22 files changed, 677 insertions, 2 deletions
diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
index 3c958df..d7eb383 100644
--- a/include/seccomp-syscalls.h
+++ b/include/seccomp-syscalls.h
@@ -273,6 +273,7 @@
 #define __PNR_timerfd_settime64			-10239
 #define __PNR_utimensat_time64			-10240
 #define __PNR_ppoll				-10241
+#define __PNR_renameat				-10242
 
 /*
  * libseccomp syscall definitions
@@ -1494,7 +1495,11 @@
 #define __SNR_rename			__PNR_rename
 #endif
 
+#ifdef __NR_renameat
 #define __SNR_renameat			__NR_renameat
+#else
+#define __SNR_renameat			__PNR_renameat
+#endif
 
 #define __SNR_renameat2			__NR_renameat2
 
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index 42f3a79..208b366 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -197,6 +197,18 @@ struct scmp_arg_cmp {
 #define SCMP_ARCH_PARISC64	AUDIT_ARCH_PARISC64
 
 /**
+ * The RISC-V architecture tokens
+ */
+/* RISC-V support for audit was merged in 5.0-rc1 */
+#ifndef AUDIT_ARCH_RISCV64
+#ifndef EM_RISCV
+#define EM_RISCV		243
+#endif /* EM_RISCV */
+#define AUDIT_ARCH_RISCV64	(EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif /* AUDIT_ARCH_RISCV64 */
+#define SCMP_ARCH_RISCV64	AUDIT_ARCH_RISCV64
+
+/**
  * Convert a syscall name into the associated syscall number
  * @param x the syscall name
  */
diff --git a/src/Makefile.am b/src/Makefile.am
index 2e7e38d..47e2f33 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -42,6 +42,7 @@ SOURCES_ALL = \
 	arch-parisc.h arch-parisc.c arch-parisc64.c arch-parisc-syscalls.c \
 	arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
 	arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \
+	arch-riscv64.h arch-riscv64.c arch-riscv64-syscalls.c \
 	arch-s390.h arch-s390.c arch-s390-syscalls.c \
 	arch-s390x.h arch-s390x.c arch-s390x-syscalls.c
 
