summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster808@gmail.com>2015-04-10 12:05:40 -0700
committerArmin Kuster <akuster808@gmail.com>2015-04-15 17:54:37 -0700
commit43fd825acf3b8f3cb3e9d08f70c67d5814e2c7e5 (patch)
tree4ca37ea9de419255cc74cbc75e53d09957423980
parentaf8473501af619cf907c773e76a1bb459d3be6da (diff)
downloadmeta-security-43fd825acf3b8f3cb3e9d08f70c67d5814e2c7e5.tar.gz
libseccomp: add ppc support
backport ppc patches Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat
-rw-r--r--recipes-security/libseccomp/files/0001-arch-add-a-ppc64-syscall-table.patch1253
-rw-r--r--recipes-security/libseccomp/files/0002-arch-add-the-basic-initial-support-for-ppc64-to-the-.patch128
-rw-r--r--recipes-security/libseccomp/files/0003-tools-add-ppc64-support.patch80
-rw-r--r--recipes-security/libseccomp/files/0004-tests-add-ppc64-support-to-the-regression-tests.patch118
-rw-r--r--recipes-security/libseccomp/files/0005-tests-add-ppc64-support-to-the-regression-live-tests.patch34
-rw-r--r--recipes-security/libseccomp/files/0006-ppc64-correct-the-ppc64-syscall-table-and-validation.patch148
-rw-r--r--recipes-security/libseccomp/files/0007-tests-minor-fix-in-arch-syscall-check.patch29
-rw-r--r--recipes-security/libseccomp/files/0008-arch-add-a-ppc-syscall-table.patch782
-rw-r--r--recipes-security/libseccomp/files/0009-arch-add-basic-initial-ppc-support-to-the-arch-depen.patch117
-rw-r--r--recipes-security/libseccomp/files/0010-tools-add-ppc-support.patch70
-rw-r--r--recipes-security/libseccomp/files/0011-tests-add-ppc-support-to-the-regression-tests.patch64
-rw-r--r--recipes-security/libseccomp/libseccomp_2.2.0.bb17
12 files changed, 2836 insertions, 4 deletions
diff --git a/recipes-security/libseccomp/files/0001-arch-add-a-ppc64-syscall-table.patch b/recipes-security/libseccomp/files/0001-arch-add-a-ppc64-syscall-table.patch
new file mode 100644
index 0000000..3190aa0
--- /dev/null
+++ b/recipes-security/libseccomp/files/0001-arch-add-a-ppc64-syscall-table.patch
@@ -0,0 +1,1253 @@
1From a44e4f1fd956dd3250976deaa03c3c9ef1c2688a Mon Sep 17 00:00:00 2001
2From: Paul Moore <pmoore@redhat.com>
3Date: Thu, 25 Sep 2014 16:28:38 -0400
4Subject: [PATCH 01/11] arch: add a ppc64 syscall table
5
6Signed-off-by: Paul Moore <pmoore@redhat.com>
7---
8 include/seccomp.h.in | 44 ++++
9 src/Makefile.am | 3 +-
10 src/arch-aarch64-syscalls.c | 7 +
11 src/arch-arm-syscalls.c | 7 +
12 src/arch-mips-syscalls.c | 7 +
13 src/arch-mips64-syscalls.c | 7 +
14 src/arch-mips64n32-syscalls.c | 7 +
15 src/arch-ppc64-syscalls.c | 502 ++++++++++++++++++++++++++++++++++++++++++
16 src/arch-ppc64.c | 40 ++++
17 src/arch-ppc64.h | 39 ++++
18 src/arch-syscall-check.c | 18 +-
19 src/arch-syscall-dump.c | 9 +-
20 src/arch-syscall-validate | 31 ++-
21 src/arch-x32-syscalls.c | 7 +
22 src/arch-x86-syscalls.c | 7 +
23 src/arch-x86_64-syscalls.c | 7 +
24 tools/util.h | 4 +
25 17 files changed, 739 insertions(+), 7 deletions(-)
26 create mode 100644 src/arch-ppc64-syscalls.c
27 create mode 100644 src/arch-ppc64.c
28 create mode 100644 src/arch-ppc64.h
29
30diff --git a/include/seccomp.h.in b/include/seccomp.h.in
31index 6a115d1..42f3f1a 100644
32--- a/include/seccomp.h.in
33+++ b/include/seccomp.h.in
34@@ -151,6 +151,15 @@ struct scmp_arg_cmp {
35 #define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32
36
37 /**
38+ * The PowerPC architecture tokens
39+ */
40+#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
41+#ifndef AUDIT_ARCH_PPC64LE
42+#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
43+#endif
44+#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE
45+
46+/**
47 * Convert a syscall name into the associated syscall number
48 * @param x the syscall name
49 */
50@@ -1424,6 +1433,41 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
51 #define __NR_utimes __PNR_utimes
52 #endif /* __NR_utimes */
53
54+#define __PNR_multiplexer -10180
55+#ifndef __NR_multiplexer
56+#define __NR_multiplexer __PNR_multiplexer
57+#endif /* __NR_multiplexer */
58+
59+#define __PNR_rtas -10181
60+#ifndef __NR_rtas
61+#define __NR_rtas __PNR_rtas
62+#endif /* __NR_rtas */
63+
64+#define __PNR_spu_create -10182
65+#ifndef __NR_spu_create
66+#define __NR_spu_create __PNR_spu_create
67+#endif /* __NR_spu_create */
68+
69+#define __PNR_spu_run -10183
70+#ifndef __NR_spu_run
71+#define __NR_spu_run __PNR_spu_run
72+#endif /* __NR_spu_run */
73+
74+#define __PNR_subpage_prot -10184
75+#ifndef __NR_subpage_prot
76+#define __NR_subpage_prot __PNR_subpage_prot
77+#endif /* __NR_subpage_prot */
78+
79+#define __PNR_swapcontext -10185
80+#ifndef __NR_swapcontext
81+#define __NR_swapcontext __PNR_swapcontext
82+#endif /* __NR_swapcontext */
83+
84+#define __PNR_sys_debug_setcontext -10186
85+#ifndef __NR_sys_debug_setcontext
86+#define __NR_sys_debug_setcontext __PNR_sys_debug_setcontext
87+#endif /* __NR_sys_debug_setcontext */
88+
89 #ifdef __cplusplus
90 }
91 #endif
92diff --git a/src/Makefile.am b/src/Makefile.am
93index d8fbd85..038b2ef 100644
94--- a/src/Makefile.am
95+++ b/src/Makefile.am
96@@ -30,7 +30,8 @@ SOURCES_ARCH = \
97 arch-aarch64.h arch-aarch64.c arch-aarch64-syscalls.c \
98 arch-mips.h arch-mips.c arch-mips-syscalls.c \
99 arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \
100- arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c
101+ arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \
102+ arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c
103
104 SOURCES_GEN = \
105 api.c system.h system.c \
106diff --git a/src/arch-aarch64-syscalls.c b/src/arch-aarch64-syscalls.c
107index f17172e..c76dae7 100644
108--- a/src/arch-aarch64-syscalls.c
109+++ b/src/arch-aarch64-syscalls.c
110@@ -223,6 +223,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
111 { "msgrcv", 188 },
112 { "msgsnd", 189 },
113 { "msync", 227 },
114+ { "multiplexer", __PNR_multiplexer },
115 { "munlock", 229 },
116 { "munlockall", 231 },
117 { "munmap", 215 },
118@@ -293,6 +294,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
119 { "rt_sigsuspend", 133 },
120 { "rt_sigtimedwait", 137 },
121 { "rt_tgsigqueueinfo", 240 },
122+ { "rtas", __PNR_rtas },
123 { "sched_get_priority_max", 125 },
124 { "sched_get_priority_min", 126 },
125 { "sched_getaffinity", 123 },
126@@ -370,6 +372,8 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
127 { "socketcall", __PNR_socketcall },
128 { "socketpair", 199 },
129 { "splice", 76 },
130+ { "spu_create", __PNR_spu_create },
131+ { "spu_run", __PNR_spu_run },
132 { "ssetmask", __PNR_ssetmask },
133 { "stat", __PNR_stat },
134 { "stat64", __PNR_stat64 },
135@@ -377,6 +381,8 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
136 { "statfs64", __PNR_statfs64 },
137 { "stime", __PNR_stime },
138 { "stty", __PNR_stty },
139+ { "subpage_prot", __PNR_subpage_prot },
140+ { "swapcontext", __PNR_swapcontext },
141 { "swapoff", 225 },
142 { "swapon", 224 },
143 { "symlink", __PNR_symlink },
144@@ -386,6 +392,7 @@ const struct arch_syscall_def aarch64_syscall_table[] = { \
145 { "sync_file_range2", __PNR_sync_file_range2 },
146 { "syncfs", 267 },
147 { "syscall", __PNR_syscall },
148+ { "sys_debug_setcontext", __PNR_sys_debug_setcontext },
149 { "sysfs", __PNR_sysfs },
150 { "sysinfo", 179 },
151 { "syslog", 116 },
152diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c
153index 8876135..b9400a3 100644
154--- a/src/arch-arm-syscalls.c
155+++ b/src/arch-arm-syscalls.c
156@@ -234,6 +234,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
157 { "msgrcv", (__NR_SYSCALL_BASE + 302) },
158 { "msgsnd", (__NR_SYSCALL_BASE + 301) },
159 { "msync", (__NR_SYSCALL_BASE + 144) },
160+ { "multiplexer", __PNR_multiplexer },
161 { "munlock", (__NR_SYSCALL_BASE + 151) },
162 { "munlockall", (__NR_SYSCALL_BASE + 153) },
163 { "munmap", (__NR_SYSCALL_BASE + 91) },
164@@ -304,6 +305,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
165 { "rt_sigsuspend", (__NR_SYSCALL_BASE + 179) },
166 { "rt_sigtimedwait", (__NR_SYSCALL_BASE + 177) },
167 { "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 363) },
168+ { "rtas", __PNR_rtas },
169 { "sched_get_priority_max", (__NR_SYSCALL_BASE + 159) },
170 { "sched_get_priority_min", (__NR_SYSCALL_BASE + 160) },
171 { "sched_getaffinity", (__NR_SYSCALL_BASE + 242) },
172@@ -381,6 +383,8 @@ const struct arch_syscall_def arm_syscall_table[] = { \
173 { "socketcall", (__NR_SYSCALL_BASE + 102) },
174 { "socketpair", (__NR_SYSCALL_BASE + 288) },
175 { "splice", (__NR_SYSCALL_BASE + 340) },
176+ { "spu_create", __PNR_spu_create },
177+ { "spu_run", __PNR_spu_run },
178 { "ssetmask", __PNR_ssetmask },
179 { "stat", (__NR_SYSCALL_BASE + 106) },
180 { "stat64", (__NR_SYSCALL_BASE + 195) },
181@@ -388,6 +392,8 @@ const struct arch_syscall_def arm_syscall_table[] = { \
182 { "statfs64", (__NR_SYSCALL_BASE + 266) },
183 { "stime", (__NR_SYSCALL_BASE + 25) },
184 { "stty", __PNR_stty },
185+ { "subpage_prot", __PNR_subpage_prot },
186+ { "swapcontext", __PNR_swapcontext },
187 { "swapoff", (__NR_SYSCALL_BASE + 115) },
188 { "swapon", (__NR_SYSCALL_BASE + 87) },
189 { "symlink", (__NR_SYSCALL_BASE + 83) },
190@@ -397,6 +403,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \
191 { "sync_file_range2", (__NR_SYSCALL_BASE + 341) },
192 { "syncfs", (__NR_SYSCALL_BASE + 373) },
193 { "syscall", (__NR_SYSCALL_BASE + 113) },
194+ { "sys_debug_setcontext", __PNR_sys_debug_setcontext },
195 { "sysfs", (__NR_SYSCALL_BASE + 135) },
196 { "sysinfo", (__NR_SYSCALL_BASE + 116) },
197 { "syslog", (__NR_SYSCALL_BASE + 103) },
198diff --git a/src/arch-mips-syscalls.c b/src/arch-mips-syscalls.c
199index 29831da..c318aa0 100644
200--- a/src/arch-mips-syscalls.c
201+++ b/src/arch-mips-syscalls.c
202@@ -227,6 +227,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
203 { "msgrcv", __PNR_msgrcv },
204 { "msgsnd", __PNR_msgsnd },
205 { "msync", (__NR_SYSCALL_BASE + 144) },
206+ { "multiplexer", __PNR_multiplexer },
207 { "munlock", (__NR_SYSCALL_BASE + 155) },
208 { "munlockall", (__NR_SYSCALL_BASE + 157) },
209 { "munmap", (__NR_SYSCALL_BASE + 91) },
210@@ -297,6 +298,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
211 { "rt_sigsuspend", (__NR_SYSCALL_BASE + 199) },
212 { "rt_sigtimedwait", (__NR_SYSCALL_BASE + 197) },
213 { "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 332) },
214+ { "rtas", __PNR_rtas },
215 { "sched_get_priority_max", (__NR_SYSCALL_BASE + 163) },
216 { "sched_get_priority_min", (__NR_SYSCALL_BASE + 164) },
217 { "sched_getaffinity", (__NR_SYSCALL_BASE + 240) },
218@@ -374,6 +376,8 @@ const struct arch_syscall_def mips_syscall_table[] = { \
219 { "socketcall", (__NR_SYSCALL_BASE + 102) },
220 { "socketpair", (__NR_SYSCALL_BASE + 184) },
221 { "splice", (__NR_SYSCALL_BASE + 304) },
222+ { "spu_create", __PNR_spu_create },
223+ { "spu_run", __PNR_spu_run },
224 { "ssetmask", (__NR_SYSCALL_BASE + 69) },
225 { "stat", (__NR_SYSCALL_BASE + 106) },
226 { "stat64", (__NR_SYSCALL_BASE + 213) },
227@@ -381,6 +385,8 @@ const struct arch_syscall_def mips_syscall_table[] = { \
228 { "statfs64", (__NR_SYSCALL_BASE + 255) },
229 { "stime", (__NR_SYSCALL_BASE + 25) },
230 { "stty", (__NR_SYSCALL_BASE + 31) },
231+ { "subpage_prot", __PNR_subpage_prot },
232+ { "swapcontext", __PNR_swapcontext },
233 { "swapoff", (__NR_SYSCALL_BASE + 115) },
234 { "swapon", (__NR_SYSCALL_BASE + 87) },
235 { "symlink", (__NR_SYSCALL_BASE + 83) },
236@@ -390,6 +396,7 @@ const struct arch_syscall_def mips_syscall_table[] = { \
237 { "sync_file_range2", __PNR_sync_file_range2 },
238 { "syncfs", (__NR_SYSCALL_BASE + 342) },
239 { "syscall", (__NR_SYSCALL_BASE + 0) },
240+ { "sys_debug_setcontext", __PNR_sys_debug_setcontext },
241 { "sysfs", (__NR_SYSCALL_BASE + 135) },
242 { "sysinfo", (__NR_SYSCALL_BASE + 116) },
243 { "syslog", (__NR_SYSCALL_BASE + 103) },
244diff --git a/src/arch-mips64-syscalls.c b/src/arch-mips64-syscalls.c
245index 8b1fe9e..007a472 100644
246--- a/src/arch-mips64-syscalls.c
247+++ b/src/arch-mips64-syscalls.c
248@@ -227,6 +227,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
249 { "msgrcv", (__NR_SYSCALL_BASE + 68) },
250 { "msgsnd", (__NR_SYSCALL_BASE + 67) },
251 { "msync", (__NR_SYSCALL_BASE + 25) },
252+ { "multiplexer", __PNR_multiplexer },
253 { "munlock", (__NR_SYSCALL_BASE + 147) },
254 { "munlockall", (__NR_SYSCALL_BASE + 149) },
255 { "munmap", (__NR_SYSCALL_BASE + 11) },
256@@ -297,6 +298,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
