Discussion:
[libseccomp-discuss] [RFC PATCH] Reworked aarch64 support
Paul Moore
2014-08-22 05:32:46 UTC
Permalink
This is Marcin's latest patch, reworked a bit for correctness. I still
want to go back over this patch and check a few style/formatting items,
but at least on my x86_64 system it passes all of the regression tests.

Can you aarch64 guys give this a test and see if it works for you?

-Paul

---

Marcin Juszkiewicz (1):
arch: Add AArch64 support


include/seccomp.h.in | 21 +-
src/Makefile.am | 1
src/arch-aarch64-syscalls.c | 495 +++++++++++++++++++++++++++++++++++++
src/arch-aarch64.c | 34 +++
src/arch-aarch64.h | 42 +++
src/arch-arm-syscalls.c | 1
src/arch-mips-syscalls.c | 1
src/arch-mips64-syscalls.c | 1
src/arch-mips64n32-syscalls.c | 1
src/arch-syscall-check.c | 13 +
src/arch-syscall-dump.c | 4
src/arch-syscall-validate | 48 ++++
src/arch-x32-syscalls.c | 1
src/arch-x86-syscalls.c | 1
src/arch-x86_64-syscalls.c | 1
src/arch.c | 20 +
src/gen_pfc.c | 2
src/python/libseccomp.pxd | 1
src/python/seccomp.pyx | 4
tests/16-sim-arch_basic.c | 3
tests/16-sim-arch_basic.py | 1
tests/23-sim-arch_all_le_basic.c | 3
tests/23-sim-arch_all_le_basic.py | 1
tests/regression | 4
tools/scmp_arch_detect.c | 3
tools/scmp_bpf_disasm.c | 2
tools/scmp_bpf_sim.c | 7 +
tools/util.c | 2
tools/util.h | 6
29 files changed, 719 insertions(+), 5 deletions(-)
create mode 100644 src/arch-aarch64-syscalls.c
create mode 100644 src/arch-aarch64.c
create mode 100644 src/arch-aarch64.h
Paul Moore
2014-08-22 05:32:52 UTC
Permalink
This post might be inappropriate. Click to display it.
Marcin Juszkiewicz
2014-08-25 09:30:20 UTC
Permalink
Post by Paul Moore
This patch adds support for AArch64 (64-bit ARM) architecture.
(Additional fixes/corrections/etc.)
With this patch it works:

22:26 ***@pinkypie-rawhide:libseccomp$ git diff
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index d9fc6b4..5d68522 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -1248,7 +1248,12 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
#define __PNR_oldwait4 -10146
#ifndef __NR_oldwait4
#define __NR_oldwait4 __PNR_oldwait4
-#endif /* __NR_sysfs */
+#endif /* __NR_oldwait4 */
+
+#define __PNR_open -10146
+#ifndef __NR_open
+#define __NR_open __PNR_open
+#endif /* __NR_open */

#ifdef __cplusplus
}

Regression Test Summary
tests run: 8079
tests skipped: 138
tests passed: 8076
tests failed: 3
tests errored: 11

Log attached.

When test 04 is using openat() in c mode then it passes. Same with 15.

Will check more later during day.
Marcin Juszkiewicz
2014-08-25 12:09:28 UTC
Permalink
Post by Paul Moore
This patch adds support for AArch64 (64-bit ARM) architecture.
(Additional fixes/corrections/etc.)
#
+# Dump the aarch64 system syscall table
+#
+# 1 path to the kernel source
+#
+# Dump the architecture's syscall table to stdout.
+#
+function dump_sys_aarch64() {
+ gcc -E -dM -I$1/include/uapi -D__BITS_PER_LONG=64 -D__ARCH_WANT_SYSCALL_DEPRECATED -D__ARCH_WANT_SYSCALL_NO_AT -D__ARCH_WANT_SYSCALL_NO_FLAGS $1/include/uapi/asm-generic/unistd.h | \
+ grep "^#define __NR_" | sort | \
+ sed -e '/__NR_syscalls/d' | \
+ sed -e '/__NR_arch_specific_syscall/d' | \
+ sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+\(.*\)/\1\t\2/' | \
+ sed -e 's/__NR3264_statfs/43/' | \
+ sed -e 's/__NR3264_ftruncate/46/' | \
+ sed -e 's/__NR3264_truncate/45/' | \
+ sed -e 's/__NR3264_lseek/62/' | \
+ sed -e 's/__NR3264_sendfile/71/' | \
+ sed -e 's/__NR3264_fstatat/79/' | \
+ sed -e 's/__NR3264_fstatfs/44/' | \
+ sed -e 's/__NR3264_fcntl/25/' | \
+ sed -e 's/__NR3264_fadvise64/223/' | \
+ sed -e 's/__NR3264_mmap/222/' | \
+ sed -e 's/__NR3264_fstat/80/' | \
+ sed -e 's/__NR3264_lstat/1039/' | \
+ sed -e 's/__NR3264_stat/1038/'
+}
-D__ARCH_WANT_SYSCALL_DEPRECATED
-D__ARCH_WANT_SYSCALL_NO_AT
-D__ARCH_WANT_SYSCALL_NO_FLAGS