diff --git a/src/arch-riscv64-syscalls.c b/src/arch-riscv64-syscalls.c
new file mode 100644
index 0000000..ceebece
--- /dev/null
+++ b/src/arch-riscv64-syscalls.c
@@ -0,0 +1,553 @@
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <string.h>
+
+#include <seccomp.h>
+
+#include "arch.h"
+#include "arch-riscv64.h"
+
+/* NOTE: based on Linux 5.4 */
+const struct arch_syscall_def riscv64_syscall_table[] = { \
+	{ "_llseek", __PNR__llseek },
+	{ "_newselect", __PNR__newselect },
+	{ "_sysctl", __PNR__sysctl },
+	{ "accept", 202 },
+	{ "accept4", 242 },
+	{ "access", __PNR_access },
+	{ "acct", 89 },
+	{ "add_key", 217 },
+	{ "adjtimex", 171 },
+	{ "afs_syscall", __PNR_afs_syscall },
+	{ "alarm", __PNR_alarm },
+	{ "arm_fadvise64_64", __PNR_arm_fadvise64_64 },
+	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
+	{ "arch_prctl", __PNR_arch_prctl },
+	{ "bdflush", __PNR_bdflush },
+	{ "bind", 200 },
+	{ "bpf", 280 },
+	{ "break", __PNR_break },
+	{ "breakpoint", __PNR_breakpoint },
+	{ "brk", 214 },
+	{ "cachectl", __PNR_cachectl },
+	{ "cacheflush", __PNR_cacheflush },
+	{ "capget", 90 },
+	{ "capset", 91 },
+	{ "chdir", 49 },
+	{ "chmod", __PNR_chmod },
+	{ "chown", __PNR_chown },
+	{ "chown32", __PNR_chown32 },
+	{ "chroot", 51 },
+	{ "clock_adjtime", 266 },
+	{ "clock_adjtime64", __PNR_clock_adjtime64 },
+	{ "clock_getres", 114 },
+	{ "clock_getres_time64", __PNR_clock_getres_time64 },
+	{ "clock_gettime", 113 },
+	{ "clock_gettime64", __PNR_clock_gettime64 },
+	{ "clock_nanosleep", 115 },
+	{ "clock_nanosleep_time64", __PNR_clock_nanosleep_time64 },
+	{ "clock_settime", 112 },
+	{ "clock_settime64", __PNR_clock_settime64 },
+	{ "clone", 220 },
+	{ "clone3", 435 },
+	{ "close", 57 },
+	{ "connect", 203 },
+	{ "copy_file_range", 285 },
+	{ "creat", __PNR_creat },
+	{ "create_module", __PNR_create_module },
+	{ "delete_module", 106 },
+	{ "dup", 23 },
+	{ "dup2", __PNR_dup2 },
+	{ "dup3", 24 },
+	{ "epoll_create", __PNR_epoll_create },
+	{ "epoll_create1", 20 },
+	{ "epoll_ctl", 21 },
+	{ "epoll_ctl_old", __PNR_epoll_ctl_old },
+	{ "epoll_pwait", 22 },
+	{ "epoll_wait", __PNR_epoll_wait },
+	{ "epoll_wait_old", __PNR_epoll_wait_old },
+	{ "eventfd", __PNR_eventfd },
+	{ "eventfd2", 19 },
+	{ "execve", 221 },
+	{ "execveat", 281 },
+	{ "exit", 93 },
+	{ "exit_group", 94 },
+	{ "faccessat", 48 },
+	{ "fadvise64", 223 },
+	{ "fadvise64_64", __PNR_fadvise64_64 },
+	{ "fallocate", 47 },
+	{ "fanotify_init", 262 },
+	{ "fanotify_mark", 263 },
+	{ "fchdir", 50 },
+	{ "fchmod", 52 },
+	{ "fchmodat", 53 },
+	{ "fchown", 55 },
+	{ "fchown32", __PNR_fchown32 },
+	{ "fchownat", 54 },
+	{ "fcntl", 25 },
+	{ "fcntl64", __PNR_fcntl64 },
+	{ "fdatasync", 83 },
+	{ "fgetxattr", 10 },
+	{ "finit_module", 273 },
+	{ "flistxattr", 13 },
+	{ "flock", 32 },
+	{ "fork", __PNR_fork },
+	{ "fremovexattr", 16 },
+	{ "fsconfig", 431 },
+	{ "fsetxattr", 7 },
+	{ "fsmount", 432 },
+	{ "fsopen", 430 },
+	{ "fspick", 433 },
+	{ "fstat", 80 },
+	{ "fstat64", __PNR_fstat64 },
+	{ "fstatat64", __PNR_fstatat64 },
+	{ "fstatfs", 44 },
+	{ "fstatfs64", __PNR_fstatfs64 },
+	{ "fsync", 82 },
+	{ "ftime", __PNR_ftime },
+	{ "ftruncate", 46 },
+	{ "ftruncate64", __PNR_ftruncate64 },
+	{ "futex", 98 },
+	{ "futex_time64", __PNR_futex_time64 },
+	{ "futimesat", __PNR_futimesat },
+	{ "get_kernel_syms", __PNR_get_kernel_syms },
+	{ "get_mempolicy", 236 },
+	{ "get_robust_list", 100 },
+	{ "get_thread_area", __PNR_get_thread_area },
+	{ "get_tls", __PNR_get_tls },
+	{ "getcpu", 168 },
+	{ "getcwd", 17 },
+	{ "getdents", __PNR_getdents },
+	{ "getdents64", 61 },
+	{ "getegid", 177 },
+	{ "getegid32", __PNR_getegid32 },
+	{ "geteuid", 175 },
+	{ "geteuid32", __PNR_geteuid32 },
+	{ "getgid", 176 },
+	{ "getgid32", __PNR_getgid32 },
+	{ "getgroups", 158 },
+	{ "getgroups32", __PNR_getgroups32 },
+	{ "getitimer", 102 },
+	{ "getpeername", 205 },
+	{ "getpgid", 155 },
+	{ "getpgrp", __PNR_getpgrp },
+	{ "getpid", 172 },
+	{ "getpmsg", __PNR_getpmsg },
+	{ "getppid", 173 },
+	{ "getpriority", 141 },
+	{ "getrandom", 278 },
+	{ "getresgid", 150 },
+	{ "getresgid32", __PNR_getresgid32 },
+	{ "getresuid", 148 },
+	{ "getresuid32", __PNR_getresuid32 },
+	{ "getrlimit", 163 },
+	{ "getrusage", 165 },
+	{ "getsid", 156 },
+	{ "getsockname", 204 },
+	{ "getsockopt", 209 },
+	{ "gettid", 178 },
+	{ "gettimeofday", 169 },
+	{ "getuid", 174 },