257 { "rt_sigsuspend", (__NR_SYSCALL_BASE + 128) },
258 { "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
259 { "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 291) },
260+ { "rtas", __PNR_rtas },
261 { "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
262 { "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
263 { "sched_getaffinity", (__NR_SYSCALL_BASE + 196) },
264@@ -374,6 +376,8 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
265 { "socketcall", __PNR_socketcall },
266 { "socketpair", (__NR_SYSCALL_BASE + 52) },
267 { "splice", (__NR_SYSCALL_BASE + 263) },
268+ { "spu_create", __PNR_spu_create },
269+ { "spu_run", __PNR_spu_run },
270 { "ssetmask", __PNR_ssetmask },
271 { "stat", (__NR_SYSCALL_BASE + 4) },
272 { "stat64", __PNR_stat64 },
273@@ -381,6 +385,8 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
274 { "statfs64", __PNR_statfs64 },
275 { "stime", __PNR_stime },
276 { "stty", __PNR_stty },
277+ { "subpage_prot", __PNR_subpage_prot },
278+ { "swapcontext", __PNR_swapcontext },
279 { "swapoff", (__NR_SYSCALL_BASE + 163) },
280 { "swapon", (__NR_SYSCALL_BASE + 162) },
281 { "symlink", (__NR_SYSCALL_BASE + 86) },
282@@ -390,6 +396,7 @@ const struct arch_syscall_def mips64_syscall_table[] = { \
283 { "sync_file_range2", __PNR_sync_file_range2 },
284 { "syncfs", (__NR_SYSCALL_BASE + 301) },
285 { "syscall", __PNR_syscall },
286+ { "sys_debug_setcontext", __PNR_sys_debug_setcontext },
287 { "sysfs", (__NR_SYSCALL_BASE + 136) },
288 { "sysinfo", (__NR_SYSCALL_BASE + 97) },
289 { "syslog", (__NR_SYSCALL_BASE + 101) },
290diff --git a/src/arch-mips64n32-syscalls.c b/src/arch-mips64n32-syscalls.c
291index da72899..ae1c9b8 100644
292--- a/src/arch-mips64n32-syscalls.c
293+++ b/src/arch-mips64n32-syscalls.c
294@@ -227,6 +227,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
295 { "msgrcv", (__NR_SYSCALL_BASE + 68) },
296 { "msgsnd", (__NR_SYSCALL_BASE + 67) },
297 { "msync", (__NR_SYSCALL_BASE + 25) },
298+ { "multiplexer", __PNR_multiplexer },
299 { "munlock", (__NR_SYSCALL_BASE + 147) },
300 { "munlockall", (__NR_SYSCALL_BASE + 149) },
301 { "munmap", (__NR_SYSCALL_BASE + 11) },
302@@ -297,6 +298,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
303 { "rt_sigsuspend", (__NR_SYSCALL_BASE + 128) },
304 { "rt_sigtimedwait", (__NR_SYSCALL_BASE + 126) },
305 { "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 295) },
306+ { "rtas", __PNR_rtas },
307 { "sched_get_priority_max", (__NR_SYSCALL_BASE + 143) },
308 { "sched_get_priority_min", (__NR_SYSCALL_BASE + 144) },
309 { "sched_getaffinity", (__NR_SYSCALL_BASE + 196) },
310@@ -374,6 +376,8 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
311 { "socketcall", __PNR_socketcall },
312 { "socketpair", (__NR_SYSCALL_BASE + 52) },
313 { "splice", (__NR_SYSCALL_BASE + 267) },
314+ { "spu_create", __PNR_spu_create },
315+ { "spu_run", __PNR_spu_run },
316 { "ssetmask", __PNR_ssetmask },
317 { "stat", (__NR_SYSCALL_BASE + 4) },
318 { "stat64", __PNR_stat64 },
319@@ -381,6 +385,8 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
320 { "statfs64", (__NR_SYSCALL_BASE + 217) },
321 { "stime", __PNR_stime },
322 { "stty", __PNR_stty },
323+ { "subpage_prot", __PNR_subpage_prot },
324+ { "swapcontext", __PNR_swapcontext },
325 { "swapoff", (__NR_SYSCALL_BASE + 163) },
326 { "swapon", (__NR_SYSCALL_BASE + 162) },
327 { "symlink", (__NR_SYSCALL_BASE + 86) },
328@@ -390,6 +396,7 @@ const struct arch_syscall_def mips64n32_syscall_table[] = { \
329 { "sync_file_range2", __PNR_sync_file_range2 },
330 { "syncfs", (__NR_SYSCALL_BASE + 306) },
331 { "syscall", __PNR_syscall },
332+ { "sys_debug_setcontext", __PNR_sys_debug_setcontext },
333 { "sysfs", (__NR_SYSCALL_BASE + 136) },
334 { "sysinfo", (__NR_SYSCALL_BASE + 97) },
335 { "syslog", (__NR_SYSCALL_BASE + 101) },
336diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
337new file mode 100644
338index 0000000..5dfb367
339--- /dev/null
340+++ b/src/arch-ppc64-syscalls.c
341@@ -0,0 +1,502 @@
342+/**
343+ * Enhanced Seccomp PPC64 Specific Code
344+ *
345+ * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
346+ * Author: Paul Moore <pmoore@redhat.com>
347+ *
348+ */
349+
350+/*
351+ * This library is free software; you can redistribute it and/or modify it
352+ * under the terms of version 2.1 of the GNU Lesser General Public License as
353+ * published by the Free Software Foundation.
354+ *
355+ * This library is distributed in the hope that it will be useful, but WITHOUT
356+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
357+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
358+ * for more details.
359+ *
360+ * You should have received a copy of the GNU Lesser General Public License
361+ * along with this library; if not, see <http://www.gnu.org/licenses>.
362+ */
363+
364+#include <string.h>
365+
366+#include <seccomp.h>
367+
368+#include "arch.h"
369+#include "arch-ppc64.h"
370+
371+/* NOTE: based on Linux 3.17-rc6+ */
372+const struct arch_syscall_def ppc64_syscall_table[] = { \
373+ { "_llseek", 140 },
374+ { "_newselect", 142 },
375+ { "_sysctl", 149 },
376+ { "accept", 330 },
377+ { "accept4", 344 },
378+ { "access", 33 },
379+ { "acct", 51 },
380+ { "add_key", 269 },
381+ { "adjtimex", 124 },
382+ { "afs_syscall", 137 },
383+ { "alarm", 27 },
384+ { "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
385+ { "arm_sync_file_range", __PNR_arm_sync_file_range },
386+ { "arch_prctl", __PNR_arch_prctl },
387+ { "bdflush", 134 },
388+ { "bind", 327 },
389+ { "break", 17 },
390+ { "brk", 45 },
391+ { "cachectl", __PNR_cachectl },
392+ { "cacheflush", __PNR_cacheflush },
393+ { "capget", 183 },
394+ { "capset", 184 },
395+ { "chdir", 12 },
396+ { "chmod", 15 },
397+ { "chown", 181 },
398+ { "chown32", __PNR_chown32 },
399+ { "chroot", 61 },
400+ { "clock_adjtime", 347 },
401+ { "clock_getres", 247 },
402+ { "clock_gettime", 246 },
403+ { "clock_nanosleep", 248 },
404+ { "clock_settime", 245 },
405+ { "clone", 120 },
406+ { "close", 6 },
407+ { "connect", 328 },
408+ { "creat", 8 },
409+ { "create_module", 127 },
410+ { "delete_module", 129 },
411+ { "dup", 41 },
412+ { "dup2", 63 },
413+ { "dup3", 316 },
414+ { "epoll_create", 236 },
415+ { "epoll_create1", 315 },
416+ { "epoll_ctl", 237 },
417+ { "epoll_ctl_old", __PNR_epoll_ctl_old },
418+ { "epoll_pwait", 303 },
419+ { "epoll_wait", 238 },
420+ { "epoll_wait_old", __PNR_epoll_wait_old },
421+ { "eventfd", 307 },
422+ { "eventfd2", 314 },
423+ { "execve", 11 },
424+ { "exit", 1 },
425+ { "exit_group", 234 },
426+ { "faccessat", 298 },
427+ { "fadvise64", 233 },
428+ { "fadvise64_64", 254 },
429+ { "fallocate", 309 },
430+ { "fanotify_init", 323 },
431+ { "fanotify_mark", 324 },
432+ { "fchdir", 133 },
433+ { "fchmod", 94 },
434+ { "fchmodat", 297 },
435+ { "fchown", 95 },
436+ { "fchown32", __PNR_fchown32 },
437+ { "fchownat", 289 },
438+ { "fcntl", 55 },
439+ { "fcntl64", 204 },
440+ { "fdatasync", 148 },
441+ { "fgetxattr", 214 },
442+ { "finit_module", 353 },
443+ { "flistxattr", 217 },
444+ { "flock", 143 },
445+ { "fork", 2 },
446+ { "fremovexattr", 220 },
447+ { "fsetxattr", 211 },
448+ { "fstat", 108 },
449+ { "fstat64", 197 },
450+ { "fstatat64", 291 },
451+ { "fstatfs", 100 },
452+ { "fstatfs64", 253 },
453+ { "fsync", 118 },
454+ { "ftime", 35 },
455+ { "ftruncate", 93 },
456+ { "ftruncate64", 194 },
457+ { "futex", 221 },
458+ { "futimesat", 290 },
459+ { "get_kernel_syms", 130 },
460+ { "get_mempolicy", 260 },
461+ { "get_robust_list", 299 },
462+ { "get_thread_area", __PNR_get_thread_area },
463+ { "getcpu", 302 },
464+ { "getcwd", 182 },
465+ { "getdents", 141 },
466+ { "getdents64", 202 },
467+ { "getegid", 50 },
468+ { "getegid32", __PNR_getegid32 },
469+ { "geteuid", 49 },
470+ { "geteuid32", __PNR_geteuid32 },
471+ { "getgid", 47 },
472+ { "getgid32", __PNR_getgid32 },
473+ { "getgroups", 80 },
474+ { "getgroups32", __PNR_getgroups32 },
475+ { "getitimer", 105 },
476+ { "getpeername", 332 },
477+ { "getpgid", 132 },
478+ { "getpgrp", 65 },
479+ { "getpid", 20 },
480+ { "getpmsg", 187 },
481+ { "getppid", 64 },
482+ { "getpriority", 96 },
483+ { "getrandom", 359 },
484+ { "getresgid", 170 },
485+ { "getresgid32", __PNR_getresgid32 },
486+ { "getresuid", 165 },
487+ { "getresuid32", __PNR_getresuid32 },
488+ { "getrlimit", 76 },
489+ { "getrusage", 77 },
490+ { "getsid", 147 },
491+ { "getsockname", 331 },
492+ { "getsockopt", 340 },
493+ { "gettid", 207 },
494+ { "gettimeofday", 78 },
495+ { "getuid", 24 },
496+ { "getuid32", __PNR_getuid32 },
497+ { "getxattr", 212 },
498+ { "gtty", 32 },
499+ { "idle", 112 },
500+ { "init_module", 128 },
501+ { "inotify_add_watch", 276 },
502+ { "inotify_init", 275 },
503+ { "inotify_init1", 318 },
504+ { "inotify_rm_watch", 277 },
505+ { "io_cancel", 231 },
506+ { "io_destroy", 228 },
507+ { "io_getevents", 229 },
508+ { "io_setup", 227 },
509+ { "io_submit", 230 },
510+ { "ioctl", 54 },
511+ { "ioperm", 101 },
512+ { "iopl", 110 },
513+ { "ioprio_get", 274 },
514+ { "ioprio_set", 273 },
515+ { "ipc", 117 },
516+ { "kcmp", 354 },
517+ { "kexec_file_load", __PNR_kexec_file_load },
518+ { "kexec_load", 268 },
519+ { "keyctl", 271 },
520+ { "kill", 37 },
521+ { "lchown", 16 },
522+ { "lchown32", __PNR_lchown32 },
523+ { "lgetxattr", 213 },
524+ { "link", 9 },
525+ { "linkat", 294 },
526+ { "listen", 329 },
527+ { "listxattr", 215 },
528+ { "llistxattr", 216 },
529+ { "lock", 53 },
530+ { "lookup_dcookie", 235 },
531+ { "lremovexattr", 219 },
532+ { "lseek", 19 },
533+ { "lsetxattr", 210 },
534+ { "lstat", 107 },
535+ { "lstat64", 196 },
536+ { "madvise", 205 },
537+ { "mbind", 259 },
538+ { "memfd_create", 360 },
539+ { "migrate_pages", 258 },
540+ { "mincore", 206 },
541+ { "mkdir", 39 },
542+ { "mkdirat", 287 },
543+ { "mknod", 14 },
544+ { "mknodat", 288 },
545+ { "mlock", 150 },
546+ { "mlockall", 152 },
547+ { "mmap", 90 },
548+ { "mmap2", 192 },
549+ { "modify_ldt", 123 },
550+ { "mount", 21 },
551+ { "move_pages", 301 },
552+ { "mprotect", 125 },
553+ { "mpx", 56 },
554+ { "mq_getsetattr", 267 },
555+ { "mq_notify", 266 },
556+ { "mq_open", 262 },
557+ { "mq_timedreceive", 265 },
558+ { "mq_timedsend", 264 },
559+ { "mq_unlink", 263 },
560+ { "mremap", 163 },
561+ { "msgctl", __PNR_msgctl },
562+ { "msgget", __PNR_msgget },
563+ { "msgrcv", __PNR_msgrcv },
564+ { "msgsnd", __PNR_msgsnd },
565+ { "msync", 144 },
566+ { "multiplexer", 201 },
567+ { "munlock", 151 },
568+ { "munlockall", 153 },
569+ { "munmap", 91 },
570+ { "name_to_handle_at", 345 },
571+ { "nanosleep", 162 },
572+ { "newfstatat", __PNR_newfstatat },
573+ { "nfsservctl", 168 },
574+ { "nice", 34 },
575+ { "oldfstat", 28 },
576+ { "oldlstat", 84 },
577+ { "oldolduname", 59 },
578+ { "oldstat", 18 },
579+ { "olduname", 109 },
580+ { "oldwait4", __PNR_oldwait4 },
581+ { "open", 5 },
582+ { "open_by_handle_at", 346 },
583+ { "openat", 286 },
584+ { "pause", 29 },
585+ { "pciconfig_iobase", 200 },
586+ { "pciconfig_read", 198 },
587+ { "pciconfig_write", 199 },
588+ { "perf_event_open", 319 },
589+ { "personality", 136 },
590+ { "pipe", 42 },
591+ { "pipe2", 317 },
592+ { "pivot_root", 203 },
593+ { "poll", 167 },
594+ { "ppoll", 281 },
595+ { "prctl", 171 },
596+ { "pread64", 179 },
597+ { "preadv", 320 },
598+ { "prlimit64", 325 },
599+ { "process_vm_readv", 351 },
600+ { "process_vm_writev", 352 },
601+ { "prof", 44 },
602+ { "profil", 98 },
603+ { "pselect6", 280 },
604+ { "ptrace", 26 },
605+ { "putpmsg", 188 },
606+ { "pwrite64", 180 },
607+ { "pwritev", 321 },
608+ { "query_module", 166 },
609+ { "quotactl", 131 },
610+ { "read", 3 },
611+ { "readahead", 191 },
612+ { "readdir", 89 },
613+ { "readlink", 85 },
614+ { "readlinkat", 296 },
615+ { "readv", 145 },
616+ { "reboot", 88 },
617+ { "recv", 336 },
618+ { "recvfrom", 337 },
619+ { "recvmmsg", 343 },
620+ { "recvmsg", 342 },
621+ { "remap_file_pages", 239 },
622+ { "removexattr", 218 },
623+ { "rename", 38 },
624+ { "renameat", 293 },
625+ { "renameat2", 357 },
626+ { "request_key", 270 },
627+ { "restart_syscall", 0 },
628+ { "rmdir", 40 },
629+ { "rt_sigaction", 173 },
630+ { "rt_sigpending", 175 },
631+ { "rt_sigprocmask", 174 },
632+ { "rt_sigqueueinfo", 177 },
633+ { "rt_sigreturn", 172 },
634+ { "rt_sigsuspend", 178 },
635+ { "rt_sigtimedwait", 176 },
636+ { "rt_tgsigqueueinfo", 322 },
637+ { "rtas", 255 },
638+ { "sched_get_priority_max", 159 },
639+ { "sched_get_priority_min", 160 },
