if ($a2.hi32 == 0) + if ($a2.lo32 >= 2) + else + action TRAP; + else + action TRAP; + else + if ($a2.hi32 > 0) + else + if ($a2.hi32 == 0) + if ($a2.lo32 >= 2) + else + action TRAP; + else + action TRAP; + else + if ($a1.hi32 > 0) + else + if ($a1.hi32 == 0) + if ($a1.lo32 > 1) + else + if ($a2.hi32 > 0) + else + if ($a2.hi32 == 0) + if ($a2.lo32 >= 2) + else + action TRAP; + else + action TRAP; + else + if ($a2.hi32 > 0) + else + if ($a2.hi32 == 0) + if ($a2.lo32 >= 2) + else + action TRAP; + else + action TRAP; + # filter for syscall "read" (63) [priority: 65525] + if ($syscall == 63) + if ($a0.hi32 == 0) + if ($a0.lo32 == 0) + if ($a1.hi32 > 0) + if ($a2.hi32 > 0) + if ($a3.hi32 & 0x00000000 == 0) + if ($a3.lo32 & 0x0000000f == 3) + action KILL; + else + if ($a2.hi32 == 0) + if ($a2.lo32 > 2) + if ($a3.hi32 & 0x00000000 == 0) + if ($a3.lo32 & 0x0000000f == 3) + action KILL; + else + if ($a1.hi32 == 0) + if ($a1.lo32 >= 1) + if ($a2.hi32 > 0) + if ($a3.hi32 & 0x00000000 == 0) + if ($a3.lo32 & 0x0000000f == 3) + action KILL; + else + if ($a2.hi32 == 0) + if ($a2.lo32 > 2) + if ($a3.hi32 & 0x00000000 == 0) + if ($a3.lo32 & 0x0000000f == 3) + action KILL; + # default action + action ALLOW; # filter for arch mipsel (1073741832) if ($arch == 1073741832) # filter for syscall "exit_group" (4246) [priority: 65535] diff --git a/tests/53-sim-binary_tree.c b/tests/53-sim-binary_tree.c index 4aa5f13..98b9e2c 100644 --- a/tests/53-sim-binary_tree.c +++ b/tests/53-sim-binary_tree.c @@ -103,6 +103,9 @@ int main(int argc, char *argv[]) goto out; rc = seccomp_arch_add(ctx, SCMP_ARCH_AARCH64); + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_LOONGARCH64); if (rc != 0) goto out; rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE); diff --git a/tests/53-sim-binary_tree.py b/tests/53-sim-binary_tree.py index 39b2769..cc49890 100755 --- a/tests/53-sim-binary_tree.py +++ b/tests/53-sim-binary_tree.py @@ -71,6 +71,7 @@ def test(args): f.remove_arch(Arch()) f.add_arch(Arch("aarch64")) + f.add_arch(Arch("loongarch64")) f.add_arch(Arch("ppc64le")) f.add_arch(Arch("x86_64")) diff --git a/tests/53-sim-binary_tree.tests b/tests/53-sim-binary_tree.tests index 2ebaafd..87380d6 100644 --- a/tests/53-sim-binary_tree.tests +++ b/tests/53-sim-binary_tree.tests @@ -8,56 +8,56 @@ test type: bpf-sim # Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 read N N N N N N ERRNO(0) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 write N N N N N N ERRNO(1) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 read N N N N N N ERRNO(0) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 write N N N N N N ERRNO(1) 53-sim-binary_tree +x86_64,+ppc64le open N N N N N N ERRNO(2) -53-sim-binary_tree +aarch64 open N N N N N N ALLOW -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 close N N N N N N ALLOW -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 close 100 1234 N N N N ALLOW -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 close 100 101 N N N N ERRNO(3) +53-sim-binary_tree +aarch64,+loongarch64 open N N N N N N ALLOW +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 close N N N N N N ALLOW +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 close 100 1234 N N N N ALLOW +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 close 100 101 N N N N ERRNO(3) 53-sim-binary_tree +x86_64,+ppc64le stat N N N N N N ERRNO(4) -53-sim-binary_tree +aarch64 stat N N N N N N ALLOW -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 fstat N N N N N N ERRNO(5) +53-sim-binary_tree +aarch64,+loongarch64 stat N N N N N N ALLOW +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 fstat N N N N N N ERRNO(5) 53-sim-binary_tree +x86_64,+ppc64le lstat N N N N N N ERRNO(6) -53-sim-binary_tree +aarch64 lstat N N N N N N ALLOW +53-sim-binary_tree +aarch64,+loongarch64 lstat N N N N N N ALLOW 53-sim-binary_tree +x86_64,+ppc64le poll 102 N N N N N ERRNO(7) -53-sim-binary_tree +aarch64 poll 102 N N N N N ALLOW -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 lseek 103 104 N N N N ERRNO(8) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 