arch: Add 32-bit Motorola 68000 support

Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>

22 files changed, 190 insertions, 3 deletions

diff --git a/README.md b/README.md
index ccbad2f..ff7ffad 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,7 @@ The libseccomp library currently supports the architectures listed below:
 * 32-bit ARM EABI (arm)
 * 64-bit ARM (aarch64)
 * 64-bit LoongArch (loongarch64)
+* 32-bit Motorola 68000 (m68k)
 * 32-bit MIPS (mips)
 * 32-bit MIPS little endian (mipsel)
 * 64-bit MIPS (mips64)
diff --git a/doc/man/man1/scmp_sys_resolver.1 b/doc/man/man1/scmp_sys_resolver.1
index 37d48c1..2baa2b9 100644
--- a/doc/man/man1/scmp_sys_resolver.1
+++ b/doc/man/man1/scmp_sys_resolver.1
@@ -34,8 +34,8 @@ special manner by libseccomp depending on the operation.
 .B \-a \fIARCH
 The architecture to use for resolving the system call.  Valid
 .I ARCH
-values are "x86", "x86_64", "x32", "arm", "aarch64", "loongarch64", "mips",
-"mipsel", "mips64", "mipsel64", "mips64n32", "mipsel64n32", "parisc",
+values are "x86", "x86_64", "x32", "arm", "aarch64", "loongarch64", "m68k",
+"mips", "mipsel", "mips64", "mipsel64", "mips64n32", "mipsel64n32", "parisc",
 "parisc64", "ppc", "ppc64", "ppc64le", "s390", "s390x", "sheb" and "sh".
 .TP
 .B \-t
diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
index e1576d3..9488adc 100644
--- a/include/seccomp-syscalls.h
+++ b/include/seccomp-syscalls.h
@@ -277,6 +277,9 @@
 #define __PNR_riscv_flush_icache		-10243
 #define __PNR_memfd_secret			-10244
 #define __PNR_fstat				-10245
+#define __PNR_atomic_barrier			-10246
+#define __PNR_atomic_cmpxchg_32			-10247
+#define __PNR_getpagesize			-10248
 
 /*
  * libseccomp syscall definitions
@@ -354,6 +357,18 @@
 #define __SNR_arch_prctl		__PNR_arch_prctl
 #endif
 
+#ifdef __NR_atomic_barrier
+#define __SNR_atomic_barrier		__NR_atomic_barrier
+#else
+#define __SNR_atomic_barrier		__PNR_atomic_barrier
+#endif
+
+#ifdef __NR_atomic_cmpxchg_32
+#define __SNR_atomic_cmpxchg_32		__NR_atomic_cmpxchg_32
+#else
+#define __SNR_atomic_cmpxchg_32		__PNR_atomic_cmpxchg_32
+#endif
+
 #ifdef __NR_bdflush
 #define __SNR_bdflush			__NR_bdflush
 #else
@@ -824,6 +839,12 @@
 
 #define __SNR_getitimer			__NR_getitimer
 
+#ifdef __NR_getpagesize
+#define __SNR_getpagesize		__NR_getpagesize
+#else
+#define __SNR_getpagesize		__PNR_getpagesize
+#endif
+
 #ifdef __NR_getpeername
 #define __SNR_getpeername		__NR_getpeername
 #else
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index 4ab10d9..e2d7c0e 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -165,6 +165,11 @@ struct scmp_arg_cmp {
 #define SCMP_ARCH_LOONGARCH64	AUDIT_ARCH_LOONGARCH64
 