+	{ "getuid32", __PNR_getuid32 },
+	{ "getxattr", 8 },
+	{ "gtty", __PNR_gtty },
+	{ "idle", __PNR_idle },
+	{ "init_module", 105 },
+	{ "inotify_add_watch", 27 },
+	{ "inotify_init", __PNR_inotify_init },
+	{ "inotify_init1", 26 },
+	{ "inotify_rm_watch", 28 },
+	{ "io_cancel", 3 },
+	{ "io_destroy", 1 },
+	{ "io_getevents", 4 },
+	{ "io_pgetevents", 292 },
+	{ "io_pgetevents_time64", __PNR_io_pgetevents_time64 },
+	{ "io_setup", 0 },
+	{ "io_submit", 2 },
+	{ "io_uring_enter", 426 },
+	{ "io_uring_register", 427 },
+	{ "io_uring_setup", 425 },
+	{ "ioctl", 29 },
+	{ "ioperm", __PNR_ioperm },
+	{ "iopl", __PNR_iopl },
+	{ "ioprio_get", 31 },
+	{ "ioprio_set", 30 },
+	{ "ipc", __PNR_ipc },
+	{ "kcmp", 272 },
+	{ "kexec_file_load", 294 },
+	{ "kexec_load", 104 },
+	{ "keyctl", 219 },
+	{ "kill", 129 },
+	{ "lchown", __PNR_lchown },
+	{ "lchown32", __PNR_lchown32 },
+	{ "lgetxattr", 9 },
+	{ "link", __PNR_link },
+	{ "linkat", 37 },
+	{ "listen", 201 },
+	{ "listxattr", 11 },
+	{ "llistxattr", 12 },
+	{ "lock", __PNR_lock },
+	{ "lookup_dcookie", 18 },
+	{ "lremovexattr", 15 },
+	{ "lseek", 62 },
+	{ "lsetxattr", 6 },
+	{ "lstat", __PNR_lstat },
+	{ "lstat64", __PNR_lstat64 },
+	{ "madvise", 233 },
+	{ "mbind", 235 },
+	{ "membarrier", 283 },
+	{ "memfd_create", 279 },
+	{ "migrate_pages", 238 },
+	{ "mincore", 232 },
+	{ "mkdir", __PNR_mkdir },
+	{ "mkdirat", 34 },
+	{ "mknod", __PNR_mknod },
+	{ "mknodat", 33 },
+	{ "mlock", 228 },
+	{ "mlock2", 284 },
+	{ "mlockall", 230 },
+	{ "mmap", 222 },
+	{ "mmap2", __PNR_mmap2 },
+	{ "modify_ldt", __PNR_modify_ldt },
+	{ "mount", 40 },
+	{ "move_mount", 429 },
+	{ "move_pages", 239 },
+	{ "mprotect", 226 },
+	{ "mpx", __PNR_mpx },
+	{ "mq_getsetattr", 185 },
+	{ "mq_notify", 184 },
+	{ "mq_open", 180 },
+	{ "mq_timedreceive", 183 },
+	{ "mq_timedreceive_time64", __PNR_mq_timedreceive_time64 },
+	{ "mq_timedsend", 182 },
+	{ "mq_timedsend_time64", __PNR_mq_timedsend_time64 },
+	{ "mq_unlink", 181 },
+	{ "mremap", 216 },
+	{ "msgctl", 187 },
+	{ "msgget", 186 },
+	{ "msgrcv", 188 },
+	{ "msgsnd", 189 },
+	{ "msync", 227 },
+	{ "multiplexer", __PNR_multiplexer },
+	{ "munlock", 229 },
+	{ "munlockall", 231 },
+	{ "munmap", 215 },
+	{ "name_to_handle_at", 264 },
+	{ "nanosleep", 101 },
+	{ "newfstatat", 79 },
+	{ "nfsservctl", 42 },
+	{ "nice", __PNR_nice },
+	{ "oldfstat", __PNR_oldfstat },
+	{ "oldlstat", __PNR_oldlstat },
+	{ "oldolduname", __PNR_oldolduname },
+	{ "oldstat", __PNR_oldstat },
+	{ "olduname", __PNR_olduname },
+	{ "oldwait4", __PNR_oldwait4 },
+	{ "open", __PNR_open },
+	{ "open_by_handle_at", 265 },
+	{ "open_tree", 428 },
+	{ "openat", 56 },
+	{ "pause", __PNR_pause },
+	{ "pciconfig_iobase", __PNR_pciconfig_iobase },
+	{ "pciconfig_read", __PNR_pciconfig_read },
+	{ "pciconfig_write", __PNR_pciconfig_write },
+	{ "perf_event_open", 241 },
+	{ "personality", 92 },
+	{ "pidfd_open", 434 },
+	{ "pidfd_send_signal", 424 },
+	{ "pipe", __PNR_pipe },
+	{ "pipe2", 59 },
+	{ "pivot_root", 41 },
+	{ "pkey_alloc", 289 },
+	{ "pkey_free", 290 },
+	{ "pkey_mprotect", 288 },
+	{ "poll", __PNR_poll },
+	{ "ppoll", 73 },
+	{ "ppoll_time64", __PNR_ppoll_time64 },
+	{ "prctl", 167 },
+	{ "pread64", 67 },
+	{ "preadv", 69 },
+	{ "preadv2", 286 },
+	{ "prlimit64", 261 },
+	{ "process_vm_readv", 270 },
+	{ "process_vm_writev", 271 },
+	{ "prof", __PNR_prof },
+	{ "profil", __PNR_profil },
+	{ "pselect6", 72 },
+	{ "pselect6_time64", __PNR_pselect6_time64 },
+	{ "ptrace", 117 },
+	{ "putpmsg", __PNR_putpmsg },
+	{ "pwrite64", 68 },
+	{ "pwritev", 70 },
+	{ "pwritev2", 287 },
+	{ "query_module", __PNR_query_module },
+	{ "quotactl", 60 },
+	{ "read", 63 },
+	{ "readahead", 213 },
+	{ "readdir", __PNR_readdir },
+	{ "readlink", __PNR_readlink },
+	{ "readlinkat", 78 },
+	{ "readv", 65 },
+	{ "reboot", 142 },
+	{ "recv", __PNR_recv },
+	{ "recvfrom", 207 },
+	{ "recvmmsg", 243 },
+	{ "recvmmsg_time64", __PNR_recvmmsg_time64 },
+	{ "recvmsg", 212 },
+	{ "remap_file_pages", 234 },
+	{ "removexattr", 14 },
+	{ "rename", __PNR_rename },
+	{ "renameat", __PNR_renameat },
+	{ "renameat2", 276 },
+	{ "request_key", 218 },
+	{ "restart_syscall", 128 },
+	{ "rmdir", __PNR_rmdir },
+	{ "riscv_flush_icache", 244 },
+	{ "rseq", 293 },
+	{ "rt_sigaction", 134 },
+	{ "rt_sigpending", 136 },
+	{ "rt_sigprocmask", 135 },
+	{ "rt_sigqueueinfo", 138 },
+	{ "rt_sigreturn", 139 },
