Skip to content

seccomp: add support for riscv64#16807

Merged
keszybz merged 1 commit intosystemd:masterfrom
aurel32:riscv64
Aug 21, 2020
Merged

seccomp: add support for riscv64#16807
keszybz merged 1 commit intosystemd:masterfrom
aurel32:riscv64

Conversation

@aurel32
Copy link
Contributor

@aurel32 aurel32 commented Aug 20, 2020

This patch adds seccomp support to the riscv64 architecture. seccomp
support is available in the riscv64 kernel since version 5.5, and it
has just been added to the libseccomp library.

riscv64 uses generic syscalls like aarch64, so I used that architecture
as a reference to find which code has to be modified.

With this patch, the testsuite passes successfully, including the
test-seccomp test. The system boots and works fine with kernel 5.4 (i.e.
without seccomp support) and kernel 5.5 (i.e. with seccomp support). I
have also verified that the "SystemCallFilter=~socket" option prevents a
service to use the ping utility when running on kernel 5.5.

Note: this was originally PR #15176 submitted by @mbiebl.

@aurel32
seccomp: add support for riscv64
f81ee95 
This patch adds seccomp support to the riscv64 architecture. seccomp
support is available in the riscv64 kernel since version 5.5, and it
has just been added to the libseccomp library.

riscv64 uses generic syscalls like aarch64, so I used that architecture
as a reference to find which code has to be modified.

With this patch, the testsuite passes successfully, including the
test-seccomp test. The system boots and works fine with kernel 5.4 (i.e.
without seccomp support) and kernel 5.5 (i.e. with seccomp support). I
have also verified that the "SystemCallFilter=~socket" option prevents a
service to use the ping utility when running on kernel 5.5.
@aurel32 aurel32 mentioned this pull request Aug 20, 2020
Closed
keszybz
keszybz reviewed Aug 20, 2020
View reviewed changes
Copy link
Member

@keszybz keszybz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@keszybz keszybz added good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed seccomp labels Aug 20, 2020
@poettering
Copy link
Member

poettering commented Aug 20, 2020

lgtm, too

@keszybz
Copy link
Member

keszybz commented Aug 21, 2020

bionic-i386:

autopkgtest [21:14:16]: ERROR: timed out on command "su -s /bin/bash root -c set -e; export USER=`id -nu`; . /etc/profile >/dev/null 2>&1 || true;  . ~/.profile >/dev/null 2>&1 || true; buildtree="/tmp/autopkgtest.NzNqy4/build.GtV/systemd"; mkdir -p -m 1777 -- "/tmp/autopkgtest.NzNqy4/upstream-artifacts"; export AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest.NzNqy4/upstream-artifacts"; export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755 "/tmp/autopkgtest.NzNqy4/autopkgtest_tmp"; export AUTOPKGTEST_TMP="/tmp/autopkgtest.NzNqy4/autopkgtest_tmp"; export ADTTMP="$AUTOPKGTEST_TMP"; export DEBIAN_FRONTEND=noninteractive; export LANG=C.UTF-8; export DEB_BUILD_OPTIONS=parallel=1; unset LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE   LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS   LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION LC_ALL;rm -f /tmp/autopkgtest_script_pid; set -C; echo $$ > /tmp/autopkgtest_script_pid; set +C; trap "rm -f /tmp/autopkgtest_script_pid" EXIT INT QUIT PIPE; cd "$buildtree"; export AUTOPKGTEST_NORMAL_USER=ubuntu; export ADT_NORMAL_USER=ubuntu; export 'CFLAGS=-O0'; export 'DEB_BUILD_PROFILES=noudeb'; export 'TEST_UPSTREAM=1'; export 'CONFFLAGS_UPSTREAM=--werror -Dslow-tests=true'; export 'UPSTREAM_PULL_REQUEST=16807'; export 'GITHUB_STATUSES_URL=https://api.github.com/repos/systemd/systemd/statuses/f81ee95992ec068bbfac4afc7f5343f6d7393a87'; chmod +x /tmp/autopkgtest.NzNqy4/build.GtV/systemd/debian/tests/upstream; touch /tmp/autopkgtest.NzNqy4/upstream-stdout /tmp/autopkgtest.NzNqy4/upstream-stderr; /tmp/autopkgtest.NzNqy4/build.GtV/systemd/debian/tests/upstream 2> >(tee -a /tmp/autopkgtest.NzNqy4/upstream-stderr >&2) > >(tee -a /tmp/autopkgtest.NzNqy4/upstream-stdout);" (kind: test)
autopkgtest [21:14:16]: test upstream: -----------------------]
autopkgtest [21:14:17]: test upstream:  - - - - - - - - - - results - - - - - - - - - -
upstream             FAIL timed out

semaphore:

execution expired

Looks unrelated.

@keszybz keszybz added ci-failure-appears-unrelated and removed good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed labels Aug 21, 2020
@keszybz keszybz merged commit f925223 into systemd:master Aug 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@keszybz keszybz keszybz left review comments

Assignees

No one assigned

Labels

ci-failure-appears-unrelated seccomp

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aurel32 @poettering @keszybz