640+ { "sched_getaffinity", 223 },
641+ { "sched_getattr", 356 },
642+ { "sched_getparam", 155 },
643+ { "sched_getscheduler", 157 },
644+ { "sched_rr_get_interval", 161 },
645+ { "sched_setaffinity", 222 },
646+ { "sched_setattr", 355 },
647+ { "sched_setparam", 154 },
648+ { "sched_setscheduler", 156 },
649+ { "sched_yield", 158 },
650+ { "seccomp", 358 },
651+ { "security", __PNR_security },
652+ { "select", 82 },
653+ { "semctl", __PNR_semctl },
654+ { "semget", __PNR_semget },
655+ { "semop", __PNR_semop },
656+ { "semtimedop", __PNR_semtimedop },
657+ { "send", 334 },
658+ { "sendfile", 186 },
659+ { "sendfile64", 226 },
660+ { "sendmmsg", 349 },
661+ { "sendmsg", 341 },
662+ { "sendto", 335 },
663+ { "set_mempolicy", 261 },
664+ { "set_robust_list", 300 },
665+ { "set_thread_area", __PNR_set_thread_area },
666+ { "set_tid_address", 232 },
667+ { "setdomainname", 121 },
668+ { "setfsgid", 139 },
669+ { "setfsgid32", __PNR_setfsgid32 },
670+ { "setfsuid", 138 },
671+ { "setfsuid32", __PNR_setfsuid32 },
672+ { "setgid", 46 },
673+ { "setgid32", __PNR_setgid32 },
674+ { "setgroups", 81 },
675+ { "setgroups32", __PNR_setgroups32 },
676+ { "sethostname", 74 },
677+ { "setitimer", 104 },
678+ { "setns", 350 },
679+ { "setpgid", 57 },
680+ { "setpriority", 97 },
681+ { "setregid", 71 },
682+ { "setregid32", __PNR_setregid32 },
683+ { "setresgid", 169 },
684+ { "setresgid32", __PNR_setresgid32 },
685+ { "setresuid", 164 },
686+ { "setresuid32", __PNR_setresuid32 },
687+ { "setreuid", 70 },
688+ { "setreuid32", __PNR_setreuid32 },
689+ { "setrlimit", 75 },
690+ { "setsid", 66 },
691+ { "setsockopt", 339 },
692+ { "settimeofday", 79 },
693+ { "setuid", 23 },
694+ { "setuid32", __PNR_setuid32 },
695+ { "setxattr", 209 },
696+ { "sgetmask", 68 },
697+ { "shmat", __PNR_shmat },
698+ { "shmctl", __PNR_shmctl },
699+ { "shmdt", __PNR_shmdt },
700+ { "shmget", __PNR_shmget },
701+ { "shutdown", 338 },
702+ { "sigaction", 67 },
703+ { "sigaltstack", 185 },
704+ { "signal", 48 },
705+ { "signalfd", 305 },
706+ { "signalfd4", 313 },
707+ { "sigpending", 73 },
708+ { "sigprocmask", 126 },
709+ { "sigreturn", 119 },
710+ { "sigsuspend", 72 },
711+ { "socket", 326 },
712+ { "socketcall", 102 },
713+ { "socketpair", 333 },
714+ { "splice", 283 },
715+ { "spu_create", 279 },
716+ { "spu_run", 278 },
717+ { "ssetmask", 69 },
718+ { "stat", 106 },
719+ { "stat64", 195 },
720+ { "statfs", 99 },
721+ { "statfs64", 252 },
722+ { "stime", 25 },
723+ { "stty", 31 },
724+ { "subpage_prot", 310 },
725+ { "swapcontext", 249 },
726+ { "swapoff", 115 },
727+ { "swapon", 87 },
728+ { "symlink", 83 },
729+ { "symlinkat", 295 },
730+ { "sync", 36 },
731+ { "sync_file_range", __PNR_sync_file_range },
732+ { "sync_file_range2", 308 },
733+ { "syncfs", 348 },
734+ { "syscall", __PNR_syscall },
735+ { "sys_debug_setcontext", 256 },
736+ { "sysfs", 135 },
737+ { "sysinfo", 116 },
738+ { "syslog", 103 },
739+ { "sysmips", __PNR_sysmips },
740+ { "tee", 284 },
741+ { "tgkill", 250 },
742+ { "time", 13 },
743+ { "timer_create", 240 },
744+ { "timer_delete", 244 },
745+ { "timer_getoverrun", 243 },
746+ { "timer_gettime", 242 },
747+ { "timer_settime", 241 },
748+ { "timerfd", __PNR_timerfd },
749+ { "timerfd_create", 306 },
750+ { "timerfd_gettime", 312 },
751+ { "timerfd_settime", 311 },
752+ { "times", 43 },
753+ { "tkill", 208 },
754+ { "truncate", 92 },
755+ { "truncate64", 193 },
756+ { "tuxcall", 225 },
757+ { "ugetrlimit", 190 },
758+ { "ulimit", 58 },
759+ { "umask", 60 },
760+ { "umount", 22 },
761+ { "umount2", 52 },
762+ { "uname", 122 },
763+ { "unlink", 10 },
764+ { "unlinkat", 292 },
765+ { "unshare", 282 },
766+ { "uselib", 86 },
767+ { "ustat", 62 },
768+ { "utime", 30 },
769+ { "utimensat", 304 },
770+ { "utimes", 251 },
771+ { "vfork", 189 },
772+ { "vhangup", 111 },
773+ { "vm86", 113 },
774+ { "vm86old", __PNR_vm86old },
775+ { "vmsplice", 285 },
776+ { "vserver", __PNR_vserver },
777+ { "wait4", 114 },
778+ { "waitid", 272 },
779+ { "waitpid", 7 },
780+ { "write", 4 },
781+ { "writev", 146 },
782+ { NULL, __NR_SCMP_ERROR },
783+};
784+
785+/**
786+ * Resolve a syscall name to a number
787+ * @param name the syscall name
788+ *
789+ * Resolve the given syscall name to the syscall number using the syscall table.
790+ * Returns the syscall number on success, including negative pseudo syscall
791+ * numbers; returns __NR_SCMP_ERROR on failure.
792+ *
793+ */
794+int ppc64_syscall_resolve_name(const char *name)
795+{
796+ unsigned int iter;
797+ const struct arch_syscall_def *table = ppc64_syscall_table;
798+
799+ /* XXX - plenty of room for future improvement here */
800+ for (iter = 0; table[iter].name != NULL; iter++) {
801+ if (strcmp(name, table[iter].name) == 0)
802+ return table[iter].num;
803+ }
804+
805+ return __NR_SCMP_ERROR;
806+}
807+
808+/**
809+ * Resolve a syscall number to a name
810+ * @param num the syscall number
811+ *
812+ * Resolve the given syscall number to the syscall name using the syscall table.
813+ * Returns a pointer to the syscall name string on success, including pseudo
814+ * syscall names; returns NULL on failure.
815+ *
816+ */
817+const char *ppc64_syscall_resolve_num(int num)
818+{
819+ unsigned int iter;
820+ const struct arch_syscall_def *table = ppc64_syscall_table;
821+
822+ /* XXX - plenty of room for future improvement here */
823+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
824+ if (num == table[iter].num)
825+ return table[iter].name;
826+ }
827+
828+ return NULL;
829+}
830+
831+/**
832+ * Iterate through the syscall table and return the syscall name
833+ * @param spot the offset into the syscall table
834+ *
835+ * Return the syscall name at position @spot or NULL on failure. This function
836+ * should only ever be used internally by libseccomp.
837+ *
838+ */
839+const char *ppc64_syscall_iterate_name(unsigned int spot)
840+{
841+ /* XXX - no safety checks here */
842+ return ppc64_syscall_table[spot].name;
843+}
844diff --git a/src/arch-ppc64.c b/src/arch-ppc64.c
845new file mode 100644
846index 0000000..5f461cb
847--- /dev/null
848+++ b/src/arch-ppc64.c
849@@ -0,0 +1,40 @@
850+/**
851+ * Enhanced Seccomp PPC64 Specific Code
852+ *
853+ * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
854+ * Author: Paul Moore <pmoore@redhat.com>
855+ *
856+ */
857+
858+/*
859+ * This library is free software; you can redistribute it and/or modify it
860+ * under the terms of version 2.1 of the GNU Lesser General Public License as
861+ * published by the Free Software Foundation.
862+ *
863+ * This library is distributed in the hope that it will be useful, but WITHOUT
864+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
865+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
866+ * for more details.
867+ *
868+ * You should have received a copy of the GNU Lesser General Public License
869+ * along with this library; if not, see <http://www.gnu.org/licenses>.
870+ */
871+
872+#include <linux/audit.h>
873+
874+#include "arch.h"
875+#include "arch-ppc64.h"
876+
877+const struct arch_def arch_def_ppc64 = {
878+ .token = SCMP_ARCH_PPC64,
879+ .token_bpf = AUDIT_ARCH_PPC64,
880+ .size = ARCH_SIZE_64,
881+ .endian = ARCH_ENDIAN_BIG,
882+};
883+
884+const struct arch_def arch_def_ppc64le = {
885+ .token = SCMP_ARCH_PPC64LE,
886+ .token_bpf = AUDIT_ARCH_PPC64LE,
887+ .size = ARCH_SIZE_64,
888+ .endian = ARCH_ENDIAN_LITTLE,
889+};
890diff --git a/src/arch-ppc64.h b/src/arch-ppc64.h
891new file mode 100644
892index 0000000..1aec743
893--- /dev/null
894+++ b/src/arch-ppc64.h
895@@ -0,0 +1,39 @@
896+/**
897+ * Enhanced Seccomp PPC64 Specific Code
898+ *
899+ * Copyright (c) 2014 Red Hat <pmoore@redhat.com>
900+ * Author: Paul Moore <pmoore@redhat.com>
901+ *
902+ */
903+
904+/*
905+ * This library is free software; you can redistribute it and/or modify it
906+ * under the terms of version 2.1 of the GNU Lesser General Public License as
907+ * published by the Free Software Foundation.
908+ *
909+ * This library is distributed in the hope that it will be useful, but WITHOUT
910+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
911+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
912+ * for more details.
913+ *
914+ * You should have received a copy of the GNU Lesser General Public License
915+ * along with this library; if not, see <http://www.gnu.org/licenses>.
916+ */
917+
918+#ifndef _ARCH_PPC64_H
919+#define _ARCH_PPC64_H
920+
921+#include <inttypes.h>
922+
923+#include "arch.h"
924+#include "system.h"
925+
926+extern const struct arch_def arch_def_ppc64;
927+extern const struct arch_def arch_def_ppc64le;
928+
929+int ppc64_syscall_resolve_name(const char *name);
930+const char *ppc64_syscall_resolve_num(int num);
931+
932+const char *ppc64_syscall_iterate_name(unsigned int spot);
933+
934+#endif
935diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c
936index a074c9d..dadab0d 100644
937--- a/src/arch-syscall-check.c
938+++ b/src/arch-syscall-check.c
939@@ -33,6 +33,7 @@
940 #include "arch-mips.h"
941 #include "arch-mips64.h"
942 #include "arch-mips64n32.h"
943+#include "arch-ppc64.h"
944
945 /**
946 * compare the syscall values
947@@ -67,6 +68,7 @@ int main(int argc, char *argv[])
948 int i_mips = 0;
949 int i_mips64 = 0;
950 int i_mips64n32 = 0;
951+ int i_ppc64 = 0;
952 const char *sys_name;
953 char str_miss[256];
954
955@@ -93,6 +95,8 @@ int main(int argc, char *argv[])
956 mips64_syscall_iterate_name(i_mips64));
957 syscall_check(str_miss, sys_name, "mips64n32",
958 mips64n32_syscall_iterate_name(i_mips64n32));
959+ syscall_check(str_miss, sys_name, "ppc64",
960+ ppc64_syscall_iterate_name(i_mips64n32));
961
962 /* output the results */
963 printf("%s: ", sys_name);
964@@ -111,17 +115,20 @@ int main(int argc, char *argv[])
965 i_x32 = -1;
966 if (!arm_syscall_iterate_name(++i_arm))
967 i_arm = -1;
968+ if (!aarch64_syscall_iterate_name(++i_aarch64))
969+ i_aarch64 = -1;
970 if (!mips_syscall_iterate_name(++i_mips))
971 i_mips = -1;
972 if (!mips64_syscall_iterate_name(++i_mips64))
973 i_mips64 = -1;
974 if (!mips64n32_syscall_iterate_name(++i_mips64n32))
975 i_mips64n32 = -1;
976- if (!aarch64_syscall_iterate_name(++i_aarch64))
977- i_aarch64 = -1;
978+ if (!ppc64_syscall_iterate_name(++i_ppc64))
979+ i_ppc64 = -1;
980 } while (i_x86_64 >= 0 && i_x32 >= 0 &&
981 i_arm >= 0 && i_aarch64 >= 0 &&
982- i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0);
983+ i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
984+ i_ppc64 >= 0);
985
986 /* check for any leftovers */
987 sys_name = x86_syscall_iterate_name(i_x86 + 1);
988@@ -164,6 +171,11 @@ int main(int argc, char *argv[])
989 mips64n32_syscall_iterate_name(i_mips64n32));
990 return 1;
991 }
992+ if (i_ppc64 >= 0) {
993+ printf("%s: ERROR, ppc64 has additional syscalls\n",
994+ ppc64_syscall_iterate_name(i_ppc64));
995+ return 1;
996+ }
997
998 /* if we made it here, all is good */
999 return 0;
1000diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c
1001index 4f53070..985a250 100644
1002--- a/src/arch-syscall-dump.c
1003+++ b/src/arch-syscall-dump.c
1004@@ -38,6 +38,7 @@
1005 #include "arch-mips64.h"
1006 #include "arch-mips64n32.h"
1007 #include "arch-aarch64.h"
1008+#include "arch-ppc64.h"
1009
1010 /**
1011 * Print the usage information to stderr and exit
1012@@ -97,6 +98,9 @@ int main(int argc, char *argv[])
1013 case SCMP_ARCH_ARM:
1014 sys_name = arm_syscall_iterate_name(iter);
1015 break;
1016+ case SCMP_ARCH_AARCH64:
1017+ sys_name = aarch64_syscall_iterate_name(iter);
1018+ break;
1019 case SCMP_ARCH_MIPS:
1020 case SCMP_ARCH_MIPSEL:
1021 sys_name = mips_syscall_iterate_name(iter);
1022@@ -109,9 +113,10 @@ int main(int argc, char *argv[])
1023 case SCMP_ARCH_MIPSEL64N32:
1024 sys_name = mips64n32_syscall_iterate_name(iter);
1025 break;
1026- case SCMP_ARCH_AARCH64:
1027- sys_name = aarch64_syscall_iterate_name(iter);
1028+ case SCMP_ARCH_PPC64:
1029+ sys_name = ppc64_syscall_iterate_name(iter);
1030 break;
1031+
1032 default:
1033 /* invalid arch */
1034 exit_usage(argv[0]);
1035diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
1036index 2cbf696..eeb4d8b 100755
1037--- a/src/arch-syscall-validate
1038+++ b/src/arch-syscall-validate
1039@@ -303,6 +303,29 @@ function dump_lib_mips64n32() {
1040 }
1041
1042 #
1043+# Dump the ppc64 system syscall table
1044+#
1045+# Arguments:
1046+# 1 path to the kernel source
1047+#
1048+# Dump the architecture's syscall table to stdout.