 /**
+ * The Motorola 68000 architecture tokens
+ */
+#define SCMP_ARCH_M68K		AUDIT_ARCH_M68K
+
+/**
  * The MIPS architecture tokens
  */
 #ifndef __AUDIT_ARCH_CONVENTION_MIPS64_N32
diff --git a/src/Makefile.am b/src/Makefile.am
index 8c39d9e..1c47087 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -33,6 +33,7 @@ SOURCES_ALL = \
 	arch-arm.h arch-arm.c \
 	arch-aarch64.h arch-aarch64.c \
 	arch-loongarch64.h arch-loongarch64.c \
+	arch-m68k.h arch-m68k.c \
 	arch-mips.h arch-mips.c \
 	arch-mips64.h arch-mips64.c \
 	arch-mips64n32.h arch-mips64n32.c \
diff --git a/src/arch-m68k.c b/src/arch-m68k.c
new file mode 100644
index 0000000..ab7dbc6
--- /dev/null
+++ b/src/arch-m68k.c
@@ -0,0 +1,58 @@
+/**
+ * Enhanced Seccomp m68k Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ *               2017-2023 John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *         John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ *
+ * Derived from the PPC-specific code
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <linux/audit.h>
+
+#include "db.h"
+#include "syscalls.h"
+#include "arch.h"
+#include "arch-m68k.h"
+
+/* m68k syscall numbers */
+#define __m68k_NR_socketcall		102
+#define __m68k_NR_ipc			117
+
+ARCH_DEF(m68k)
+
+const struct arch_def arch_def_m68k = {
+	.token = SCMP_ARCH_M68K,
+	.token_bpf = AUDIT_ARCH_M68K,
+	.size = ARCH_SIZE_32,
+	.endian = ARCH_ENDIAN_BIG,
+	.sys_socketcall = __m68k_NR_socketcall,
+	.sys_ipc = __m68k_NR_ipc,
+	.syscall_resolve_name = abi_syscall_resolve_name_munge,
+	.syscall_resolve_name_raw = m68k_syscall_resolve_name,
+	.syscall_resolve_num = abi_syscall_resolve_num_munge,
+	.syscall_resolve_num_raw = m68k_syscall_resolve_num,
+	.syscall_rewrite = abi_syscall_rewrite,
+	.rule_add = abi_rule_add,
+	.syscall_name_kver = m68k_syscall_name_kver,
+	.syscall_num_kver = m68k_syscall_num_kver,
+};
diff --git a/src/arch-m68k.h b/src/arch-m68k.h
new file mode 100644
index 0000000..e165ab4
--- /dev/null
+++ b/src/arch-m68k.h
@@ -0,0 +1,34 @@
+/**
+ * Enhanced Seccomp m68k Specific Code
+ *
+ * Copyright (c) 2015 Freescale <bogdan.purcareata@freescale.com>
+ *               2017-2023 John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ * Author: Bogdan Purcareata <bogdan.purcareata@freescale.com>
+ *         John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+ *
+ * Derived from the PPC-specific code
+ *
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _ARCH_M68K_H
+#define _ARCH_M68K_H
+
+#include "arch.h"
+
+ARCH_DECL(m68k)
+
+#endif
diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c
index abc1680..c0acae6 100644
--- a/src/arch-syscall-dump.c
+++ b/src/arch-syscall-dump.c
@@ -35,6 +35,7 @@
 #include "arch-x32.h"
 #include "arch-arm.h"
 #include "arch-loongarch64.h"
+#include "arch-m68k.h"
 #include "arch-mips.h"
 #include "arch-mips64.h"
 #include "arch-mips64n32.h"
@@ -110,6 +111,8 @@ int main(int argc, char *argv[])
 			break;
 		case SCMP_ARCH_LOONGARCH64:
 			sys = loongarch64_syscall_iterate(iter);
+		case SCMP_ARCH_M68K:
+			sys = m68k_syscall_iterate(iter);
 			break;
 		case SCMP_ARCH_MIPS:
 		case SCMP_ARCH_MIPSEL:
diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
index b2f62c6..bbe2f4a 100755
--- a/src/arch-syscall-validate
+++ b/src/arch-syscall-validate
@@ -348,6 +348,30 @@ function dump_lib_loongarch64() {
 	dump_lib_arch loongarch64 | mangle_lib_syscall loongarch64
 }
 