+	{ "rt_sigsuspend", 133 },
+	{ "rt_sigtimedwait", 137 },
+	{ "rt_sigtimedwait_time64", __PNR_rt_sigtimedwait_time64 },
+	{ "rt_tgsigqueueinfo", 240 },
+	{ "rtas", __PNR_rtas },
+	{ "s390_guarded_storage", __PNR_s390_guarded_storage },
+	{ "s390_pci_mmio_read", __PNR_s390_pci_mmio_read },
+	{ "s390_pci_mmio_write", __PNR_s390_pci_mmio_write },
+	{ "s390_runtime_instr", __PNR_s390_runtime_instr },
+	{ "s390_sthyi", __PNR_s390_sthyi },
+	{ "sched_get_priority_max", 125 },
+	{ "sched_get_priority_min", 126 },
+	{ "sched_getaffinity", 123 },
+	{ "sched_getattr", 275 },
+	{ "sched_getparam", 121 },
+	{ "sched_getscheduler", 120 },
+	{ "sched_rr_get_interval", 127 },
+	{ "sched_rr_get_interval_time64", __PNR_sched_rr_get_interval_time64 },
+	{ "sched_setaffinity", 122 },
+	{ "sched_setattr", 274 },
+	{ "sched_setparam", 118 },
+	{ "sched_setscheduler", 119 },
+	{ "sched_yield", 124 },
+	{ "seccomp", 277 },
+	{ "security", __PNR_security },
+	{ "select", __PNR_select },
+	{ "semctl", 191 },
+	{ "semget", 190 },
+	{ "semop", 193 },
+	{ "semtimedop", 192 },
+	{ "semtimedop_time64", __PNR_semtimedop_time64 },
+	{ "send", __PNR_send },
+	{ "sendfile", 71 },
+	{ "sendfile64", __PNR_sendfile64 },
+	{ "sendmmsg", 269 },
+	{ "sendmsg", 211 },
+	{ "sendto", 206 },
+	{ "set_mempolicy", 237 },
+	{ "set_robust_list", 99 },
+	{ "set_thread_area", __PNR_set_thread_area },
+	{ "set_tid_address", 96 },
+	{ "set_tls", __PNR_set_tls },
+	{ "setdomainname", 162 },
+	{ "setfsgid", 152 },
+	{ "setfsgid32", __PNR_setfsgid32 },
+	{ "setfsuid", 151 },
+	{ "setfsuid32", __PNR_setfsuid32 },
+	{ "setgid", 144 },
+	{ "setgid32", __PNR_setgid32 },
+	{ "setgroups", 159 },
+	{ "setgroups32", __PNR_setgroups32 },
+	{ "sethostname", 161 },
+	{ "setitimer", 103 },
+	{ "setns", 268 },
+	{ "setpgid", 154 },
+	{ "setpriority", 140 },
+	{ "setregid", 143 },
+	{ "setregid32", __PNR_setregid32 },
+	{ "setresgid", 149 },
+	{ "setresgid32", __PNR_setresgid32 },
+	{ "setresuid", 147 },
+	{ "setresuid32", __PNR_setresuid32 },
+	{ "setreuid", 145 },
+	{ "setreuid32", __PNR_setreuid32 },
+	{ "setrlimit", 164 },
+	{ "setsid", 157 },
+	{ "setsockopt", 208 },
+	{ "settimeofday", 170 },
+	{ "setuid", 146 },
+	{ "setuid32", __PNR_setuid32 },
+	{ "setxattr", 5 },
+	{ "sgetmask", __PNR_sgetmask },
+	{ "shmat", 196 },
+	{ "shmctl", 195 },
+	{ "shmdt", 197 },
+	{ "shmget", 194 },
+	{ "shutdown", 210 },
+	{ "sigaction", __PNR_sigaction },
+	{ "sigaltstack", 132 },
+	{ "signal", __PNR_signal },
+	{ "signalfd", __PNR_signalfd },
+	{ "signalfd4", 74 },
+	{ "sigpending", __PNR_sigpending },
+	{ "sigprocmask", __PNR_sigprocmask },
+	{ "sigreturn", __PNR_sigreturn },
+	{ "sigsuspend", __PNR_sigsuspend },
+	{ "socket", 198 },
+	{ "socketcall", __PNR_socketcall },
+	{ "socketpair", 199 },
+	{ "splice", 76 },
+	{ "spu_create", __PNR_spu_create },
+	{ "spu_run", __PNR_spu_run },
+	{ "ssetmask", __PNR_ssetmask },
+	{ "stat", __PNR_stat },
+	{ "stat64", __PNR_stat64 },
+	{ "statfs", 43 },
+	{ "statfs64", __PNR_statfs64 },
+	{ "statx", 291 },
+	{ "stime", __PNR_stime },
+	{ "stty", __PNR_stty },
+	{ "subpage_prot", __PNR_subpage_prot },
+	{ "swapcontext", __PNR_swapcontext },
+	{ "swapoff", 225 },
+	{ "swapon", 224 },
+	{ "switch_endian", __PNR_switch_endian },
+	{ "symlink", __PNR_symlink },
+	{ "symlinkat", 36 },
+	{ "sync", 81 },
+	{ "sync_file_range", 84 },
+	{ "sync_file_range2", __PNR_sync_file_range2 },
+	{ "syncfs", 267 },
+	{ "syscall", __PNR_syscall },
+	{ "sys_debug_setcontext", __PNR_sys_debug_setcontext },
+	{ "sysfs", __PNR_sysfs },
+	{ "sysinfo", 179 },
+	{ "syslog", 116 },
+	{ "sysmips", __PNR_sysmips },
+	{ "tee", 77 },
+	{ "tgkill", 131 },
+	{ "time", __PNR_time },
+	{ "timer_create", 107 },
+	{ "timer_delete", 111 },
+	{ "timer_getoverrun", 109 },
+	{ "timer_gettime", 108 },
+	{ "timer_gettime64", __PNR_timer_gettime64 },
+	{ "timer_settime", 110 },
+	{ "timer_settime64", __PNR_timer_settime64 },
+	{ "timerfd", __PNR_timerfd },
+	{ "timerfd_create", 85 },
+	{ "timerfd_gettime", 87 },
+	{ "timerfd_gettime64", __PNR_timerfd_gettime64 },
+	{ "timerfd_settime", 86 },
+	{ "timerfd_settime64", __PNR_timerfd_settime64 },
+	{ "times", 153 },
+	{ "tkill", 130 },
+	{ "truncate", 45 },
+	{ "truncate64", __PNR_truncate64 },
+	{ "tuxcall", __PNR_tuxcall },
+	{ "ugetrlimit", __PNR_ugetrlimit },
+	{ "ulimit", __PNR_ulimit },
+	{ "umask", 166 },