1049+#
1050+function dump_sys_ppc64() {
1051+ gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \
1052+ grep "^#define __NR_" | sort | \
1053+ sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/'
1054+}
1055+
1056+#
1057+# Dump the ppc64 library syscall table
1058+#
1059+# Dump the library's syscall table to stdout.
1060+#
1061+function dump_lib_ppc64() {
1062+ $LIB_SYS_DUMP -a ppc64 | sed -e '/[^\t]\+\t-[0-9]\+/d'
1063+}
1064+
1065+#
1066 # Dump the system syscall table
1067 #
1068 # Arguments:
1069@@ -337,6 +360,9 @@ function dump_sys() {
1070 mips64n32)
1071 dump_sys_mips64n32 "$2"
1072 ;;
1073+ ppc64)
1074+ dump_sys_ppc64 "$2"
1075+ ;;
1076 *)
1077 echo ""
1078 ;;
1079@@ -377,6 +403,9 @@ function dump_lib() {
1080 mips64n32)
1081 dump_lib_mips64n32 "$2"
1082 ;;
1083+ ppc64)
1084+ dump_lib_ppc64 "$2"
1085+ ;;
1086 *)
1087 echo ""
1088 ;;
1089@@ -413,7 +442,7 @@ shift $(($OPTIND - 1))
1090
1091 # defaults
1092 if [[ $arches == "" ]]; then
1093- arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32"
1094+ arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64"
1095 fi
1096
1097 # sanity checks
1098diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c
1099index 7876aa7..578d534 100644
1100--- a/src/arch-x32-syscalls.c
1101+++ b/src/arch-x32-syscalls.c
1102@@ -223,6 +223,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
1103 { "msgrcv", (X32_SYSCALL_BIT + 70) },
1104 { "msgsnd", (X32_SYSCALL_BIT + 69) },
1105 { "msync", (X32_SYSCALL_BIT + 26) },
1106+ { "multiplexer", __PNR_multiplexer },
1107 { "munlock", (X32_SYSCALL_BIT + 150) },
1108 { "munlockall", (X32_SYSCALL_BIT + 152) },
1109 { "munmap", (X32_SYSCALL_BIT + 11) },
1110@@ -293,6 +294,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
1111 { "rt_sigsuspend", (X32_SYSCALL_BIT + 130) },
1112 { "rt_sigtimedwait", (X32_SYSCALL_BIT + 523) },
1113 { "rt_tgsigqueueinfo", (X32_SYSCALL_BIT + 536) },
1114+ { "rtas", __PNR_rtas },
1115 { "sched_get_priority_max", (X32_SYSCALL_BIT + 146) },
1116 { "sched_get_priority_min", (X32_SYSCALL_BIT + 147) },
1117 { "sched_getaffinity", (X32_SYSCALL_BIT + 204) },
1118@@ -370,6 +372,8 @@ const struct arch_syscall_def x32_syscall_table[] = { \
1119 { "socketcall", __PNR_socketcall },
1120 { "socketpair", (X32_SYSCALL_BIT + 53) },
1121 { "splice", (X32_SYSCALL_BIT + 275) },
1122+ { "spu_create", __PNR_spu_create },
1123+ { "spu_run", __PNR_spu_run },
1124 { "ssetmask", __PNR_ssetmask },
1125 { "stat", (X32_SYSCALL_BIT + 4) },
1126 { "stat64", __PNR_stat64 },
1127@@ -377,6 +381,8 @@ const struct arch_syscall_def x32_syscall_table[] = { \
1128 { "statfs64", __PNR_statfs64 },
1129 { "stime", __PNR_stime },
1130 { "stty", __PNR_stty },
1131+ { "subpage_prot", __PNR_subpage_prot },
1132+ { "swapcontext", __PNR_swapcontext },
1133 { "swapoff", (X32_SYSCALL_BIT + 168) },
1134 { "swapon", (X32_SYSCALL_BIT + 167) },
1135 { "symlink", (X32_SYSCALL_BIT + 88) },
1136@@ -386,6 +392,7 @@ const struct arch_syscall_def x32_syscall_table[] = { \
1137 { "sync_file_range2", __PNR_sync_file_range2 },
1138 { "syncfs", (X32_SYSCALL_BIT + 306) },
1139 { "syscall", __PNR_syscall },
1140+ { "sys_debug_setcontext", __PNR_sys_debug_setcontext },
1141 { "sysfs", (X32_SYSCALL_BIT + 139) },
1142 { "sysinfo", (X32_SYSCALL_BIT + 99) },
1143 { "syslog", (X32_SYSCALL_BIT + 103) },
1144diff --git a/src/arch-x86-syscalls.c b/src/arch-x86-syscalls.c
1145index 1d36c0b..92343f0 100644
1146--- a/src/arch-x86-syscalls.c
1147+++ b/src/arch-x86-syscalls.c
1148@@ -223,6 +223,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
1149 { "msgrcv", __PNR_msgrcv },
1150 { "msgsnd", __PNR_msgsnd },
1151 { "msync", 144 },
1152+ { "multiplexer", __PNR_multiplexer },
1153 { "munlock", 151 },
1154 { "munlockall", 153 },
1155 { "munmap", 91 },
1156@@ -293,6 +294,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
1157 { "rt_sigsuspend", 179 },
1158 { "rt_sigtimedwait", 177 },
1159 { "rt_tgsigqueueinfo", 335 },
1160+ { "rtas", __PNR_rtas },
1161 { "sched_get_priority_max", 159 },
1162 { "sched_get_priority_min", 160 },
1163 { "sched_getaffinity", 242 },
1164@@ -370,6 +372,8 @@ const struct arch_syscall_def x86_syscall_table[] = { \
1165 { "socketcall", 102 },
1166 { "socketpair", __PNR_socketpair },
1167 { "splice", 313 },
1168+ { "spu_create", __PNR_spu_create },
1169+ { "spu_run", __PNR_spu_run },
1170 { "ssetmask", 69 },
1171 { "stat", 106 },
1172 { "stat64", 195 },
1173@@ -377,6 +381,8 @@ const struct arch_syscall_def x86_syscall_table[] = { \
1174 { "statfs64", 268 },
1175 { "stime", 25 },
1176 { "stty", 31 },
1177+ { "subpage_prot", __PNR_subpage_prot },
1178+ { "swapcontext", __PNR_swapcontext },
1179 { "swapoff", 115 },
1180 { "swapon", 87 },
1181 { "symlink", 83 },
1182@@ -386,6 +392,7 @@ const struct arch_syscall_def x86_syscall_table[] = { \
1183 { "sync_file_range2", __PNR_sync_file_range2 },
1184 { "syncfs", 344 },
1185 { "syscall", __PNR_syscall },
1186+ { "sys_debug_setcontext", __PNR_sys_debug_setcontext },
1187 { "sysfs", 135 },
1188 { "sysinfo", 116 },
1189 { "syslog", 103 },
1190diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c
1191index 69c22ab..d0d4241 100644
1192--- a/src/arch-x86_64-syscalls.c
1193+++ b/src/arch-x86_64-syscalls.c
1194@@ -223,6 +223,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
1195 { "msgrcv", 70 },
1196 { "msgsnd", 69 },
1197 { "msync", 26 },
1198+ { "multiplexer", __PNR_multiplexer },
1199 { "munlock", 150 },
1200 { "munlockall", 152 },
1201 { "munmap", 11 },
1202@@ -293,6 +294,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
1203 { "rt_sigsuspend", 130 },
1204 { "rt_sigtimedwait", 128 },
1205 { "rt_tgsigqueueinfo", 297 },
1206+ { "rtas", __PNR_rtas },
1207 { "sched_get_priority_max", 146 },
1208 { "sched_get_priority_min", 147 },
1209 { "sched_getaffinity", 204 },
1210@@ -370,6 +372,8 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
1211 { "socketcall", __PNR_socketcall },
1212 { "socketpair", 53 },
1213 { "splice", 275 },
1214+ { "spu_create", __PNR_spu_create },
1215+ { "spu_run", __PNR_spu_run },
1216 { "ssetmask", __PNR_ssetmask },
1217 { "stat", 4 },
1218 { "stat64", __PNR_stat64 },
1219@@ -377,6 +381,8 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
1220 { "statfs64", __PNR_statfs64 },
1221 { "stime", __PNR_stime },
1222 { "stty", __PNR_stty },
1223+ { "subpage_prot", __PNR_subpage_prot },
1224+ { "swapcontext", __PNR_swapcontext },
1225 { "swapoff", 168 },
1226 { "swapon", 167 },
1227 { "symlink", 88 },
1228@@ -386,6 +392,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = { \
1229 { "sync_file_range2", __PNR_sync_file_range2 },
1230 { "syncfs", 306 },
1231 { "syscall", __PNR_syscall },
1232+ { "sys_debug_setcontext", __PNR_sys_debug_setcontext },
1233 { "sysfs", 139 },
1234 { "sysinfo", 99 },
1235 { "syslog", 103 },
1236diff --git a/tools/util.h b/tools/util.h
1237index 261320f..95b06c9 100644
1238--- a/tools/util.h
1239+++ b/tools/util.h
1240@@ -47,6 +47,10 @@
1241 #define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
1242 #endif
1243
1244+#ifndef AUDIT_ARCH_PPC64LE
1245+#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
1246+#endif
1247+
1248 extern uint32_t arch;
1249
1250 void exit_usage(const char *program);
1251--
12522.3.5
1253
diff --git a/recipes-security/libseccomp/files/0002-arch-add-the-basic-initial-support-for-ppc64-to-the-.patch b/recipes-security/libseccomp/files/0002-arch-add-the-basic-initial-support-for-ppc64-to-the-.patch
new file mode 100644
index 0000000..15bc0a8
--- /dev/null
+++ b/recipes-security/libseccomp/files/0002-arch-add-the-basic-initial-support-for-ppc64-to-the-.patch
@@ -0,0 +1,128 @@
1From 70c69945bf0da09baec2e109ba19b883de4d0e80 Mon Sep 17 00:00:00 2001
2From: Paul Moore <pmoore@redhat.com>
3Date: Fri, 26 Sep 2014 12:06:18 -0400
4Subject: [PATCH 02/11] arch: add the basic initial support for ppc64 to the
5 arch-dependent code
6
7Signed-off-by: Paul Moore <pmoore@redhat.com>
8---
9 src/arch.c | 21 +++++++++++++++++++++
10 src/python/libseccomp.pxd | 2 ++
11 src/python/seccomp.pyx | 7 +++++++
12 3 files changed, 30 insertions(+)
13
14diff --git a/src/arch.c b/src/arch.c
15index e29b579..64fc1d1 100644
16--- a/src/arch.c
17+++ b/src/arch.c
18@@ -38,6 +38,7 @@
19 #include "arch-mips.h"
20 #include "arch-mips64.h"
21 #include "arch-mips64n32.h"
22+#include "arch-ppc64.h"
23 #include "system.h"
24
25 #define default_arg_count_max 6
26@@ -74,6 +75,12 @@ const struct arch_def *arch_def_native = &arch_def_mips64n32;
27 #elif __MIPSEL__
28 const struct arch_def *arch_def_native = &arch_def_mipsel64n32;
29 #endif /* _MIPS_SIM_NABI32 */
30+#elif __PPC64__
31+#ifdef __BIG_ENDIAN__
32+const struct arch_def *arch_def_native = &arch_def_ppc64;
33+#else
34+const struct arch_def *arch_def_native = &arch_def_ppc64le;
35+#endif
36 #else
37 #error the arch code needs to know about your machine type
38 #endif /* machine type guess */
39@@ -122,6 +129,10 @@ const struct arch_def *arch_def_lookup(uint32_t token)
40 return &arch_def_mips64n32;
41 case SCMP_ARCH_MIPSEL64N32:
42 return &arch_def_mipsel64n32;
43+ case SCMP_ARCH_PPC64:
44+ return &arch_def_ppc64;
45+ case SCMP_ARCH_PPC64LE:
46+ return &arch_def_ppc64le;
47 }
48
49 return NULL;
50@@ -158,6 +169,10 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
51 return &arch_def_mips64n32;
52 else if (strcmp(arch_name, "mipsel64n32") == 0)
53 return &arch_def_mipsel64n32;
54+ else if (strcmp(arch_name, "ppc64") == 0)
55+ return &arch_def_ppc64;
56+ else if (strcmp(arch_name, "ppc64le") == 0)
57+ return &arch_def_ppc64le;
58
59 return NULL;
60 }
61@@ -276,6 +291,9 @@ int arch_syscall_resolve_name(const struct arch_def *arch, const char *name)
62 case SCMP_ARCH_MIPS64N32:
63 case SCMP_ARCH_MIPSEL64N32:
64 return mips64n32_syscall_resolve_name(name);
65+ case SCMP_ARCH_PPC64:
66+ case SCMP_ARCH_PPC64LE:
67+ return ppc64_syscall_resolve_name(name);
68 }
69
70 return __NR_SCMP_ERROR;
71@@ -313,6 +331,9 @@ const char *arch_syscall_resolve_num(const struct arch_def *arch, int num)
72 case SCMP_ARCH_MIPS64N32:
73 case SCMP_ARCH_MIPSEL64N32:
74 return mips64n32_syscall_resolve_num(num);
75+ case SCMP_ARCH_PPC64:
76+ case SCMP_ARCH_PPC64LE:
77+ return ppc64_syscall_resolve_num(num);
78 }
79
80 return NULL;
81diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
82index 2b50f3f..a546550 100644
83--- a/src/python/libseccomp.pxd
84+++ b/src/python/libseccomp.pxd
85@@ -38,6 +38,8 @@ cdef extern from "seccomp.h":
86 SCMP_ARCH_MIPSEL
87 SCMP_ARCH_MIPSEL64
88 SCMP_ARCH_MIPSEL64N32
89+ SCMP_ARCH_PPC64
90+ SCMP_ARCH_PPC64LE
91
92 cdef enum scmp_filter_attr:
93 SCMP_FLTATR_ACT_DEFAULT
94diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
95index d2f7c90..f30a0b6 100644
96--- a/src/python/seccomp.pyx
97+++ b/src/python/seccomp.pyx
98@@ -147,6 +147,7 @@ cdef class Arch:
99 MIPSEL - MIPS little endian O32 ABI
100 MIPSEL64 - MIPS little endian 64-bit ABI
101 MIPSEL64N32 - MIPS little endian N32 ABI
102+ PPC64 - 64-bit PowerPC
103 """
104
105 cdef int _token
106@@ -163,6 +164,8 @@ cdef class Arch:
107 MIPSEL = libseccomp.SCMP_ARCH_MIPSEL
108 MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64
109 MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32
110+ PPC64 = libseccomp.SCMP_ARCH_PPC64
111+ PPC64 = libseccomp.SCMP_ARCH_PPC64LE
112
113 def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
114 """ Initialize the architecture object.