mmap N N N N N N ERRNO(9) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 mprotect N N N N N N ERRNO(10) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 munmap N N N N N N ERRNO(11) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 brk N N N N N N ERRNO(12) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 rt_sigaction N N N N N N ERRNO(13) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 rt_sigprocmask N N N N N N ERRNO(14) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 rt_sigreturn N N N N N N ERRNO(15) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 ioctl N N N N N N ERRNO(16) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 pread64 105 N N N N N ERRNO(17) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 pwrite64 N N N N N N ERRNO(18) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 readv N N N N N N ERRNO(19) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 writev N N N N N N ERRNO(20) +53-sim-binary_tree +aarch64,+loongarch64 poll 102 N N N N N ALLOW +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 lseek 103 104 N N N N ERRNO(8) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 mmap N N N N N N ERRNO(9) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 mprotect N N N N N N ERRNO(10) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 munmap N N N N N N ERRNO(11) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 brk N N N N N N ERRNO(12) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 rt_sigaction N N N N N N ERRNO(13) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 rt_sigprocmask N N N N N N ERRNO(14) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 rt_sigreturn N N N N N N ERRNO(15) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 ioctl N N N N N N ERRNO(16) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 pread64 105 N N N N N ERRNO(17) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 pwrite64 N N N N N N ERRNO(18) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 readv N N N N N N ERRNO(19) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 writev N N N N N N ERRNO(20) 53-sim-binary_tree +x86_64,+ppc64le access N N N N N N ERRNO(21) -53-sim-binary_tree +aarch64 access N N N N N N ALLOW +53-sim-binary_tree +aarch64,+loongarch64 access N N N N N N ALLOW 53-sim-binary_tree +x86_64,+ppc64le pipe N N N N N N ERRNO(22) -53-sim-binary_tree +aarch64 pipe N N N N N N ALLOW -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 select N N N N N N ALLOW +53-sim-binary_tree +aarch64,+loongarch64 pipe N N N N N N ALLOW +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 select N N N N N N ALLOW 53-sim-binary_tree +x86_64,+ppc64le select 106 107 N N N N ERRNO(23) -53-sim-binary_tree +aarch64 select 106 107 N N N N ALLOW -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 sched_yield N N N N N N ERRNO(24) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 mremap N N N N N N ALLOW -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 mremap 108 109 N N N N ERRNO(25) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 msync N N N N N N ERRNO(26) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 mincore N N N N N N ERRNO(27) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 madvise N N N N N N ERRNO(28) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 dup 112 N N N N N ERRNO(32) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 dup 5678 N N N N N ALLOW +53-sim-binary_tree +aarch64,+loongarch64 select 106 107 N N N N ALLOW +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 sched_yield N N N N N N ERRNO(24) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 mremap N N N N N N ALLOW +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 mremap 108 109 N N N N ERRNO(25) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 msync N N N N N N ERRNO(26) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 mincore N N N N N N ERRNO(27) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 madvise N N N N N N ERRNO(28) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 