+	{ "umount", __PNR_umount },
+	{ "umount2", 39 },
+	{ "uname", 160 },
+	{ "unlink", __PNR_unlink },
+	{ "unlinkat", 35 },
+	{ "unshare", 97 },
+	{ "uselib", __PNR_uselib },
+	{ "userfaultfd", 282 },
+	{ "usr26", __PNR_usr26 },
+	{ "usr32", __PNR_usr32 },
+	{ "ustat", __PNR_ustat },
+	{ "utime", __PNR_utime },
+	{ "utimensat", 88 },
+	{ "utimensat_time64", __PNR_utimensat_time64 },
+	{ "utimes", __PNR_utimes },
+	{ "vfork", __PNR_vfork },
+	{ "vhangup", 58 },
+	{ "vm86", __PNR_vm86 },
+	{ "vm86old", __PNR_vm86old },
+	{ "vmsplice", 75 },
+	{ "vserver", __PNR_vserver },
+	{ "wait4", 260 },
+	{ "waitid", 95 },
+	{ "waitpid", __PNR_waitpid },
+	{ "write", 64 },
+	{ "writev", 66 },
+	{ NULL, __NR_SCMP_ERROR },
+};
+
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number using the syscall table.
+ * Returns the syscall number on success, including negative pseudo syscall
+ * numbers; returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int riscv64_syscall_resolve_name(const char *name)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = riscv64_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+	for (iter = 0; table[iter].name != NULL; iter++) {
+		if (strcmp(name, table[iter].name) == 0)
+			return table[iter].num;
+	}
+
+	return __NR_SCMP_ERROR;
+}
+
+/**
+ * Resolve a syscall number to a name
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name using the syscall table.
+ * Returns a pointer to the syscall name string on success, including pseudo
+ * syscall names; returns NULL on failure.
+ *
+ */
+const char *riscv64_syscall_resolve_num(int num)
+{
+	unsigned int iter;
+	const struct arch_syscall_def *table = riscv64_syscall_table;
+
+	/* XXX - plenty of room for future improvement here */
+	for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) {
+		if (num == table[iter].num)
+			return table[iter].name;
+	}
+
+	return NULL;
+}
+
+
+/**
+ * Iterate through the syscall table and return the syscall mapping
+ * @param spot the offset into the syscall table
+ *
+ * Return the syscall mapping at position @spot or NULL on failure.  This
+ * function should only ever be used internally by libseccomp.
+ *
+ */
+const struct arch_syscall_def *riscv64_syscall_iterate(unsigned int spot)
+{
+	/* XXX - no safety checks here */
+	return &riscv64_syscall_table[spot];
+}
diff --git a/src/arch-riscv64.c b/src/arch-riscv64.c
new file mode 100644
index 0000000..67bc926
--- /dev/null
+++ b/src/arch-riscv64.c
@@ -0,0 +1,31 @@
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <linux/audit.h>
+
+#include "arch.h"
+#include "arch-riscv64.h"
+
+const struct arch_def arch_def_riscv64 = {
+	.token = SCMP_ARCH_RISCV64,
+	.token_bpf = AUDIT_ARCH_RISCV64,
+	.size = ARCH_SIZE_64,
+	.endian = ARCH_ENDIAN_LITTLE,
+	.syscall_resolve_name = riscv64_syscall_resolve_name,
+	.syscall_resolve_num = riscv64_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
+};
diff --git a/src/arch-riscv64.h b/src/arch-riscv64.h
new file mode 100644
index 0000000..16fca6b
--- /dev/null
+++ b/src/arch-riscv64.h
@@ -0,0 +1,30 @@
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _ARCH_RISCV64_H
+#define _ARCH_RISCV64_H
+
+#include <inttypes.h>
+
+#include "arch.h"
+#include "system.h"
+
+extern const struct arch_def arch_def_riscv64;
+
+int riscv64_syscall_resolve_name(const char *name);
+const char *riscv64_syscall_resolve_num(int num);
+
+const struct arch_syscall_def *riscv64_syscall_iterate(unsigned int spot);
+
+#endif
diff --git a/src/arch.c b/src/arch.c
index bfa664f..83c2c9b 100644
--- a/src/arch.c
+++ b/src/arch.c
@@ -41,6 +41,7 @@
 #include "arch-parisc.h"
 #include "arch-ppc.h"
 #include "arch-ppc64.h"
+#include "arch-riscv64.h"
 #include "arch-s390.h"
 #include "arch-s390x.h"
 #include "db.h"
@@ -94,6 +95,8 @@ const struct arch_def *arch_def_native = &arch_def_ppc;
 const struct arch_def *arch_def_native = &arch_def_s390x;
 #elif __s390__
 const struct arch_def *arch_def_native = &arch_def_s390;
+#elif __riscv && __riscv_xlen == 64
+const struct arch_def *arch_def_native = &arch_def_riscv64;
 #else
 #error the arch code needs to know about your machine type
 #endif /* machine type guess */
@@ -156,6 +159,8 @@ const struct arch_def *arch_def_lookup(uint32_t token)
 		return &arch_def_s390;
 	case SCMP_ARCH_S390X:
 		return &arch_def_s390x;
+	case SCMP_ARCH_RISCV64:
+		return &arch_def_riscv64;
 	}
 