Those three flags are not defined on AArch64 so more system calls need
to be set to __PNR macros.
Paul Moore
2014-08-25 20:20:16 UTC
Permalink
Post by Paul Moore
Post by Paul Moore
This patch adds support for AArch64 (64-bit ARM) architecture.
(Additional fixes/corrections/etc.)
#
+# Dump the aarch64 system syscall table
+#
+# 1 path to the kernel source
+#
+# Dump the architecture's syscall table to stdout.
+#
+function dump_sys_aarch64() {
+ gcc -E -dM -I$1/include/uapi -D__BITS_PER_LONG=64
-D__ARCH_WANT_SYSCALL_DEPRECATED -D__ARCH_WANT_SYSCALL_NO_AT
-D__ARCH_WANT_SYSCALL_NO_FLAGS $1/include/uapi/asm-generic/unistd.h | \
+ grep "^#define __NR_" | sort | \
+ sed -e '/__NR_syscalls/d' | \
+ sed -e '/__NR_arch_specific_syscall/d' | \
+ sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+\(.*\)/\1\t\2/' | \
+ sed -e 's/__NR3264_statfs/43/' | \
+ sed -e 's/__NR3264_ftruncate/46/' | \
+ sed -e 's/__NR3264_truncate/45/' | \
+ sed -e 's/__NR3264_lseek/62/' | \
+ sed -e 's/__NR3264_sendfile/71/' | \
+ sed -e 's/__NR3264_fstatat/79/' | \
+ sed -e 's/__NR3264_fstatfs/44/' | \
+ sed -e 's/__NR3264_fcntl/25/' | \
+ sed -e 's/__NR3264_fadvise64/223/' | \
+ sed -e 's/__NR3264_mmap/222/' | \
+ sed -e 's/__NR3264_fstat/80/' | \
+ sed -e 's/__NR3264_lstat/1039/' | \
+ sed -e 's/__NR3264_stat/1038/'
+}
-D__ARCH_WANT_SYSCALL_DEPRECATED
-D__ARCH_WANT_SYSCALL_NO_AT
-D__ARCH_WANT_SYSCALL_NO_FLAGS
Those three flags are not defined on AArch64 so more system calls need
to be set to __PNR macros.
Okay, thanks for the heads-up. I'll rework the syscall table.
--
paul moore
security and virtualization @ redhat
AKASHI Takahiro
2014-08-25 07:17:07 UTC
Permalink
Paul,
Post by Paul Moore
This is Marcin's latest patch, reworked a bit for correctness. I still
want to go back over this patch and check a few style/formatting items,
but at least on my x86_64 system it passes all of the regression tests.
Can you aarch64 guys give this a test and see if it works for you?
First, please add AUDIT_ARCH_MIPSx64N32 in
seccomp.h.in
tools/scmp_bpf_disasm.c
tools/scmp_bpf_sim.c
and AUDIT_ARCH_AARCH64 in
seccomp.h.in
just in case that those definitions are missing.

Second, we are not able to compile tests/*.c, for example 04-sim-mutilevel_chains,
without some workaround of non-existent 'open' syscall.