+# Dump the m68k system syscall table
+#
+# Arguments:
+#     1    path to the kernel source
+#
+#  Dump the architecture's syscall table to stdout.
+#
+function dump_sys_m68k() {
+	cat $1/arch/m68k/kernel/syscalls/syscall.tbl | \
+		grep -v "^#" | \
+		sed -n "/[0-9]\+[ \t]\+\(common\)/p" | \
+		awk '{ print $3","$1 }' | \
+		sort
+}
+
+#
+# Dump the m68k library syscall table
+#
+#  Dump the library's syscall table to stdout.
+#
+function dump_lib_m68k() {
+	dump_lib_arch m68k | mangle_lib_syscall m68k
+}
+
 #
 # Dump the mips system syscall table
 #
@@ -664,6 +688,9 @@ function dump_sys() {
 	loongarch64)
 		dump_sys_loongarch64 "$2"
 		;;
+	m68k)
+		dump_sys_m68k "$2"
+		;;
 	mips)
 		dump_sys_mips "$2"
 		;;
@@ -734,6 +761,9 @@ function dump_lib() {
 	loongarch64)
 		dump_lib_loongarch64
 		;;
+	m68k)
+		dump_lib_m68k
+		;;
 	mips)
 		dump_lib_mips
 		;;
@@ -799,6 +829,7 @@ function gen_csv() {
 	abi_list+=" x86 x86_64 x32"
 	abi_list+=" arm aarch64"
 	abi_list+=" loongarch64"
+	abi_list+=" m68k"
 	abi_list+=" mips mips64 mips64n32"
 	abi_list+=" parisc parisc64"
 	abi_list+=" ppc ppc64"
@@ -911,6 +942,7 @@ if [[ $opt_arches == "" ]]; then
 		x86 x86_64 x32 \
 		arm aarch64 \
 		loongarch64 \
+		m68k \
 		mips mips64 mips64n32 \
 		parisc parisc64 \
 		ppc ppc64 \
diff --git a/src/arch.c b/src/arch.c
index 50a2321..a3ff7ca 100644
--- a/src/arch.c
+++ b/src/arch.c
@@ -36,6 +36,7 @@
 #include "arch-arm.h"
 #include "arch-aarch64.h"
 #include "arch-loongarch64.h"
+#include "arch-m68k.h"
 #include "arch-mips.h"
 #include "arch-mips64.h"
 #include "arch-mips64n32.h"
@@ -66,6 +67,8 @@ const struct arch_def *arch_def_native = &arch_def_arm;
 const struct arch_def *arch_def_native = &arch_def_aarch64;
 #elif __loongarch_lp64
 const struct arch_def *arch_def_native = &arch_def_loongarch64;
+#elif __m68k__
+const struct arch_def *arch_def_native = &arch_def_m68k;
 #elif __mips__ && _MIPS_SIM == _MIPS_SIM_ABI32
 #if __MIPSEB__
 const struct arch_def *arch_def_native = &arch_def_mips;
@@ -146,6 +149,8 @@ const struct arch_def *arch_def_lookup(uint32_t token)
 		return &arch_def_aarch64;
 	case SCMP_ARCH_LOONGARCH64:
 		return &arch_def_loongarch64;
+	case SCMP_ARCH_M68K:
+		return &arch_def_m68k;
 	case SCMP_ARCH_MIPS:
 		return &arch_def_mips;
 	case SCMP_ARCH_MIPSEL:
@@ -204,6 +209,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
 		return &arch_def_aarch64;
 	else if (strcmp(arch_name, "loongarch64") == 0)
 		return &arch_def_loongarch64;
+	else if (strcmp(arch_name, "m68k") == 0)