 	return NULL;
@@ -206,6 +211,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
 		return &arch_def_s390;
 	else if (strcmp(arch_name, "s390x") == 0)
 		return &arch_def_s390x;
+	else if (strcmp(arch_name, "riscv64") == 0)
+		return &arch_def_riscv64;
 
 	return NULL;
 }
diff --git a/src/gen_pfc.c b/src/gen_pfc.c
index 75d8507..8186f0d 100644
--- a/src/gen_pfc.c
+++ b/src/gen_pfc.c
@@ -87,6 +87,8 @@ static const char *_pfc_arch(const struct arch_def *arch)
 		return "s390x";
 	case SCMP_ARCH_S390:
 		return "s390";
+	case SCMP_ARCH_RISCV64:
+		return "riscv64";
 	default:
 		return "UNKNOWN";
 	}
diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
index 8ae84d9..f1194b6 100644
--- a/src/python/libseccomp.pxd
+++ b/src/python/libseccomp.pxd
@@ -51,6 +51,7 @@ cdef extern from "seccomp.h":
         SCMP_ARCH_PPC64LE
         SCMP_ARCH_S390
         SCMP_ARCH_S390X
+        SCMP_ARCH_RISCV64
 
     cdef enum scmp_filter_attr:
         SCMP_FLTATR_ACT_DEFAULT
diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
index 44e4925..113fbf4 100644
--- a/src/python/seccomp.pyx
+++ b/src/python/seccomp.pyx
@@ -214,6 +214,7 @@ cdef class Arch:
     PARISC64 - 64-bit PA-RISC
     PPC64 - 64-bit PowerPC
     PPC - 32-bit PowerPC
+    RISCV64 - 64-bit RISC-V
     """
 