115@@ -198,6 +201,10 @@ cdef class Arch:
116 self._token = libseccomp.SCMP_ARCH_MIPSEL64
117 elif arch == libseccomp.SCMP_ARCH_MIPSEL64N32:
118 self._token = libseccomp.SCMP_ARCH_MIPSEL64N32
119+ elif arch == libseccomp.SCMP_ARCH_PPC64:
120+ self._token = libseccomp.SCMP_ARCH_PPC64
121+ elif arch == libseccomp.SCMP_ARCH_PPC64LE:
122+ self._token = libseccomp.SCMP_ARCH_PPC64LE
123 else:
124 self._token = 0;
125 elif isinstance(arch, basestring):
126--
1272.3.5
128
diff --git a/recipes-security/libseccomp/files/0003-tools-add-ppc64-support.patch b/recipes-security/libseccomp/files/0003-tools-add-ppc64-support.patch
new file mode 100644
index 0000000..fa56192
--- /dev/null
+++ b/recipes-security/libseccomp/files/0003-tools-add-ppc64-support.patch
@@ -0,0 +1,80 @@
1From 21e74cf80be3d55fdfa5600bc99f284b19f75b01 Mon Sep 17 00:00:00 2001
2From: Paul Moore <pmoore@redhat.com>
3Date: Fri, 26 Sep 2014 12:50:40 -0400
4Subject: [PATCH 03/11] tools: add ppc64 support
5
6Signed-off-by: Paul Moore <pmoore@redhat.com>
7---
8 tools/scmp_arch_detect.c | 6 ++++++
9 tools/scmp_bpf_disasm.c | 4 ++++
10 tools/scmp_bpf_sim.c | 4 ++++
11 tools/util.c | 6 ++++++
12 4 files changed, 20 insertions(+)
13
14diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
15index 5a87252..d23d2ec 100644
16--- a/tools/scmp_arch_detect.c
17+++ b/tools/scmp_arch_detect.c
18@@ -99,6 +99,12 @@ int main(int argc, char *argv[])
19 case SCMP_ARCH_MIPSEL64N32:
20 printf("mipsel64n32\n");
21 break;
22+ case SCMP_ARCH_PPC64:
23+ printf("ppc64\n");
24+ break;
25+ case SCMP_ARCH_PPC64LE:
26+ printf("ppc64le\n");
27+ break;
28 default:
29 printf("unknown\n");
30 }
31diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
32index 349b8a8..9199e17 100644
33--- a/tools/scmp_bpf_disasm.c
34+++ b/tools/scmp_bpf_disasm.c
35@@ -334,6 +334,10 @@ int main(int argc, char *argv[])
36 arch = AUDIT_ARCH_MIPS64N32;
37 else if (strcmp(optarg, "mipsel64n32") == 0)
38 arch = AUDIT_ARCH_MIPSEL64N32;
39+ else if (strcmp(optarg, "ppc64") == 0)
40+ arch = AUDIT_ARCH_PPC64;
41+ else if (strcmp(optarg, "ppc64le") == 0)
42+ arch = AUDIT_ARCH_PPC64LE;
43 else
44 exit_usage(argv[0]);
45 break;
46diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
47index bb3a2e7..d3e439f 100644
48--- a/tools/scmp_bpf_sim.c
49+++ b/tools/scmp_bpf_sim.c
50@@ -249,6 +249,10 @@ int main(int argc, char *argv[])
51 arch = AUDIT_ARCH_MIPS64N32;
52 else if (strcmp(optarg, "mipsel64n32") == 0)
53 arch = AUDIT_ARCH_MIPSEL64N32;
54+ else if (strcmp(optarg, "ppc64") == 0)
55+ arch = AUDIT_ARCH_PPC64;
56+ else if (strcmp(optarg, "ppc64le") == 0)
57+ arch = AUDIT_ARCH_PPC64LE;
58 else
59 exit_fault(EINVAL);
60 break;
61diff --git a/tools/util.c b/tools/util.c
62index 9b58bbb..f998009 100644
63--- a/tools/util.c
64+++ b/tools/util.c
65@@ -62,6 +62,12 @@
66 #elif __MIPSEL__
67 #define ARCH_NATIVE AUDIT_ARCH_MIPSEL64N32
68 #endif /* _MIPS_SIM_NABI32 */
69+#elif __PPC64__
70+#ifdef __BIG_ENDIAN__
71+#define ARCH_NATIVE AUDIT_ARCH_PPC64
72+#else
73+#define ARCH_NATIVE AUDIT_ARCH_PPC64LE
74+#endif
75 #else
76 #error the simulator code needs to know about your machine type
77 #endif
78--
792.3.5
80
diff --git a/recipes-security/libseccomp/files/0004-tests-add-ppc64-support-to-the-regression-tests.patch b/recipes-security/libseccomp/files/0004-tests-add-ppc64-support-to-the-regression-tests.patch
new file mode 100644
index 0000000..e1d4f41
--- /dev/null
+++ b/recipes-security/libseccomp/files/0004-tests-add-ppc64-support-to-the-regression-tests.patch
@@ -0,0 +1,118 @@
1From e7deb140a59c1ca3c4eed5967ba288464f077944 Mon Sep 17 00:00:00 2001
2From: Paul Moore <pmoore@redhat.com>
3Date: Fri, 26 Sep 2014 13:14:12 -0400
4Subject: [PATCH 04/11] tests: add ppc64 support to the regression tests
5
6Signed-off-by: Paul Moore <pmoore@redhat.com>
7---
8 tests/16-sim-arch_basic.c | 3 +++
9 tests/16-sim-arch_basic.py | 1 +
10 tests/23-sim-arch_all_le_basic.c | 3 +++
11 tests/23-sim-arch_all_le_basic.py | 1 +
12 tests/26-sim-arch_all_be_basic.c | 3 +++
13 tests/26-sim-arch_all_be_basic.py | 1 +
14 tests/regression | 10 ++++++++--
15 7 files changed, 20 insertions(+), 2 deletions(-)
16
17diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c
18index 9771913..09df44b 100644
19--- a/tests/16-sim-arch_basic.c
20+++ b/tests/16-sim-arch_basic.c
21@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
22 rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32);
23 if (rc != 0)
24 goto out;
25+ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
26+ if (rc != 0)
27+ goto out;
28
29 rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
30 SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
31diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py
32index 57a5ac3..d9e1939 100755
33--- a/tests/16-sim-arch_basic.py
34+++ b/tests/16-sim-arch_basic.py
35@@ -39,6 +39,7 @@ def test(args):
36 f.add_arch(Arch("mipsel"))
37 f.add_arch(Arch("mipsel64"))
38 f.add_arch(Arch("mipsel64n32"))
39+ f.add_arch(Arch("ppc64le"))
40 f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
41 f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
42 f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
43diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c
44index eeb8556..9f67ed6 100644
45--- a/tests/23-sim-arch_all_le_basic.c
46+++ b/tests/23-sim-arch_all_le_basic.c
47@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
48 rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32"));
49 if (rc != 0)
50 goto out;
51+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
52+ if (rc != 0)
53+ goto out;
54
55 rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
56 SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
57diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py
58index 36ab139..212ff50 100755
59--- a/tests/23-sim-arch_all_le_basic.py
60+++ b/tests/23-sim-arch_all_le_basic.py
61@@ -39,6 +39,7 @@ def test(args):
62 f.add_arch(Arch("mipsel"))
63 f.add_arch(Arch("mipsel64"))
64 f.add_arch(Arch("mipsel64n32"))
65+ f.add_arch(Arch("ppc64le"))
66 f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
67 f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
68 f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
69diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c
70index a951b3c..1a44525 100644
71--- a/tests/26-sim-arch_all_be_basic.c
72+++ b/tests/26-sim-arch_all_be_basic.c
73@@ -52,6 +52,9 @@ int main(int argc, char *argv[])
74 rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
75 if (rc != 0)
76 goto out;
77+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
78+ if (rc != 0)
79+ goto out;
80
81 rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
82 SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
83diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py
84index 1347406..cba2dea 100755
85--- a/tests/26-sim-arch_all_be_basic.py
86+++ b/tests/26-sim-arch_all_be_basic.py
87@@ -33,6 +33,7 @@ def test(args):
88 f.add_arch(Arch("mips"))
89 f.add_arch(Arch("mips64"))
90 f.add_arch(Arch("mips64n32"))
91+ f.add_arch(Arch("ppc64"))
92 f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
93 f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
94 f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
95diff --git a/tests/regression b/tests/regression
96index 428bdf2..3ab6171 100755
97--- a/tests/regression
98+++ b/tests/regression
99@@ -21,8 +21,14 @@
100 # along with this library; if not, see <http://www.gnu.org/licenses>.
101 #
102
103-GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32"
104-GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32"
105+GLBL_ARCH_LE_SUPPORT=" \
106+ x86 x86_64 x32 \
107+ arm aarch64 \
108+ mipsel mipsel64 mipsel64n32 \
109+ ppc64le"
110+GLBL_ARCH_BE_SUPPORT=" \
111+ mips mips64 mips64n32 \
112+ ppc64"
113
114 GLBL_SYS_ARCH="../tools/scmp_arch_detect"
115 GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
116--
1172.3.5
118
diff --git a/recipes-security/libseccomp/files/0005-tests-add-ppc64-support-to-the-regression-live-tests.patch b/recipes-security/libseccomp/files/0005-tests-add-ppc64-support-to-the-regression-live-tests.patch
new file mode 100644
index 0000000..915e000
--- /dev/null
+++ b/recipes-security/libseccomp/files/0005-tests-add-ppc64-support-to-the-regression-live-tests.patch
@@ -0,0 +1,34 @@
1From eb47c3f501ebbf9e3b218bb2432d5bdadc04dce1 Mon Sep 17 00:00:00 2001
2From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
3Date: Tue, 10 Feb 2015 11:08:12 +0000
4Subject: [PATCH 05/11] tests: add ppc64 support to the regression live tests
5
6Otherwise The live tests will fail with
7
8"ERROR arch ppc64 not supported"
9
10Send against the working-ppc64 branch.
11
12Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
13[PM: added ppc64le]
14Signed-off-by: Paul Moore <pmoore@redhat.com>
15---
16 tests/regression | 2 +-
17 1 file changed, 1 insertion(+), 1 deletion(-)
18
19diff --git a/tests/regression b/tests/regression
20index 3ab6171..eeb6cfb 100755
21--- a/tests/regression
22+++ b/tests/regression
23@@ -673,7 +673,7 @@ function run_test_live() {
24
25 # setup the arch specific return values
26 case "$arch" in
27- x86|x86_64|x32|arm|aarch64)
28+ x86|x86_64|x32|arm|aarch64|ppc64|ppc64le)
29 rc_kill=159
30 rc_allow=160
31 rc_trap=161
32--
332.3.5
34
diff --git a/recipes-security/libseccomp/files/0006-ppc64-correct-the-ppc64-syscall-table-and-validation.patch b/recipes-security/libseccomp/files/0006-ppc64-correct-the-ppc64-syscall-table-and-validation.patch
new file mode 100644
index 0000000..d1903ff
--- /dev/null
+++ b/recipes-security/libseccomp/files/0006-ppc64-correct-the-ppc64-syscall-table-and-validation.patch
@@ -0,0 +1,148 @@
1From 75d3aa041dc3c8214610e44d317703c055e5e055 Mon Sep 17 00:00:00 2001
2From: Paul Moore <pmoore@redhat.com>
3Date: Tue, 10 Feb 2015 14:22:07 -0500
4Subject: [PATCH 06/11] ppc64: correct the ppc64 syscall table and validation
5 script
6
7We didn't correctly take into account the __powerpc64__ define when
8generating the ppc64 syscall table. This patch also updates the
9syscall table to match Linux v3.19.
10
11Signed-off-by: Paul Moore <pmoore@redhat.com>
12---
13 src/arch-ppc64-syscalls.c | 26 ++++++++++++++------------
14 src/arch-syscall-validate | 2 +-
15 2 files changed, 15 insertions(+), 13 deletions(-)
16
17diff --git a/src/arch-ppc64-syscalls.c b/src/arch-ppc64-syscalls.c
18index 5dfb367..1c2a1df 100644
19--- a/src/arch-ppc64-syscalls.c
20+++ b/src/arch-ppc64-syscalls.c
21@@ -27,7 +27,7 @@
22 #include "arch.h"
23 #include "arch-ppc64.h"
24
25-/* NOTE: based on Linux 3.17-rc6+ */
26+/* NOTE: based on Linux 3.19 */
27 const struct arch_syscall_def ppc64_syscall_table[] = { \
28 { "_llseek", 140 },
29 { "_newselect", 142 },
30@@ -45,6 +45,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
31 { "arch_prctl", __PNR_arch_prctl },
32 { "bdflush", 134 },
33 { "bind", 327 },
34+ { "bpf", 361 },
35 { "break", 17 },
36 { "brk", 45 },
37 { "cachectl", __PNR_cachectl },
38@@ -80,11 +81,12 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
39 { "eventfd", 307 },
40 { "eventfd2", 314 },
41 { "execve", 11 },
42+ { "execveat", 362 },
43 { "exit", 1 },
44 { "exit_group", 234 },
45 { "faccessat", 298 },
46 { "fadvise64", 233 },
47- { "fadvise64_64", 254 },
48+ { "fadvise64_64", __PNR_fadvise64_64 },
49 { "fallocate", 309 },
50 { "fanotify_init", 323 },
51 { "fanotify_mark", 324 },
52@@ -95,7 +97,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
53 { "fchown32", __PNR_fchown32 },
54 { "fchownat", 289 },
55 { "fcntl", 55 },
56- { "fcntl64", 204 },
57+ { "fcntl64", __PNR_fcntl64 },
58 { "fdatasync", 148 },
59 { "fgetxattr", 214 },
60 { "finit_module", 353 },
61@@ -105,14 +107,14 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
62 { "fremovexattr", 220 },
63 { "fsetxattr", 211 },
64 { "fstat", 108 },
65- { "fstat64", 197 },
66- { "fstatat64", 291 },
67+ { "fstat64", __PNR_fstat64 },
68+ { "fstatat64", __PNR_fstatat64 },
69 { "fstatfs", 100 },
70 { "fstatfs64", 253 },
71 { "fsync", 118 },
72 { "ftime", 35 },
73 { "ftruncate", 93 },
74- { "ftruncate64", 194 },
75+ { "ftruncate64", __PNR_ftruncate64 },
76 { "futex", 221 },
77 { "futimesat", 290 },
78 { "get_kernel_syms", 130 },
79@@ -191,7 +193,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
80 { "lseek", 19 },
81 { "lsetxattr", 210 },
82 { "lstat", 107 },
83- { "lstat64", 196 },
84+ { "lstat64", __PNR_lstat64 },
85 { "madvise", 205 },
86 { "mbind", 259 },
87 { "memfd_create", 360 },
88@@ -204,7 +206,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
89 { "mlock", 150 },
90 { "mlockall", 152 },
91 { "mmap", 90 },
92- { "mmap2", 192 },
93+ { "mmap2", __PNR_mmap2 },
94 { "modify_ldt", 123 },
95 { "mount", 21 },
96 { "move_pages", 301 },
97@@ -228,7 +230,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
98 { "munmap", 91 },
99 { "name_to_handle_at", 345 },
100 { "nanosleep", 162 },
101- { "newfstatat", __PNR_newfstatat },
102+ { "newfstatat", 291 },
103 { "nfsservctl", 168 },
104 { "nice", 34 },
105 { "oldfstat", 28 },
106@@ -315,7 +317,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
107 { "semtimedop", __PNR_semtimedop },
108 { "send", 334 },
109 { "sendfile", 186 },
110- { "sendfile64", 226 },
111+ { "sendfile64", __PNR_sendfile64 },
112 { "sendmmsg", 349 },
113 { "sendmsg", 341 },
114 { "sendto", 335 },
115@@ -375,7 +377,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
116 { "spu_run", 278 },
117 { "ssetmask", 69 },
118 { "stat", 106 },
119- { "stat64", 195 },
120+ { "stat64", __PNR_stat64 },
121 { "statfs", 99 },
122 { "statfs64", 252 },
123 { "stime", 25 },
124@@ -411,7 +413,7 @@ const struct arch_syscall_def ppc64_syscall_table[] = { \
125 { "times", 43 },
126 { "tkill", 208 },
127 { "truncate", 92 },
128- { "truncate64", 193 },
129+ { "truncate64", __PNR_truncate64 },
130 { "tuxcall", 225 },
131 { "ugetrlimit", 190 },
132 { "ulimit", 58 },
133diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
134index eeb4d8b..e28b206 100755
135--- a/src/arch-syscall-validate
136+++ b/src/arch-syscall-validate
137@@ -311,7 +311,7 @@ function dump_lib_mips64n32() {
138 # Dump the architecture's syscall table to stdout.