+		return &arch_def_m68k;
 	else if (strcmp(arch_name, "mips") == 0)
 		return &arch_def_mips;
 	else if (strcmp(arch_name, "mipsel") == 0)
diff --git a/src/gen_pfc.c b/src/gen_pfc.c
index 9d2dedb..62dd984 100644
--- a/src/gen_pfc.c
+++ b/src/gen_pfc.c
@@ -63,6 +63,8 @@ static const char *_pfc_arch(const struct arch_def *arch)
 		return "aarch64";
 	case SCMP_ARCH_LOONGARCH64:
 		return "loongarch64";
+	case SCMP_ARCH_M68K:
+		return "m68k";
 	case SCMP_ARCH_MIPS:
 		return "mips";
 	case SCMP_ARCH_MIPSEL:
diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
index a6bd0b4..a5d6c4a 100644
--- a/src/python/libseccomp.pxd
+++ b/src/python/libseccomp.pxd
@@ -39,6 +39,7 @@ cdef extern from "seccomp.h":
         SCMP_ARCH_ARM
         SCMP_ARCH_AARCH64
         SCMP_ARCH_LOONGARCH64
+        SCMP_ARCH_M68K
         SCMP_ARCH_MIPS
         SCMP_ARCH_MIPS64
         SCMP_ARCH_MIPS64N32
diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
index 9891d76..7712984 100644
--- a/src/python/seccomp.pyx
+++ b/src/python/seccomp.pyx
@@ -207,6 +207,7 @@ cdef class Arch:
     ARM - ARM
     AARCH64 - 64-bit ARM
     LOONGARCH64 - 64-bit LoongArch
+    M68K - 32-bit Motorola 68000
     MIPS - MIPS O32 ABI
     MIPS64 - MIPS 64-bit ABI
     MIPS64N32 - MIPS N32 ABI
@@ -229,6 +230,7 @@ cdef class Arch:
     ARM = libseccomp.SCMP_ARCH_ARM
     AARCH64 = libseccomp.SCMP_ARCH_AARCH64
     LOONGARCH64 = libseccomp.SCMP_ARCH_LOONGARCH64
+    M68K = libseccomp.SCMP_ARCH_M68K
     MIPS = libseccomp.SCMP_ARCH_MIPS
     MIPS64 = libseccomp.SCMP_ARCH_MIPS64
     MIPS64N32 = libseccomp.SCMP_ARCH_MIPS64N32
@@ -268,6 +270,8 @@ cdef class Arch:
                 self._token = libseccomp.SCMP_ARCH_AARCH64
             elif arch == libseccomp.SCMP_ARCH_LOONGARCH64:
                 self._token = libseccomp.SCMP_ARCH_LOONGARCH64
+            elif arch == libseccomp.SCMP_ARCH_M68K:
+                self._token = libseccomp.SCMP_ARCH_M68K
             elif arch == libseccomp.SCMP_ARCH_MIPS:
                 self._token = libseccomp.SCMP_ARCH_MIPS
             elif arch == libseccomp.SCMP_ARCH_MIPS64:
diff --git a/src/syscalls.h b/src/syscalls.h
index 10b2b7a..2d02ccc 100644
--- a/src/syscalls.h
+++ b/src/syscalls.h
@@ -16,6 +16,7 @@
 #include "arch-arm.h"
 #include "arch.h"
 #include "arch-loongarch64.h"
+#include "arch-m68k.h"
 #include "arch-mips64.h"
 #include "arch-mips64n32.h"
 #include "arch-mips.h"
@@ -55,6 +56,9 @@ struct arch_syscall_table {
 	int loongarch64;
 	enum scmp_kver loongarch64_kver;
 