     cdef int _token
@@ -237,6 +238,7 @@ cdef class Arch:
     PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
     S390 = libseccomp.SCMP_ARCH_S390
     S390X = libseccomp.SCMP_ARCH_S390X
+    RISCV64 = libseccomp.SCMP_ARCH_RISCV64
 
     def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
         """ Initialize the architecture object.
diff --git a/src/system.c b/src/system.c
index 8e5aafc..bcd7e3c 100644
--- a/src/system.c
+++ b/src/system.c
@@ -80,6 +80,7 @@ int sys_chk_seccomp_syscall(void)
 	case SCMP_ARCH_PPC64LE:
 	case SCMP_ARCH_S390:
 	case SCMP_ARCH_S390X:
+	case SCMP_ARCH_RISCV64:
 		break;
 	default:
 		goto unsupported;
diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c
index 0c1eefe..2679270 100644
--- a/tests/15-basic-resolver.c
+++ b/tests/15-basic-resolver.c
@@ -45,6 +45,7 @@ unsigned int arch_list[] = {
 	SCMP_ARCH_S390X,
 	SCMP_ARCH_PARISC,
 	SCMP_ARCH_PARISC64,
+	SCMP_ARCH_RISCV64,
 	-1
 };
 
diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c
index 5413e18..0b141e1 100644
--- a/tests/16-sim-arch_basic.c
+++ b/tests/16-sim-arch_basic.c
@@ -92,6 +92,9 @@ int main(int argc, char *argv[])
 	rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE);
 	if (rc != 0)
 		goto out;
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_RISCV64);
+	if (rc != 0)
+		goto out;
 
 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
@@ -156,6 +159,9 @@ int main(int argc, char *argv[])
 	rc = seccomp_arch_remove(ctx, SCMP_ARCH_PPC64LE);
 	if (rc != 0)
 		goto out;
+	rc = seccomp_arch_remove(ctx, SCMP_ARCH_RISCV64);
+	if (rc != 0)
+		goto out;
 
 out:
 	seccomp_release(ctx);
diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py
index 7d7a05f..846553f 100755
--- a/tests/16-sim-arch_basic.py
+++ b/tests/16-sim-arch_basic.py
@@ -44,6 +44,7 @@ def test(args):
     f.add_arch(Arch("mipsel64"))
     f.add_arch(Arch("mipsel64n32"))
     f.add_arch(Arch("ppc64le"))
+    f.add_arch(Arch("riscv64"))
     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c
index 5672980..32739e5 100644
--- a/tests/23-sim-arch_all_le_basic.c
+++ b/tests/23-sim-arch_all_le_basic.c
@@ -71,6 +71,9 @@ int main(int argc, char *argv[])
 	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le"));
 	if (rc != 0)
 		goto out;
+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("riscv64"));
+	if (rc != 0)
+		goto out;
 