139 #
140 function dump_sys_ppc64() {
141- gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \
142+ gcc -E -dM -D__powerpc64__ $1/arch/powerpc/include/uapi/asm/unistd.h | \
143 grep "^#define __NR_" | sort | \
144 sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/'
145 }
146--
1472.3.5
148
diff --git a/recipes-security/libseccomp/files/0007-tests-minor-fix-in-arch-syscall-check.patch b/recipes-security/libseccomp/files/0007-tests-minor-fix-in-arch-syscall-check.patch
new file mode 100644
index 0000000..060f8f7
--- /dev/null
+++ b/recipes-security/libseccomp/files/0007-tests-minor-fix-in-arch-syscall-check.patch
@@ -0,0 +1,29 @@
1From 894784b321e088b5a10c2fdd442e7b326daedb7f Mon Sep 17 00:00:00 2001
2From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
3Date: Wed, 11 Feb 2015 10:45:41 +0000
4Subject: [PATCH 07/11] tests: minor fix in arch-syscall-check
5
6Sent against working-ppc64.
7
8Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
9Signed-off-by: Paul Moore <pmoore@redhat.com>
10---
11 src/arch-syscall-check.c | 2 +-
12 1 file changed, 1 insertion(+), 1 deletion(-)
13
14diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c
15index dadab0d..a091a6d 100644
16--- a/src/arch-syscall-check.c
17+++ b/src/arch-syscall-check.c
18@@ -96,7 +96,7 @@ int main(int argc, char *argv[])
19 syscall_check(str_miss, sys_name, "mips64n32",
20 mips64n32_syscall_iterate_name(i_mips64n32));
21 syscall_check(str_miss, sys_name, "ppc64",
22- ppc64_syscall_iterate_name(i_mips64n32));
23+ ppc64_syscall_iterate_name(i_ppc64));
24
25 /* output the results */
26 printf("%s: ", sys_name);
27--
282.3.5
29
diff --git a/recipes-security/libseccomp/files/0008-arch-add-a-ppc-syscall-table.patch b/recipes-security/libseccomp/files/0008-arch-add-a-ppc-syscall-table.patch
new file mode 100644
index 0000000..30fa449
--- /dev/null
+++ b/recipes-security/libseccomp/files/0008-arch-add-a-ppc-syscall-table.patch
@@ -0,0 +1,782 @@
1From 25fc85ba58eba3980649e5bded51816a98cbefc0 Mon Sep 17 00:00:00 2001
2From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
3Date: Wed, 11 Feb 2015 13:23:25 +0000
4Subject: [PATCH 08/11] arch: add a ppc syscall table
5
6Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
7[PM: slight reordering of ppc/ppc64 in header files and makefiles]
8Signed-off-by: Paul Moore <pmoore@redhat.com>
9---
10 include/seccomp.h.in | 1 +
11 src/Makefile.am | 1 +
12 src/arch-ppc-syscalls.c | 504 ++++++++++++++++++++++++++++++++++++++++++++++
13 src/arch-ppc.c | 33 +++
14 src/arch-ppc.h | 38 ++++
15 src/arch-syscall-check.c | 13 +-
16 src/arch-syscall-dump.c | 4 +
17 src/arch-syscall-validate | 31 ++-
18 8 files changed, 623 insertions(+), 2 deletions(-)
19 create mode 100644 src/arch-ppc-syscalls.c
20 create mode 100644 src/arch-ppc.c
21 create mode 100644 src/arch-ppc.h
22
23diff --git a/include/seccomp.h.in b/include/seccomp.h.in
24index 42f3f1a..3af4c2b 100644
25--- a/include/seccomp.h.in
26+++ b/include/seccomp.h.in
27@@ -153,6 +153,7 @@ struct scmp_arg_cmp {
28 /**
29 * The PowerPC architecture tokens
30 */
31+#define SCMP_ARCH_PPC AUDIT_ARCH_PPC
32 #define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
33 #ifndef AUDIT_ARCH_PPC64LE
34 #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
35diff --git a/src/Makefile.am b/src/Makefile.am
36index 038b2ef..54f8478 100644
37--- a/src/Makefile.am
38+++ b/src/Makefile.am
39@@ -31,6 +31,7 @@ SOURCES_ARCH = \
40 arch-mips.h arch-mips.c arch-mips-syscalls.c \
41 arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \
42 arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \
43+ arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
44 arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c
45
46 SOURCES_GEN = \
47diff --git a/src/arch-ppc-syscalls.c b/src/arch-ppc-syscalls.c
48new file mode 100644
49index 0000000..32fc05a
50--- /dev/null
51+++ b/src/arch-ppc-syscalls.c
52@@ -0,0 +1,504 @@
53+/**
54+ * Enhanced Seccomp PPC Specific Code
55+ *
56+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
57+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
58+ *
59+ */
60+
61+/*
62+ * This library is free software; you can redistribute it and/or modify it
63+ * under the terms of version 2.1 of the GNU Lesser General Public License as
64+ * published by the Free Software Foundation.
65+ *
66+ * This library is distributed in the hope that it will be useful, but WITHOUT
67+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
69+ * for more details.
70+ *
71+ * You should have received a copy of the GNU Lesser General Public License
72+ * along with this library; if not, see <http://www.gnu.org/licenses>.
73+ */
74+
75+#include <string.h>
76+
77+#include <seccomp.h>
78+
79+#include "arch.h"
80+#include "arch-ppc.h"
81+
82+/* NOTE: based on Linux 3.19 */
83+const struct arch_syscall_def ppc_syscall_table[] = { \
84+ { "_llseek", 140 },
85+ { "_newselect", 142 },
86+ { "_sysctl", 149 },
87+ { "accept", 330 },
88+ { "accept4", 344 },
89+ { "access", 33 },
90+ { "acct", 51 },
91+ { "add_key", 269 },
92+ { "adjtimex", 124 },
93+ { "afs_syscall", 137 },
94+ { "alarm", 27 },
95+ { "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
96+ { "arm_sync_file_range", __PNR_arm_sync_file_range },
97+ { "arch_prctl", __PNR_arch_prctl },
98+ { "bdflush", 134 },
99+ { "bind", 327 },
100+ { "bpf", 361 },
101+ { "break", 17 },
102+ { "brk", 45 },
103+ { "cachectl", __PNR_cachectl },
104+ { "cacheflush", __PNR_cacheflush },
105+ { "capget", 183 },
106+ { "capset", 184 },
107+ { "chdir", 12 },
108+ { "chmod", 15 },
109+ { "chown", 181 },
110+ { "chown32", __PNR_chown32 },
111+ { "chroot", 61 },
112+ { "clock_adjtime", 347 },
113+ { "clock_getres", 247 },
114+ { "clock_gettime", 246 },
115+ { "clock_nanosleep", 248 },
116+ { "clock_settime", 245 },
117+ { "clone", 120 },
118+ { "close", 6 },
119+ { "connect", 328 },
120+ { "creat", 8 },
121+ { "create_module", 127 },
122+ { "delete_module", 129 },
123+ { "dup", 41 },
124+ { "dup2", 63 },
125+ { "dup3", 316 },
126+ { "epoll_create", 236 },
127+ { "epoll_create1", 315 },
128+ { "epoll_ctl", 237 },
129+ { "epoll_ctl_old", __PNR_epoll_ctl_old },
130+ { "epoll_pwait", 303 },
131+ { "epoll_wait", 238 },
132+ { "epoll_wait_old", __PNR_epoll_wait_old },
133+ { "eventfd", 307 },
134+ { "eventfd2", 314 },
135+ { "execve", 11 },
136+ { "execveat", 362 },
137+ { "exit", 1 },
138+ { "exit_group", 234 },
139+ { "faccessat", 298 },
140+ { "fadvise64", 233 },
141+ { "fadvise64_64", 254 },
142+ { "fallocate", 309 },
143+ { "fanotify_init", 323 },
144+ { "fanotify_mark", 324 },
145+ { "fchdir", 133 },
146+ { "fchmod", 94 },
147+ { "fchmodat", 297 },
148+ { "fchown", 95 },
149+ { "fchown32", __PNR_fchown32 },
150+ { "fchownat", 289 },
151+ { "fcntl", 55 },
152+ { "fcntl64", 204 },
153+ { "fdatasync", 148 },
154+ { "fgetxattr", 214 },
155+ { "finit_module", 353 },
156+ { "flistxattr", 217 },
157+ { "flock", 143 },
158+ { "fork", 2 },
159+ { "fremovexattr", 220 },
160+ { "fsetxattr", 211 },
161+ { "fstat", 108 },
162+ { "fstat64", 197 },
163+ { "fstatat64", 291 },
164+ { "fstatfs", 100 },
165+ { "fstatfs64", 253 },
166+ { "fsync", 118 },
167+ { "ftime", 35 },
168+ { "ftruncate", 93 },
169+ { "ftruncate64", 194 },
170+ { "futex", 221 },
171+ { "futimesat", 290 },
172+ { "get_kernel_syms", 130 },
173+ { "get_mempolicy", 260 },
174+ { "get_robust_list", 299 },
175+ { "get_thread_area", __PNR_get_thread_area },
176+ { "getcpu", 302 },
177+ { "getcwd", 182 },
178+ { "getdents", 141 },
179+ { "getdents64", 202 },
180+ { "getegid", 50 },
181+ { "getegid32", __PNR_getegid32 },
182+ { "geteuid", 49 },
183+ { "geteuid32", __PNR_geteuid32 },
184+ { "getgid", 47 },
185+ { "getgid32", __PNR_getgid32 },
186+ { "getgroups", 80 },
187+ { "getgroups32", __PNR_getgroups32 },
188+ { "getitimer", 105 },
189+ { "getpeername", 332 },
190+ { "getpgid", 132 },
191+ { "getpgrp", 65 },
192+ { "getpid", 20 },
193+ { "getpmsg", 187 },
194+ { "getppid", 64 },
195+ { "getpriority", 96 },
196+ { "getrandom", 359 },
197+ { "getresgid", 170 },
198+ { "getresgid32", __PNR_getresgid32 },
199+ { "getresuid", 165 },
200+ { "getresuid32", __PNR_getresuid32 },
201+ { "getrlimit", 76 },
202+ { "getrusage", 77 },
203+ { "getsid", 147 },
204+ { "getsockname", 331 },
205+ { "getsockopt", 340 },
206+ { "gettid", 207 },
207+ { "gettimeofday", 78 },
208+ { "getuid", 24 },
209+ { "getuid32", __PNR_getuid32 },
210+ { "getxattr", 212 },
211+ { "gtty", 32 },
212+ { "idle", 112 },
213+ { "init_module", 128 },
214+ { "inotify_add_watch", 276 },
215+ { "inotify_init", 275 },
216+ { "inotify_init1", 318 },
217+ { "inotify_rm_watch", 277 },
218+ { "io_cancel", 231 },
219+ { "io_destroy", 228 },
220+ { "io_getevents", 229 },
221+ { "io_setup", 227 },
222+ { "io_submit", 230 },
223+ { "ioctl", 54 },
224+ { "ioperm", 101 },
225+ { "iopl", 110 },
226+ { "ioprio_get", 274 },
227+ { "ioprio_set", 273 },
228+ { "ipc", 117 },
229+ { "kcmp", 354 },
230+ { "kexec_file_load", __PNR_kexec_file_load },
231+ { "kexec_load", 268 },
232+ { "keyctl", 271 },
233+ { "kill", 37 },
234+ { "lchown", 16 },
235+ { "lchown32", __PNR_lchown32 },
236+ { "lgetxattr", 213 },
237+ { "link", 9 },
238+ { "linkat", 294 },
239+ { "listen", 329 },
240+ { "listxattr", 215 },
241+ { "llistxattr", 216 },
242+ { "lock", 53 },
243+ { "lookup_dcookie", 235 },
244+ { "lremovexattr", 219 },
245+ { "lseek", 19 },
246+ { "lsetxattr", 210 },
247+ { "lstat", 107 },
248+ { "lstat64", 196 },
249+ { "madvise", 205 },
250+ { "mbind", 259 },
251+ { "memfd_create", 360 },
252+ { "migrate_pages", 258 },
253+ { "mincore", 206 },
254+ { "mkdir", 39 },
255+ { "mkdirat", 287 },
256+ { "mknod", 14 },
257+ { "mknodat", 288 },
258+ { "mlock", 150 },
259+ { "mlockall", 152 },
260+ { "mmap", 90 },
261+ { "mmap2", 192 },
262+ { "modify_ldt", 123 },
263+ { "mount", 21 },
264+ { "move_pages", 301 },
265+ { "mprotect", 125 },
266+ { "mpx", 56 },
267+ { "mq_getsetattr", 267 },
268+ { "mq_notify", 266 },
269+ { "mq_open", 262 },
270+ { "mq_timedreceive", 265 },
271+ { "mq_timedsend", 264 },
272+ { "mq_unlink", 263 },
273+ { "mremap", 163 },
274+ { "msgctl", __PNR_msgctl },
275+ { "msgget", __PNR_msgget },
276+ { "msgrcv", __PNR_msgrcv },
277+ { "msgsnd", __PNR_msgsnd },
278+ { "msync", 144 },
279+ { "multiplexer", 201 },
280+ { "munlock", 151 },
281+ { "munlockall", 153 },
282+ { "munmap", 91 },
283+ { "name_to_handle_at", 345 },
284+ { "nanosleep", 162 },
285+ { "newfstatat", __PNR_newfstatat },
286+ { "nfsservctl", 168 },
287+ { "nice", 34 },
288+ { "oldfstat", 28 },
289+ { "oldlstat", 84 },
290+ { "oldolduname", 59 },
291+ { "oldstat", 18 },
292+ { "olduname", 109 },
293+ { "oldwait4", __PNR_oldwait4 },
294+ { "open", 5 },
295+ { "open_by_handle_at", 346 },
296+ { "openat", 286 },
297+ { "pause", 29 },
298+ { "pciconfig_iobase", 200 },
299+ { "pciconfig_read", 198 },
300+ { "pciconfig_write", 199 },
301+ { "perf_event_open", 319 },
302+ { "personality", 136 },
303+ { "pipe", 42 },
304+ { "pipe2", 317 },
305+ { "pivot_root", 203 },
306+ { "poll", 167 },
307+ { "ppoll", 281 },
308+ { "prctl", 171 },
309+ { "pread64", 179 },
310+ { "preadv", 320 },
311+ { "prlimit64", 325 },
312+ { "process_vm_readv", 351 },
313+ { "process_vm_writev", 352 },
314+ { "prof", 44 },
315+ { "profil", 98 },
316+ { "pselect6", 280 },
317+ { "ptrace", 26 },
318+ { "putpmsg", 188 },
319+ { "pwrite64", 180 },
320+ { "pwritev", 321 },
321+ { "query_module", 166 },
322+ { "quotactl", 131 },
323+ { "read", 3 },
324+ { "readahead", 191 },
325+ { "readdir", 89 },
326+ { "readlink", 85 },
327+ { "readlinkat", 296 },
328+ { "readv", 145 },
329+ { "reboot", 88 },
330+ { "recv", 336 },
331+ { "recvfrom", 337 },
332+ { "recvmmsg", 343 },
333+ { "recvmsg", 342 },
334+ { "remap_file_pages", 239 },
335+ { "removexattr", 218 },