+	int m68k;
+	enum scmp_kver m68k_kver;
+
 	int mips;
 	enum scmp_kver mips_kver;
 	int mips64;
diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c
index bdb73f7..7e2e03f 100644
--- a/tests/15-basic-resolver.c
+++ b/tests/15-basic-resolver.c
@@ -33,6 +33,7 @@ unsigned int arch_list[] = {
 	SCMP_ARCH_ARM,
 	SCMP_ARCH_AARCH64,
 	SCMP_ARCH_LOONGARCH64,
+	SCMP_ARCH_M68K,
 	SCMP_ARCH_MIPS,
 	SCMP_ARCH_MIPS64,
 	SCMP_ARCH_MIPS64N32,
diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c
index 7db48ea..2b83f0b 100644
--- a/tests/26-sim-arch_all_be_basic.c
+++ b/tests/26-sim-arch_all_be_basic.c
@@ -43,6 +43,9 @@ int main(int argc, char *argv[])
 	if (rc != 0)
 		goto out;
 
+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("m68k"));
+	if (rc != 0)
+		goto out;
 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips"));
 	if (rc != 0)
 		goto out;
diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py
index b0e5f5a..2afa93a 100755
--- a/tests/26-sim-arch_all_be_basic.py
+++ b/tests/26-sim-arch_all_be_basic.py
@@ -30,6 +30,7 @@ from seccomp import *
 def test(args):
     f = SyscallFilter(KILL)
     f.remove_arch(Arch())
+    f.add_arch(Arch("m68k"))
     f.add_arch(Arch("mips"))
     f.add_arch(Arch("mips64"))
     f.add_arch(Arch("mips64n32"))
diff --git a/tests/56-basic-iterate_syscalls.c b/tests/56-basic-iterate_syscalls.c
index b514afa..d5cf746 100644
--- a/tests/56-basic-iterate_syscalls.c
+++ b/tests/56-basic-iterate_syscalls.c
@@ -34,6 +34,7 @@ unsigned int arch_list[] = {
 	SCMP_ARCH_ARM,
 	SCMP_ARCH_AARCH64,
 	SCMP_ARCH_LOONGARCH64,
+	SCMP_ARCH_M68K,
 	SCMP_ARCH_MIPS,
 	SCMP_ARCH_MIPS64,
 	SCMP_ARCH_MIPS64N32,
diff --git a/tests/regression b/tests/regression
index 32463c0..a1be57d 100755
--- a/tests/regression
+++ b/tests/regression
@@ -30,6 +30,7 @@ GLBL_ARCH_LE_SUPPORT=" \
 	riscv64 \
 	sh"
 GLBL_ARCH_BE_SUPPORT=" \
+	m68k \
 	mips mips64 mips64n32 \
 	parisc parisc64 \
 	ppc ppc64 \
@@ -39,6 +40,7 @@ GLBL_ARCH_BE_SUPPORT=" \
 GLBL_ARCH_32B_SUPPORT=" \
 	x86 x32 \
 	arm \
+	m68k \
 	mips mipsel mips64n32 mipsel64n32 \
 	parisc \
 	ppc \
@@ -803,7 +805,7 @@ function run_test_live() {
 
 	# setup the arch specific return values
 	case "$arch" in
-	x86|x86_64|x32|arm|aarch64|loongarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64|sh|sheb)
+	x86|x86_64|x32|arm|aarch64|loongarch64|m68k|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64|sh|sheb)
 		rc_kill_process=159
 		rc_kill=159
 		rc_allow=160
diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
index c23cf7f..dcf33ad 100644
--- a/tools/scmp_arch_detect.c
+++ b/tools/scmp_arch_detect.c
@@ -83,6 +83,8 @@ int main(int argc, char *argv[])
 			break;
 		case SCMP_ARCH_LOONGARCH64:
 			printf("loongarch64\n");
+		case SCMP_ARCH_M68K:
+			printf("m68k\n");
 			break;
 		case SCMP_ARCH_MIPS:
 			printf("mips\n");
diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
index 7d31d79..46e449e 100644
--- a/tools/scmp_bpf_sim.c
+++ b/tools/scmp_bpf_sim.c
@@ -261,6 +261,8 @@ int main(int argc, char *argv[])
 				arch = AUDIT_ARCH_AARCH64;
 			else if (strcmp(optarg, "loongarch64") == 0)
 				arch = AUDIT_ARCH_LOONGARCH64;
+			else if (strcmp(optarg, "m68k") == 0)
+				arch = AUDIT_ARCH_M68K;
 			else if (strcmp(optarg, "mips") == 0)
 				arch = AUDIT_ARCH_MIPS;
 			else if (strcmp(optarg, "mipsel") == 0)
diff --git a/tools/util.c b/tools/util.c
index f67dea7..1e39c79 100644
--- a/tools/util.c
+++ b/tools/util.c
@@ -46,6 +46,8 @@
 #define ARCH_NATIVE		AUDIT_ARCH_AARCH64
 #elif __loongarch_lp64
 #define ARCH_NATIVE		AUDIT_ARCH_LOONGARCH64
+#elif __m68k__
+#define ARCH_NATIVE		AUDIT_ARCH_M68K
 #elif __mips__ && _MIPS_SIM == _MIPS_SIM_ABI32
 #if __MIPSEB__
 #define ARCH_NATIVE		AUDIT_ARCH_MIPS