 	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1,
 			      SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO));
diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py
index 5927f37..33eedb1 100755
--- a/tests/23-sim-arch_all_le_basic.py
+++ b/tests/23-sim-arch_all_le_basic.py
@@ -40,6 +40,7 @@ def test(args):
     f.add_arch(Arch("mipsel64"))
     f.add_arch(Arch("mipsel64n32"))
     f.add_arch(Arch("ppc64le"))
+    f.add_arch(Arch("riscv64"))
     f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
     f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))
diff --git a/tests/regression b/tests/regression
index 56822fb..ef98c3d 100755
--- a/tests/regression
+++ b/tests/regression
@@ -25,7 +25,8 @@ GLBL_ARCH_LE_SUPPORT=" \
 	x86 x86_64 x32 \
 	arm aarch64 \
 	mipsel mipsel64 mipsel64n32 \
-	ppc64le"
+	ppc64le \
+	riscv64"
 GLBL_ARCH_BE_SUPPORT=" \
 	mips mips64 mips64n32 \
 	parisc parisc64 \
@@ -46,6 +47,7 @@ GLBL_ARCH_64B_SUPPORT=" \
 	mips64 \
 	parisc64 \
 	ppc64 \
+	riscv64 \
 	s390x"
 
 GLBL_SYS_ARCH="../tools/scmp_arch_detect"
@@ -777,7 +779,7 @@ function run_test_live() {
 
 	# setup the arch specific return values
 	case "$arch" in
-	x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x)
+	x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64)
 		rc_kill_process=159
 		rc_kill=159
 		rc_allow=160
diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c
index ad43f2d..b844a68 100644
--- a/tools/scmp_arch_detect.c
+++ b/tools/scmp_arch_detect.c
@@ -120,6 +120,9 @@ int main(int argc, char *argv[])
 		case SCMP_ARCH_S390X:
 			printf("s390x\n");
 			break;
+		case SCMP_ARCH_RISCV64:
+			printf("riscv64\n");
+			break;
 		default:
 			printf("unknown\n");
 		}
diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
index 27fba9a..5c914b4 100644
--- a/tools/scmp_bpf_disasm.c
+++ b/tools/scmp_bpf_disasm.c
@@ -508,6 +508,8 @@ int main(int argc, char *argv[])
 				arch = AUDIT_ARCH_S390;
 			else if (strcmp(optarg, "s390x") == 0)
 				arch = AUDIT_ARCH_S390X;
+			else if (strcmp(optarg, "riscv64") == 0)
+				arch = AUDIT_ARCH_RISCV64;
 			else
 				exit_usage(argv[0]);
 			break;
diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c
index 4d30822..a381314 100644
--- a/tools/scmp_bpf_sim.c
+++ b/tools/scmp_bpf_sim.c
@@ -285,6 +285,8 @@ int main(int argc, char *argv[])
 				arch = AUDIT_ARCH_S390;
 			else if (strcmp(optarg, "s390x") == 0)
 				arch = AUDIT_ARCH_S390X;
+			else if (strcmp(optarg, "riscv64") == 0)
+				arch = AUDIT_ARCH_RISCV64;
 			else
 				exit_fault(EINVAL);
 			break;
diff --git a/tools/util.c b/tools/util.c
index 7122335..741b2a2 100644
--- a/tools/util.c
+++ b/tools/util.c
@@ -78,6 +78,8 @@
 #define ARCH_NATIVE		AUDIT_ARCH_S390X
 #elif __s390__
 #define ARCH_NATIVE		AUDIT_ARCH_S390
+#elif __riscv && __riscv_xlen == 64
+#define ARCH_NATIVE		AUDIT_ARCH_RISCV64
 #else
 #error the simulator code needs to know about your machine type
 #endif
diff --git a/tools/util.h b/tools/util.h
index 08c4839..6c2ca33 100644
--- a/tools/util.h
+++ b/tools/util.h
@@ -72,6 +72,13 @@
 #define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 #endif
 
+#ifndef AUDIT_ARCH_RISCV64
+#ifndef EM_RISCV
+#define EM_RISCV		243
+#endif /* EM_RISCV */
+#define AUDIT_ARCH_RISCV64	(EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#endif /* AUDIT_ARCH_RISCV64 */
+
 extern uint32_t arch;
 
 uint16_t ttoh16(uint32_t arch, uint16_t val);