336+ { "rename", 38 },
337+ { "renameat", 293 },
338+ { "renameat2", 357 },
339+ { "request_key", 270 },
340+ { "restart_syscall", 0 },
341+ { "rmdir", 40 },
342+ { "rt_sigaction", 173 },
343+ { "rt_sigpending", 175 },
344+ { "rt_sigprocmask", 174 },
345+ { "rt_sigqueueinfo", 177 },
346+ { "rt_sigreturn", 172 },
347+ { "rt_sigsuspend", 178 },
348+ { "rt_sigtimedwait", 176 },
349+ { "rt_tgsigqueueinfo", 322 },
350+ { "rtas", 255 },
351+ { "sched_get_priority_max", 159 },
352+ { "sched_get_priority_min", 160 },
353+ { "sched_getaffinity", 223 },
354+ { "sched_getattr", 356 },
355+ { "sched_getparam", 155 },
356+ { "sched_getscheduler", 157 },
357+ { "sched_rr_get_interval", 161 },
358+ { "sched_setaffinity", 222 },
359+ { "sched_setattr", 355 },
360+ { "sched_setparam", 154 },
361+ { "sched_setscheduler", 156 },
362+ { "sched_yield", 158 },
363+ { "seccomp", 358 },
364+ { "security", __PNR_security },
365+ { "select", 82 },
366+ { "semctl", __PNR_semctl },
367+ { "semget", __PNR_semget },
368+ { "semop", __PNR_semop },
369+ { "semtimedop", __PNR_semtimedop },
370+ { "send", 334 },
371+ { "sendfile", 186 },
372+ { "sendfile64", 226 },
373+ { "sendmmsg", 349 },
374+ { "sendmsg", 341 },
375+ { "sendto", 335 },
376+ { "set_mempolicy", 261 },
377+ { "set_robust_list", 300 },
378+ { "set_thread_area", __PNR_set_thread_area },
379+ { "set_tid_address", 232 },
380+ { "setdomainname", 121 },
381+ { "setfsgid", 139 },
382+ { "setfsgid32", __PNR_setfsgid32 },
383+ { "setfsuid", 138 },
384+ { "setfsuid32", __PNR_setfsuid32 },
385+ { "setgid", 46 },
386+ { "setgid32", __PNR_setgid32 },
387+ { "setgroups", 81 },
388+ { "setgroups32", __PNR_setgroups32 },
389+ { "sethostname", 74 },
390+ { "setitimer", 104 },
391+ { "setns", 350 },
392+ { "setpgid", 57 },
393+ { "setpriority", 97 },
394+ { "setregid", 71 },
395+ { "setregid32", __PNR_setregid32 },
396+ { "setresgid", 169 },
397+ { "setresgid32", __PNR_setresgid32 },
398+ { "setresuid", 164 },
399+ { "setresuid32", __PNR_setresuid32 },
400+ { "setreuid", 70 },
401+ { "setreuid32", __PNR_setreuid32 },
402+ { "setrlimit", 75 },
403+ { "setsid", 66 },
404+ { "setsockopt", 339 },
405+ { "settimeofday", 79 },
406+ { "setuid", 23 },
407+ { "setuid32", __PNR_setuid32 },
408+ { "setxattr", 209 },
409+ { "sgetmask", 68 },
410+ { "shmat", __PNR_shmat },
411+ { "shmctl", __PNR_shmctl },
412+ { "shmdt", __PNR_shmdt },
413+ { "shmget", __PNR_shmget },
414+ { "shutdown", 338 },
415+ { "sigaction", 67 },
416+ { "sigaltstack", 185 },
417+ { "signal", 48 },
418+ { "signalfd", 305 },
419+ { "signalfd4", 313 },
420+ { "sigpending", 73 },
421+ { "sigprocmask", 126 },
422+ { "sigreturn", 119 },
423+ { "sigsuspend", 72 },
424+ { "socket", 326 },
425+ { "socketcall", 102 },
426+ { "socketpair", 333 },
427+ { "splice", 283 },
428+ { "spu_create", 279 },
429+ { "spu_run", 278 },
430+ { "ssetmask", 69 },
431+ { "stat", 106 },
432+ { "stat64", 195 },
433+ { "statfs", 99 },
434+ { "statfs64", 252 },
435+ { "stime", 25 },
436+ { "stty", 31 },
437+ { "subpage_prot", 310 },
438+ { "swapcontext", 249 },
439+ { "swapoff", 115 },
440+ { "swapon", 87 },
441+ { "symlink", 83 },
442+ { "symlinkat", 295 },
443+ { "sync", 36 },
444+ { "sync_file_range", __PNR_sync_file_range },
445+ { "sync_file_range2", 308 },
446+ { "syncfs", 348 },
447+ { "syscall", __PNR_syscall },
448+ { "sys_debug_setcontext", 256 },
449+ { "sysfs", 135 },
450+ { "sysinfo", 116 },
451+ { "syslog", 103 },
452+ { "sysmips", __PNR_sysmips },
453+ { "tee", 284 },
454+ { "tgkill", 250 },
455+ { "time", 13 },
456+ { "timer_create", 240 },
457+ { "timer_delete", 244 },
458+ { "timer_getoverrun", 243 },
459+ { "timer_gettime", 242 },
460+ { "timer_settime", 241 },
461+ { "timerfd", __PNR_timerfd },
462+ { "timerfd_create", 306 },
463+ { "timerfd_gettime", 312 },
464+ { "timerfd_settime", 311 },
465+ { "times", 43 },
466+ { "tkill", 208 },
467+ { "truncate", 92 },
468+ { "truncate64", 193 },
469+ { "tuxcall", 225 },
470+ { "ugetrlimit", 190 },
471+ { "ulimit", 58 },
472+ { "umask", 60 },
473+ { "umount", 22 },
474+ { "umount2", 52 },
475+ { "uname", 122 },
476+ { "unlink", 10 },
477+ { "unlinkat", 292 },
478+ { "unshare", 282 },
479+ { "uselib", 86 },
480+ { "ustat", 62 },
481+ { "utime", 30 },
482+ { "utimensat", 304 },
483+ { "utimes", 251 },
484+ { "vfork", 189 },
485+ { "vhangup", 111 },
486+ { "vm86", 113 },
487+ { "vm86old", __PNR_vm86old },
488+ { "vmsplice", 285 },
489+ { "vserver", __PNR_vserver },
490+ { "wait4", 114 },
491+ { "waitid", 272 },
492+ { "waitpid", 7 },
493+ { "write", 4 },
494+ { "writev", 146 },
495+ { NULL, __NR_SCMP_ERROR },
496+};
497+
498+/**
499+ * Resolve a syscall name to a number
500+ * @param name the syscall name
501+ *
502+ * Resolve the given syscall name to the syscall number using the syscall table.
503+ * Returns the syscall number on success, including negative pseudo syscall
504+ * numbers; returns __NR_SCMP_ERROR on failure.
505+ *
506+ */
507+int ppc_syscall_resolve_name(const char *name)
508+{
509+ unsigned int iter;
510+ const struct arch_syscall_def *table = ppc_syscall_table;
511+
512+ /* XXX - plenty of room for future improvement here */
513+ for (iter = 0; table[iter].name != NULL; iter++) {
514+ if (strcmp(name, table[iter].name) == 0)
515+ return table[iter].num;
516+ }
517+
518+ return __NR_SCMP_ERROR;
519+}
520+
521+/**
522+ * Resolve a syscall number to a name
523+ * @param num the syscall number
524+ *
525+ * Resolve the given syscall number to the syscall name using the syscall table.
526+ * Returns a pointer to the syscall name string on success, including pseudo
527+ * syscall names; returns NULL on failure.
528+ *
529+ */
530+const char *ppc_syscall_resolve_num(int num)
531+{
532+ unsigned int iter;
533+ const struct arch_syscall_def *table = ppc_syscall_table;
534+
535+ /* XXX - plenty of room for future improvement here */
536+ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
537+ if (num == table[iter].num)
538+ return table[iter].name;
539+ }
540+
541+ return NULL;
542+}
543+
544+/**
545+ * Iterate through the syscall table and return the syscall name
546+ * @param spot the offset into the syscall table
547+ *
548+ * Return the syscall name at position @spot or NULL on failure. This function
549+ * should only ever be used internally by libseccomp.
550+ *
551+ */
552+const char *ppc_syscall_iterate_name(unsigned int spot)
553+{
554+ /* XXX - no safety checks here */
555+ return ppc_syscall_table[spot].name;
556+}
557diff --git a/src/arch-ppc.c b/src/arch-ppc.c
558new file mode 100644
559index 0000000..56dbdb4
560--- /dev/null
561+++ b/src/arch-ppc.c
562@@ -0,0 +1,33 @@
563+/**
564+ * Enhanced Seccomp PPC Specific Code
565+ *
566+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
567+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
568+ *
569+ */
570+
571+/*
572+ * This library is free software; you can redistribute it and/or modify it
573+ * under the terms of version 2.1 of the GNU Lesser General Public License as
574+ * published by the Free Software Foundation.
575+ *
576+ * This library is distributed in the hope that it will be useful, but WITHOUT
577+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
578+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
579+ * for more details.
580+ *
581+ * You should have received a copy of the GNU Lesser General Public License
582+ * along with this library; if not, see <http://www.gnu.org/licenses>.
583+ */
584+
585+#include <linux/audit.h>
586+
587+#include "arch.h"
588+#include "arch-ppc.h"
589+
590+const struct arch_def arch_def_ppc = {
591+ .token = SCMP_ARCH_PPC,
592+ .token_bpf = AUDIT_ARCH_PPC,
593+ .size = ARCH_SIZE_32,
594+ .endian = ARCH_ENDIAN_BIG,
595+};
596diff --git a/src/arch-ppc.h b/src/arch-ppc.h
597new file mode 100644
598index 0000000..627a168
599--- /dev/null
600+++ b/src/arch-ppc.h
601@@ -0,0 +1,38 @@
602+/**
603+ * Enhanced Seccomp PPC Specific Code
604+ *
605+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
606+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
607+ *
608+ */
609+
610+/*
611+ * This library is free software; you can redistribute it and/or modify it
612+ * under the terms of version 2.1 of the GNU Lesser General Public License as
613+ * published by the Free Software Foundation.
614+ *
615+ * This library is distributed in the hope that it will be useful, but WITHOUT
616+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
617+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
618+ * for more details.
619+ *
620+ * You should have received a copy of the GNU Lesser General Public License
621+ * along with this library; if not, see <http://www.gnu.org/licenses>.
622+ */
623+
624+#ifndef _ARCH_PPC_H
625+#define _ARCH_PPC_H
626+
627+#include <inttypes.h>
628+
629+#include "arch.h"
630+#include "system.h"
631+
632+extern const struct arch_def arch_def_ppc;
633+
634+int ppc_syscall_resolve_name(const char *name);
635+const char *ppc_syscall_resolve_num(int num);
636+
637+const char *ppc_syscall_iterate_name(unsigned int spot);
638+
639+#endif
640diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c
641index a091a6d..8682483 100644
642--- a/src/arch-syscall-check.c
643+++ b/src/arch-syscall-check.c
644@@ -34,6 +34,7 @@
645 #include "arch-mips64.h"
646 #include "arch-mips64n32.h"
647 #include "arch-ppc64.h"
648+#include "arch-ppc.h"
649
650 /**
651 * compare the syscall values
652@@ -69,6 +70,7 @@ int main(int argc, char *argv[])
653 int i_mips64 = 0;
654 int i_mips64n32 = 0;
655 int i_ppc64 = 0;
656+ int i_ppc = 0;
657 const char *sys_name;
658 char str_miss[256];
659
660@@ -97,6 +99,8 @@ int main(int argc, char *argv[])
661 mips64n32_syscall_iterate_name(i_mips64n32));
662 syscall_check(str_miss, sys_name, "ppc64",
663 ppc64_syscall_iterate_name(i_ppc64));
664+ syscall_check(str_miss, sys_name, "ppc",
665+ ppc_syscall_iterate_name(i_ppc));
666
667 /* output the results */
668 printf("%s: ", sys_name);
669@@ -125,10 +129,12 @@ int main(int argc, char *argv[])
670 i_mips64n32 = -1;
671 if (!ppc64_syscall_iterate_name(++i_ppc64))
672 i_ppc64 = -1;
673+ if (!ppc_syscall_iterate_name(++i_ppc))
674+ i_ppc = -1;
675 } while (i_x86_64 >= 0 && i_x32 >= 0 &&
676 i_arm >= 0 && i_aarch64 >= 0 &&
677 i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
678- i_ppc64 >= 0);
679+ i_ppc64 >= 0 && i_ppc >= 0);
680
681 /* check for any leftovers */
682 sys_name = x86_syscall_iterate_name(i_x86 + 1);
683@@ -176,6 +182,11 @@ int main(int argc, char *argv[])
684 ppc64_syscall_iterate_name(i_ppc64));
685 return 1;
686 }
687+ if (i_ppc >= 0) {
688+ printf("%s: ERROR, ppc has additional syscalls\n",
689+ ppc_syscall_iterate_name(i_ppc));
690+ return 1;
691+ }
692
693 /* if we made it here, all is good */
694 return 0;
695diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c
696index 985a250..62992e7 100644
697--- a/src/arch-syscall-dump.c
698+++ b/src/arch-syscall-dump.c
699@@ -39,6 +39,7 @@
700 #include "arch-mips64n32.h"
701 #include "arch-aarch64.h"
702 #include "arch-ppc64.h"
703+#include "arch-ppc.h"
704
705 /**
706 * Print the usage information to stderr and exit
707@@ -116,6 +117,9 @@ int main(int argc, char *argv[])
708 case SCMP_ARCH_PPC64:
709 sys_name = ppc64_syscall_iterate_name(iter);
710 break;
711+ case SCMP_ARCH_PPC:
712+ sys_name = ppc_syscall_iterate_name(iter);
713+ break;
714
715 default:
716 /* invalid arch */
717diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
718index e28b206..595dfef 100755
719--- a/src/arch-syscall-validate
720+++ b/src/arch-syscall-validate
721@@ -326,6 +326,29 @@ function dump_lib_ppc64() {
722 }
723
724 #
725+# Dump the ppc system syscall table
726+#
727+# Arguments:
728+# 1 path to the kernel source
729+#
730+# Dump the architecture's syscall table to stdout.