-Takahiro AKASHI
Post by Paul Moore
-Paul
---
arch: Add AArch64 support
include/seccomp.h.in | 21 +-
src/Makefile.am | 1
src/arch-aarch64-syscalls.c | 495 +++++++++++++++++++++++++++++++++++++
src/arch-aarch64.c | 34 +++
src/arch-aarch64.h | 42 +++
src/arch-arm-syscalls.c | 1
src/arch-mips-syscalls.c | 1
src/arch-mips64-syscalls.c | 1
src/arch-mips64n32-syscalls.c | 1
src/arch-syscall-check.c | 13 +
src/arch-syscall-dump.c | 4
src/arch-syscall-validate | 48 ++++
src/arch-x32-syscalls.c | 1
src/arch-x86-syscalls.c | 1
src/arch-x86_64-syscalls.c | 1
src/arch.c | 20 +
src/gen_pfc.c | 2
src/python/libseccomp.pxd | 1
src/python/seccomp.pyx | 4
tests/16-sim-arch_basic.c | 3
tests/16-sim-arch_basic.py | 1
tests/23-sim-arch_all_le_basic.c | 3
tests/23-sim-arch_all_le_basic.py | 1
tests/regression | 4
tools/scmp_arch_detect.c | 3
tools/scmp_bpf_disasm.c | 2
tools/scmp_bpf_sim.c | 7 +
tools/util.c | 2
tools/util.h | 6
29 files changed, 719 insertions(+), 5 deletions(-)
create mode 100644 src/arch-aarch64-syscalls.c
create mode 100644 src/arch-aarch64.c
create mode 100644 src/arch-aarch64.h
Paul Moore
2014-08-25 20:21:30 UTC
Permalink
Post by AKASHI Takahiro
Paul,
Post by Paul Moore
This is Marcin's latest patch, reworked a bit for correctness. I still
want to go back over this patch and check a few style/formatting items,
but at least on my x86_64 system it passes all of the regression tests.
Can you aarch64 guys give this a test and see if it works for you?
First, please add AUDIT_ARCH_MIPSx64N32 in
seccomp.h.in
Done.
Post by AKASHI Takahiro
tools/scmp_bpf_disasm.c
tools/scmp_bpf_sim.c
Added to tools/util.h.
Post by AKASHI Takahiro
and AUDIT_ARCH_AARCH64 in
seccomp.h.in
just in case that those definitions are missing.
Second, we are not able to compile tests/*.c, for example
04-sim-mutilevel_chains, without some workaround of non-existent 'open'
syscall.
See my other email to Marcin, I'm working on a fix.
--
paul moore
security and virtualization @ redhat
AKASHI Takahiro
2014-08-26 02:12:50 UTC
Permalink
Post by Paul Moore
Post by AKASHI Takahiro
Paul,
Post by Paul Moore
This is Marcin's latest patch, reworked a bit for correctness. I still
want to go back over this patch and check a few style/formatting items,
but at least on my x86_64 system it passes all of the regression tests.
Can you aarch64 guys give this a test and see if it works for you?
First, please add AUDIT_ARCH_MIPSx64N32 in
seccomp.h.in
Done.
Post by AKASHI Takahiro
tools/scmp_bpf_disasm.c
tools/scmp_bpf_sim.c
Added to tools/util.h.
Thanks, but __AUDIT_ARCH_CONVERSION_MIPS64_N32 is still missing :)

-Takahiro AKASHI
Post by Paul Moore
Post by AKASHI Takahiro
and AUDIT_ARCH_AARCH64 in
seccomp.h.in
just in case that those definitions are missing.
Second, we are not able to compile tests/*.c, for example
04-sim-mutilevel_chains, without some workaround of non-existent 'open'
syscall.
See my other email to Marcin, I'm working on a fix.
Paul Moore
2014-08-27 13:55:40 UTC
Permalink
Post by AKASHI Takahiro
Post by Paul Moore
Post by AKASHI Takahiro
Paul,
Post by Paul Moore
This is Marcin's latest patch, reworked a bit for correctness. I still
want to go back over this patch and check a few style/formatting items,
but at least on my x86_64 system it passes all of the regression tests.
Can you aarch64 guys give this a test and see if it works for you?
First, please add AUDIT_ARCH_MIPSx64N32 in
seccomp.h.in
Done.
Post by AKASHI Takahiro
tools/scmp_bpf_disasm.c
tools/scmp_bpf_sim.c
Added to tools/util.h.
Thanks, but __AUDIT_ARCH_CONVERSION_MIPS64_N32 is still missing :)
Oops :) Thanks for pointing that out, a patch will be out shortly.
--
paul moore
security and virtualization @ redhat
Loading...