dup 112 N N N N N ERRNO(32) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 dup 5678 N N N N N ALLOW 53-sim-binary_tree +x86_64,+ppc64le dup2 N N N N N N ERRNO(33) -53-sim-binary_tree +aarch64 dup2 N N N N N N ALLOW +53-sim-binary_tree +aarch64,+loongarch64 dup2 N N N N N N ALLOW 53-sim-binary_tree +x86_64,+ppc64le pause N N N N N N ERRNO(34) -53-sim-binary_tree +aarch64 pause N N N N N N ALLOW -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 nanosleep N N N N N N ERRNO(35) -53-sim-binary_tree +x86_64,+ppc64le,+aarch64 getitimer N N N N N N ERRNO(36) +53-sim-binary_tree +aarch64,+loongarch64 pause N N N N N N ALLOW +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 nanosleep N N N N N N ERRNO(35) +53-sim-binary_tree +x86_64,+ppc64le,+aarch64,+loongarch64 getitimer N N N N N N ERRNO(36) 53-sim-binary_tree +x86_64,+ppc64le alarm N N N N N N ERRNO(37) -53-sim-binary_tree +aarch64 alarm N N N N N N ALLOW +53-sim-binary_tree +aarch64,+loongarch64 alarm N N N N N N ALLOW test type: bpf-valgrind diff --git a/tests/55-basic-pfc_binary_tree.c b/tests/55-basic-pfc_binary_tree.c index e364fd6..0919f6b 100644 --- a/tests/55-basic-pfc_binary_tree.c +++ b/tests/55-basic-pfc_binary_tree.c @@ -87,6 +87,9 @@ int main(int argc, char *argv[]) if (rc < 0) goto out; rc = seccomp_arch_add(ctx, SCMP_ARCH_AARCH64); + if (rc < 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_LOONGARCH64); if (rc < 0) goto out; rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_OPTIMIZE, 2); diff --git a/tests/55-basic-pfc_binary_tree.pfc b/tests/55-basic-pfc_binary_tree.pfc index ba3244c..e63aa12 100644 --- a/tests/55-basic-pfc_binary_tree.pfc +++ b/tests/55-basic-pfc_binary_tree.pfc @@ -175,6 +175,93 @@ if ($arch == 3221225655) action ERRNO(16); # default action action ALLOW; +# filter for arch loongarch64 (3221225730) +if ($arch == 3221225730) + if ($syscall > 62) + if ($syscall > 139) + if ($syscall > 226) + # filter for syscall "lstat" (4294957133) [priority: 65535] + if ($syscall == 4294957133) + action ERRNO(6); + # filter for syscall "open" (4294957130) [priority: 65535] + if ($syscall == 4294957130) + action ERRNO(2); + # filter for syscall "poll" (4294957127) [priority: 65535] + if ($syscall == 4294957127) + action ERRNO(7); + # filter for syscall "stat" (4294957122) [priority: 65535] + if ($syscall == 4294957122) + action ERRNO(4); + else # ($syscall <= 226) + # filter for syscall "mprotect" (226) [priority: 65533] + if ($syscall == 226) + if ($a0.hi32 == 0) + if ($a0.lo32 == 105) + action ERRNO(10); + # filter for syscall "mmap" (222) [priority: 65535] + if ($syscall == 222) + action ERRNO(9); + # filter for syscall "munmap" (215) [priority: 65535] + if ($syscall == 215) + action ERRNO(11); + # filter for syscall "brk" (214) [priority: 65535] + if ($syscall == 214) + action ERRNO(12); + else # ($syscall <= 139) + if ($syscall > 68) + # filter for syscall "rt_sigreturn" (139) [priority: 65535] + if ($syscall == 139) + action ERRNO(15); + # filter for syscall "rt_sigprocmask" (135) [priority: 65535] + if ($syscall == 135) + action ERRNO(14); + # filter for syscall "rt_sigaction" (134) [priority: 65535] + if ($syscall == 134) + action ERRNO(13); + # filter for syscall "fstat" (80) [priority: 65533] + if ($syscall == 80) + if ($a0.hi32 == 0) + if ($a0.lo32 == 103) + action ERRNO(5); + else # ($syscall <= 68) + # filter for syscall "pwrite64" (68) [priority: 65531] + if ($syscall == 68) + if ($a0.hi32 == 0) + if ($a0.lo32 == 107) + if ($a1.hi32 == 0) + if ($a1.lo32 == 108) + action ERRNO(18); + # filter for syscall "pread64" (67) [priority: 65533] + if ($syscall == 67) + if ($a0.hi32 == 0) + if ($a0.lo32 == 106) + action ERRNO(17); + # filter for syscall "write" (64) [priority: 65533] + if ($syscall == 64) + if ($a0.hi32 == 0) + if ($a0.lo32 == 102) + action ERRNO(1); + # filter for syscall "read" (63) [priority: 65531] + if ($syscall == 63) + if ($a0.hi32 == 0) + if ($a0.lo32 == 100) + if ($a1.hi32 == 0) + if ($a1.lo32 == 101) + action ERRNO(0); + else # ($syscall <= 62) + # filter for syscall "lseek" (62) [priority: 65533] + if ($syscall == 62) + if ($a0.hi32 == 0) + if ($a0.lo32 == 104) + action ERRNO(8); + # filter for syscall "close" (57) [priority: 65535] + if ($syscall == 57) + action ERRNO(3); + # filter for syscall "ioctl" (29) [priority: 65535] + if ($syscall == 29) + action ERRNO(16); + # default action + action ALLOW; # invalid architecture action action KILL; # diff --git a/tests/56-basic-iterate_syscalls.c b/tests/56-basic-iterate_syscalls.c index 5e7ab67..b514afa 100644 --- a/tests/56-basic-iterate_syscalls.c +++ b/tests/56-basic-iterate_syscalls.c @@ -33,6 +33,7 @@ unsigned int arch_list[] = { SCMP_ARCH_X32, SCMP_ARCH_ARM, SCMP_ARCH_AARCH64, + SCMP_ARCH_LOONGARCH64, SCMP_ARCH_MIPS, SCMP_ARCH_MIPS64, SCMP_ARCH_MIPS64N32, diff --git a/tests/56-basic-iterate_syscalls.py b/tests/56-basic-iterate_syscalls.py index 77a5b89..d69dd0c 100755 --- a/tests/56-basic-iterate_syscalls.py +++ b/tests/56-basic-iterate_syscalls.py @@ -33,6 +33,7 @@ arch_list = ["x86", "x32", "arm", "aarch64", + "loongarch64", "mipsel", "mipsel64", "mipsel64n32", diff --git a/tests/regression b/tests/regression index f938b1b..19f9323 100755 --- a/tests/regression +++ b/tests/regression @@ -24,6 +24,7 @@ GLBL_ARCH_LE_SUPPORT=" \ x86 x86_64 x32 \ arm aarch64 \ + loongarch64 \ mipsel mipsel64 mipsel64n32 \ ppc64le \ riscv64" @@ -44,6 +45,7 @@ GLBL_ARCH_32B_SUPPORT=" \ GLBL_ARCH_64B_SUPPORT=" \ x86_64 \ aarch64 \ + loongarch64 \ mips64 \ parisc64 \ ppc64 \ @@ -796,7 +798,7 @@ function run_test_live() { # setup the arch specific return values case "$arch" in - x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64) + x86|x86_64|x32|arm|aarch64|loongarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64) rc_kill_process=159 rc_kill=159 rc_allow=160 diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c index 21233d4..c9bc911 100644 --- a/tools/scmp_arch_detect.c +++ b/tools/scmp_arch_detect.c @@ -84,6 +84,9 @@ int main(int argc, char *argv[]) case SCMP_ARCH_AARCH64: printf("aarch64\n"); break; + case SCMP_ARCH_LOONGARCH64: + printf("loongarch64\n"); + break; case SCMP_ARCH_MIPS: printf("mips\n"); break; diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c index b682de7..4572659 100644 --- a/tools/scmp_bpf_disasm.c +++ b/tools/scmp_bpf_disasm.c @@ -484,6 +484,8 @@ int main(int argc, char *argv[]) arch = AUDIT_ARCH_ARM; else if (strcmp(optarg, "aarch64") == 0) arch = AUDIT_ARCH_AARCH64; + else if (strcmp(optarg, "loongarch64") == 0) + arch = AUDIT_ARCH_LOONGARCH64; else if (strcmp(optarg, "mips") == 0) arch = AUDIT_ARCH_MIPS; else if (strcmp(optarg, "mipsel") == 0) diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c index c86e451..f346869 100644 --- a/tools/scmp_bpf_sim.c +++ b/tools/scmp_bpf_sim.c @@ -261,6 +261,8 @@ int main(int argc, char *argv[]) arch = AUDIT_ARCH_SW_64; else if (strcmp(optarg, "aarch64") == 0) arch = AUDIT_ARCH_AARCH64; + else if (strcmp(optarg, "loongarch64") == 0) + arch = AUDIT_ARCH_LOONGARCH64; else if (strcmp(optarg, "mips") == 0) arch = AUDIT_ARCH_MIPS; else if (strcmp(optarg, "mipsel") == 0) diff --git a/tools/util.c b/tools/util.c index 07c86ad..7d8ab5a 100644 --- a/tools/util.c +++ b/tools/util.c @@ -46,6 +46,8 @@ #define ARCH_NATIVE AUDIT_ARCH_SW_64 #elif __aarch64__ #define ARCH_NATIVE AUDIT_ARCH_AARCH64 +#elif __loongarch64 +#define ARCH_NATIVE AUDIT_ARCH_LOONGARCH64 #elif __mips__ && _MIPS_SIM == _MIPS_SIM_ABI32 #if __MIPSEB__ #define ARCH_NATIVE AUDIT_ARCH_MIPS diff --git a/tools/util.h b/tools/util.h index ac3a238..18d7569 100644 --- a/tools/util.h +++ b/tools/util.h @@ -46,6 +46,17 @@ #define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #endif /* AUDIT_ARCH_AARCH64 */ +/** + * The 64-bit LoongArch architecture tokens + */ +/* 64-bit LoongArch audit support is not upstream yet */ +#ifndef AUDIT_ARCH_LOONGARCH64 +#ifndef EM_LOONGARCH +#define EM_LOONGARCH 258 +#endif /* EM_LOONGARCH */ +#define AUDIT_ARCH_LOONGARCH64 (EM_LOONGARCH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +#endif /* AUDIT_ARCH_LOONGARCH64 */ + /** * The MIPS architecture tokens */ -- 2.33.0