731+#
732+function dump_sys_ppc() {
733+ gcc -E -dM $1/arch/powerpc/include/uapi/asm/unistd.h | \
734+ grep "^#define __NR_" | sort | \
735+ sed -e 's/#define[ \t]\+__NR_\([a-z0-9_]\+\)[ \t]\+\([0-9]\+\)/\1\t\2/'
736+}
737+
738+#
739+# Dump the ppc library syscall table
740+#
741+# Dump the library's syscall table to stdout.
742+#
743+function dump_lib_ppc() {
744+ $LIB_SYS_DUMP -a ppc | sed -e '/[^\t]\+\t-[0-9]\+/d'
745+}
746+
747+#
748 # Dump the system syscall table
749 #
750 # Arguments:
751@@ -363,6 +386,9 @@ function dump_sys() {
752 ppc64)
753 dump_sys_ppc64 "$2"
754 ;;
755+ ppc)
756+ dump_sys_ppc "$2"
757+ ;;
758 *)
759 echo ""
760 ;;
761@@ -406,6 +432,9 @@ function dump_lib() {
762 ppc64)
763 dump_lib_ppc64 "$2"
764 ;;
765+ ppc)
766+ dump_lib_ppc "$2"
767+ ;;
768 *)
769 echo ""
770 ;;
771@@ -442,7 +471,7 @@ shift $(($OPTIND - 1))
772
773 # defaults
774 if [[ $arches == "" ]]; then
775- arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64"
776+ arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64 ppc"
777 fi
778
779 # sanity checks
780--
7812.3.5
782
diff --git a/recipes-security/libseccomp/files/0009-arch-add-basic-initial-ppc-support-to-the-arch-depen.patch b/recipes-security/libseccomp/files/0009-arch-add-basic-initial-ppc-support-to-the-arch-depen.patch
new file mode 100644
index 0000000..5e97ec5
--- /dev/null
+++ b/recipes-security/libseccomp/files/0009-arch-add-basic-initial-ppc-support-to-the-arch-depen.patch
@@ -0,0 +1,117 @@
1From c0fa35a2756a1fcedcf4d4a14688226d2a1cd86b Mon Sep 17 00:00:00 2001
2From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
3Date: Wed, 11 Feb 2015 13:23:26 +0000
4Subject: [PATCH 09/11] arch: add basic initial ppc support to the
5 arch-dependent code
6
7Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
8Signed-off-by: Paul Moore <pmoore@redhat.com>
9---
10 src/arch.c | 11 +++++++++++
11 src/python/libseccomp.pxd | 1 +
12 src/python/seccomp.pyx | 6 +++++-
13 3 files changed, 17 insertions(+), 1 deletion(-)
14
15diff --git a/src/arch.c b/src/arch.c
16index 64fc1d1..f73db6b 100644
17--- a/src/arch.c
18+++ b/src/arch.c
19@@ -39,6 +39,7 @@
20 #include "arch-mips64.h"
21 #include "arch-mips64n32.h"
22 #include "arch-ppc64.h"
23+#include "arch-ppc.h"
24 #include "system.h"
25
26 #define default_arg_count_max 6
27@@ -81,6 +82,8 @@ const struct arch_def *arch_def_native = &arch_def_ppc64;
28 #else
29 const struct arch_def *arch_def_native = &arch_def_ppc64le;
30 #endif
31+#elif __PPC__
32+const struct arch_def *arch_def_native = &arch_def_ppc;
33 #else
34 #error the arch code needs to know about your machine type
35 #endif /* machine type guess */
36@@ -133,6 +136,8 @@ const struct arch_def *arch_def_lookup(uint32_t token)
37 return &arch_def_ppc64;
38 case SCMP_ARCH_PPC64LE:
39 return &arch_def_ppc64le;
40+ case SCMP_ARCH_PPC:
41+ return &arch_def_ppc;
42 }
43
44 return NULL;
45@@ -173,6 +178,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
46 return &arch_def_ppc64;
47 else if (strcmp(arch_name, "ppc64le") == 0)
48 return &arch_def_ppc64le;
49+ else if (strcmp(arch_name, "ppc") == 0)
50+ return &arch_def_ppc;
51
52 return NULL;
53 }
54@@ -294,6 +301,8 @@ int arch_syscall_resolve_name(const struct arch_def *arch, const char *name)
55 case SCMP_ARCH_PPC64:
56 case SCMP_ARCH_PPC64LE:
57 return ppc64_syscall_resolve_name(name);
58+ case SCMP_ARCH_PPC:
59+ return ppc_syscall_resolve_name(name);
60 }
61
62 return __NR_SCMP_ERROR;
63@@ -334,6 +343,8 @@ const char *arch_syscall_resolve_num(const struct arch_def *arch, int num)
64 case SCMP_ARCH_PPC64:
65 case SCMP_ARCH_PPC64LE:
66 return ppc64_syscall_resolve_num(num);
67+ case SCMP_ARCH_PPC:
68+ return ppc_syscall_resolve_num(num);
69 }
70
71 return NULL;
72diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
73index a546550..e9c0f6a 100644
74--- a/src/python/libseccomp.pxd
75+++ b/src/python/libseccomp.pxd
76@@ -40,6 +40,7 @@ cdef extern from "seccomp.h":
77 SCMP_ARCH_MIPSEL64N32
78 SCMP_ARCH_PPC64
79 SCMP_ARCH_PPC64LE
80+ SCMP_ARCH_PPC
81
82 cdef enum scmp_filter_attr:
83 SCMP_FLTATR_ACT_DEFAULT
84diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
85index f30a0b6..2da8c66 100644
86--- a/src/python/seccomp.pyx
87+++ b/src/python/seccomp.pyx
88@@ -148,6 +148,7 @@ cdef class Arch:
89 MIPSEL64 - MIPS little endian 64-bit ABI
90 MIPSEL64N32 - MIPS little endian N32 ABI
91 PPC64 - 64-bit PowerPC
92+ PPC - 32-bit PowerPC
93 """
94
95 cdef int _token
96@@ -165,7 +166,8 @@ cdef class Arch:
97 MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64
98 MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32
99 PPC64 = libseccomp.SCMP_ARCH_PPC64
100- PPC64 = libseccomp.SCMP_ARCH_PPC64LE
101+ PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
102+ PPC = libseccomp.SCMP_ARCH_PPC
103
104 def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
105 """ Initialize the architecture object.
106@@ -205,6 +207,8 @@ cdef class Arch:
107 self._token = libseccomp.SCMP_ARCH_PPC64
108 elif arch == libseccomp.SCMP_ARCH_PPC64LE:
109 self._token = libseccomp.SCMP_ARCH_PPC64LE
110+ elif arch == libseccomp.SCMP_ARCH_PPC:
111+ self._token = libseccomp.SCMP_ARCH_PPC
112 else:
113 self._token = 0;
114 elif isinstance(arch, basestring):
115--
1162.3.5
117
diff --git a/recipes-security/libseccomp/files/0010-tools-add-ppc-support.patch b/recipes-security/libseccomp/files/0010-tools-add-ppc-support.patch
new file mode 100644
index 0000000..30d7681
--- /dev/null
+++ b/recipes-security/libseccomp/files/0010-tools-add-ppc-support.patch
@@ -0,0 +1,70 @@
1From b54dafd62376f9041b4d48e800f39c588554aabc Mon Sep 17 00:00:00 2001
2From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
3Date: Wed, 11 Feb 2015 13:23:27 +0000
4Subject: [PATCH 10/11] tools: add ppc support
5
6Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
7Signed-off-by: Paul Moore <pmoore@redhat.com>
8---
9 tools/scmp_arch_detect.c | 3 +++
10 tools/scmp_bpf_disasm.c | 2 ++
11 tools/scmp_bpf_sim.c | 2 ++
12 tools/util.c | 2 ++
13 4 files changed, 9 insertions(+)
14
15diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
16index d23d2ec..03644c6 100644
17--- a/tools/scmp_arch_detect.c
18+++ b/tools/scmp_arch_detect.c
19@@ -105,6 +105,9 @@ int main(int argc, char *argv[])
20 case SCMP_ARCH_PPC64LE:
21 printf("ppc64le\n");
22 break;
23+ case SCMP_ARCH_PPC:
24+ printf("ppc\n");
25+ break;
26 default:
27 printf("unknown\n");
28 }
29diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
30index 9199e17..d773469 100644
31--- a/tools/scmp_bpf_disasm.c
32+++ b/tools/scmp_bpf_disasm.c
33@@ -338,6 +338,8 @@ int main(int argc, char *argv[])
34 arch = AUDIT_ARCH_PPC64;
35 else if (strcmp(optarg, "ppc64le") == 0)
36 arch = AUDIT_ARCH_PPC64LE;
37+ else if (strcmp(optarg, "ppc") == 0)
38+ arch = AUDIT_ARCH_PPC;
39 else
40 exit_usage(argv[0]);
41 break;
42diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
43index d3e439f..a53b4fd 100644
44--- a/tools/scmp_bpf_sim.c
45+++ b/tools/scmp_bpf_sim.c
46@@ -253,6 +253,8 @@ int main(int argc, char *argv[])
47 arch = AUDIT_ARCH_PPC64;
48 else if (strcmp(optarg, "ppc64le") == 0)
49 arch = AUDIT_ARCH_PPC64LE;
50+ else if (strcmp(optarg, "ppc") == 0)
51+ arch = AUDIT_ARCH_PPC;
52 else
53 exit_fault(EINVAL);
54 break;
55diff --git a/tools/util.c b/tools/util.c
56index f998009..b45de3b 100644
57--- a/tools/util.c
58+++ b/tools/util.c
59@@ -68,6 +68,8 @@
60 #else
61 #define ARCH_NATIVE AUDIT_ARCH_PPC64LE
62 #endif
63+#elif __PPC__
64+#define ARCH_NATIVE AUDIT_ARCH_PPC
65 #else
66 #error the simulator code needs to know about your machine type
67 #endif
68--
692.3.5
70
diff --git a/recipes-security/libseccomp/files/0011-tests-add-ppc-support-to-the-regression-tests.patch b/recipes-security/libseccomp/files/0011-tests-add-ppc-support-to-the-regression-tests.patch
new file mode 100644
index 0000000..3d02c23
--- /dev/null
+++ b/recipes-security/libseccomp/files/0011-tests-add-ppc-support-to-the-regression-tests.patch
@@ -0,0 +1,64 @@
1From 1a68b28e8cc6680dc7a9aecd26e06112b4ff93bf Mon Sep 17 00:00:00 2001
2From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
3Date: Wed, 11 Feb 2015 13:23:28 +0000
4Subject: [PATCH 11/11] tests: add ppc support to the regression tests
5
6Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
7Signed-off-by: Paul Moore <pmoore@redhat.com>
8---
9 tests/26-sim-arch_all_be_basic.c | 3 +++
10 tests/26-sim-arch_all_be_basic.py | 1 +
11 tests/regression | 4 ++--
12 3 files changed, 6 insertions(+), 2 deletions(-)
13
14diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c
15index 1a44525..91fcbea 100644
16--- a/tests/26-sim-arch_all_be_basic.c
17+++ b/tests/26-sim-arch_all_be_basic.c
18@@ -55,6 +55,9 @@ int main(int argc, char *argv[])
19 rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64"));
20 if (rc != 0)
21 goto out;
22+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc"));
23+ if (rc != 0)
24+ goto out;
25
26 rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
27 SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
28diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py
29index cba2dea..1537013 100755
30--- a/tests/26-sim-arch_all_be_basic.py
31+++ b/tests/26-sim-arch_all_be_basic.py
32@@ -34,6 +34,7 @@ def test(args):
33 f.add_arch(Arch("mips64"))
34 f.add_arch(Arch("mips64n32"))
35 f.add_arch(Arch("ppc64"))
36+ f.add_arch(Arch("ppc"))
37 f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
38 f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
39 f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
40diff --git a/tests/regression b/tests/regression
41index eeb6cfb..9f0c17e 100755
42--- a/tests/regression
43+++ b/tests/regression
44@@ -28,7 +28,7 @@ GLBL_ARCH_LE_SUPPORT=" \
45 ppc64le"
46 GLBL_ARCH_BE_SUPPORT=" \
47 mips mips64 mips64n32 \
48- ppc64"
49+ ppc64 ppc"
50
51 GLBL_SYS_ARCH="../tools/scmp_arch_detect"
52 GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver"
53@@ -673,7 +673,7 @@ function run_test_live() {
54
55 # setup the arch specific return values
56 case "$arch" in
57- x86|x86_64|x32|arm|aarch64|ppc64|ppc64le)
58+ x86|x86_64|x32|arm|aarch64|ppc64|ppc64le|ppc)
59 rc_kill=159
60 rc_allow=160
61 rc_trap=161
62--
632.3.5
64
diff --git a/recipes-security/libseccomp/libseccomp_2.2.0.bb b/recipes-security/libseccomp/libseccomp_2.2.0.bb
index fb29e6c..02cfb39 100644
--- a/recipes-security/libseccomp/libseccomp_2.2.0.bb
+++ b/recipes-security/libseccomp/libseccomp_2.2.0.bb
@@ -8,7 +8,19 @@ SRCREV = "bd10aab13c7248cc0df57512617e33d6743d33a6"
8 8
9PV = "2.2.0+git${SRCPV}" 9PV = "2.2.0+git${SRCPV}"
10 10
11SRC_URI = "git://github.com/seccomp/libseccomp.git;protocol=http" 11SRC_URI = "git://github.com/seccomp/libseccomp.git;protocol=http \
12 file://0001-arch-add-a-ppc64-syscall-table.patch \
13 file://0002-arch-add-the-basic-initial-support-for-ppc64-to-the-.patch \
14 file://0003-tools-add-ppc64-support.patch \
15 file://0004-tests-add-ppc64-support-to-the-regression-tests.patch \
16 file://0005-tests-add-ppc64-support-to-the-regression-live-tests.patch \
17 file://0006-ppc64-correct-the-ppc64-syscall-table-and-validation.patch \
18 file://0007-tests-minor-fix-in-arch-syscall-check.patch \
19 file://0008-arch-add-a-ppc-syscall-table.patch \
20 file://0009-arch-add-basic-initial-ppc-support-to-the-arch-depen.patch \
21 file://0010-tools-add-ppc-support.patch \
22 file://0011-tests-add-ppc-support-to-the-regression-tests.patch \
23 "
12 24
13S = "${WORKDIR}/git" 25S = "${WORKDIR}/git"
14 26
@@ -17,7 +29,4 @@ inherit autotools-brokensep pkgconfig
17PACKAGECONFIG ??= "" 29PACKAGECONFIG ??= ""
18PACKAGECONFIG[python] = "--enable-python, --disable-python, python" 30PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
19 31
20# PowerPC is not supported in this version.
21COMPATIBLE_HOST = '(x86_64|i.86|arm|arm64|mips|mips64).*-linux'
22
23RDEPENDS_${PN} = "bash" 32RDEPENDS_${PN} = "bash"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-17 20:31:11 +0000