From dd5c9c24e8ba11c9c3ee6b60c93cef64a9ad5c86 Mon Sep 17 00:00:00 2001 From: John Paul Adrian Glaubitz Date: Wed, 18 Jan 2023 12:15:44 +0100 Subject: arch: Add 32-bit Motorola 68000 support Signed-off-by: John Paul Adrian Glaubitz Acked-by: Paul Moore Signed-off-by: Tom Hromatka --- README.md | 1 + doc/man/man1/scmp_sys_resolver.1 | 4 +-- include/seccomp-syscalls.h | 21 ++++++++++++++ include/seccomp.h.in | 5 ++++ src/Makefile.am | 1 + src/arch-m68k.c | 58 +++++++++++++++++++++++++++++++++++++++ src/arch-m68k.h | 34 +++++++++++++++++++++++ src/arch-syscall-dump.c | 3 ++ src/arch-syscall-validate | 32 +++++++++++++++++++++ src/arch.c | 7 +++++ src/gen_pfc.c | 2 ++ src/python/libseccomp.pxd | 1 + src/python/seccomp.pyx | 4 +++ src/syscalls.h | 4 +++ tests/15-basic-resolver.c | 1 + tests/26-sim-arch_all_be_basic.c | 3 ++ tests/26-sim-arch_all_be_basic.py | 1 + tests/56-basic-iterate_syscalls.c | 1 + tests/regression | 4 ++- tools/scmp_arch_detect.c | 2 ++ tools/scmp_bpf_sim.c | 2 ++ tools/util.c | 2 ++ 22 files changed, 190 insertions(+), 3 deletions(-) create mode 100644 src/arch-m68k.c create mode 100644 src/arch-m68k.h diff --git a/README.md b/README.md index ccbad2f..ff7ffad 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,7 @@ The libseccomp library currently supports the architectures listed below: * 32-bit ARM EABI (arm) * 64-bit ARM (aarch64) * 64-bit LoongArch (loongarch64) +* 32-bit Motorola 68000 (m68k) * 32-bit MIPS (mips) * 32-bit MIPS little endian (mipsel) * 64-bit MIPS (mips64) diff --git a/doc/man/man1/scmp_sys_resolver.1 b/doc/man/man1/scmp_sys_resolver.1 index 37d48c1..2baa2b9 100644 --- a/doc/man/man1/scmp_sys_resolver.1 +++ b/doc/man/man1/scmp_sys_resolver.1 @@ -34,8 +34,8 @@ special manner by libseccomp depending on the operation. .B \-a \fIARCH The architecture to use for resolving the system call. Valid .I ARCH -values are "x86", "x86_64", "x32", "arm", "aarch64", "loongarch64", "mips", -"mipsel", "mips64", "mipsel64", "mips64n32", "mipsel64n32", "parisc", +values are "x86", "x86_64", "x32", "arm", "aarch64", "loongarch64", "m68k", +"mips", "mipsel", "mips64", "mipsel64", "mips64n32", "mipsel64n32", "parisc", "parisc64", "ppc", "ppc64", "ppc64le", "s390", "s390x", "sheb" and "sh". .TP .B \-t diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h index e1576d3..9488adc 100644 --- a/include/seccomp-syscalls.h +++ b/include/seccomp-syscalls.h @@ -277,6 +277,9 @@ #define __PNR_riscv_flush_icache -10243 #define __PNR_memfd_secret -10244 #define __PNR_fstat -10245 +#define __PNR_atomic_barrier -10246 +#define __PNR_atomic_cmpxchg_32 -10247 +#define __PNR_getpagesize -10248 /* * libseccomp syscall definitions @@ -354,6 +357,18 @@ #define __SNR_arch_prctl __PNR_arch_prctl #endif +#ifdef __NR_atomic_barrier +#define __SNR_atomic_barrier __NR_atomic_barrier +#else +#define __SNR_atomic_barrier __PNR_atomic_barrier +#endif + +#ifdef __NR_atomic_cmpxchg_32 +#define __SNR_atomic_cmpxchg_32 __NR_atomic_cmpxchg_32 +#else +#define __SNR_atomic_cmpxchg_32 __PNR_atomic_cmpxchg_32 +#endif + #ifdef __NR_bdflush #define __SNR_bdflush __NR_bdflush #else @@ -824,6 +839,12 @@ #define __SNR_getitimer __NR_getitimer +#ifdef __NR_getpagesize +#define __SNR_getpagesize __NR_getpagesize +#else +#define __SNR_getpagesize __PNR_getpagesize +#endif + #ifdef __NR_getpeername #define __SNR_getpeername __NR_getpeername #else diff --git a/include/seccomp.h.in b/include/seccomp.h.in index 4ab10d9..e2d7c0e 100644 --- a/include/seccomp.h.in +++ b/include/seccomp.h.in @@ -164,6 +164,11 @@ struct scmp_arg_cmp { #endif /* AUDIT_ARCH_LOONGARCH64 */ #define SCMP_ARCH_LOONGARCH64 AUDIT_ARCH_LOONGARCH64 +/** + * The Motorola 68000 architecture tokens + */ +#define SCMP_ARCH_M68K AUDIT_ARCH_M68K + /** * The MIPS architecture tokens */ diff --git a/src/Makefile.am b/src/Makefile.am index 8c39d9e..1c47087 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -33,6 +33,7 @@ SOURCES_ALL = \ arch-arm.h arch-arm.c \ arch-aarch64.h arch-aarch64.c \ arch-loongarch64.h arch-loongarch64.c \ + arch-m68k.h arch-m68k.c \ arch-mips.h arch-mips.c \ arch-mips64.h arch-mips64.c \ arch-mips64n32.h arch-mips64n32.c \ diff --git a/src/arch-m68k.c b/src/arch-m68k.c new file mode 100644 index 0000000..ab7dbc6 --- /dev/null +++ b/src/arch-m68k.c @@ -0,0 +1,58 @@ +/** + * Enhanced Seccomp m68k Specific Code + * + * Copyright (c) 2015 Freescale + * 2017-2023 John Paul Adrian Glaubitz + * Author: Bogdan Purcareata + * John Paul Adrian Glaubitz + * + * Derived from the PPC-specific code + * + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#include +#include +#include +#include + +#include "db.h" +#include "syscalls.h" +#include "arch.h" +#include "arch-m68k.h" + +/* m68k syscall numbers */ +#define __m68k_NR_socketcall 102 +#define __m68k_NR_ipc 117 + +ARCH_DEF(m68k) + +const struct arch_def arch_def_m68k = { + .token = SCMP_ARCH_M68K, + .token_bpf = AUDIT_ARCH_M68K, + .size = ARCH_SIZE_32, + .endian = ARCH_ENDIAN_BIG, + .sys_socketcall = __m68k_NR_socketcall, + .sys_ipc = __m68k_NR_ipc, + .syscall_resolve_name = abi_syscall_resolve_name_munge, + .syscall_resolve_name_raw = m68k_syscall_resolve_name, + .syscall_resolve_num = abi_syscall_resolve_num_munge, + .syscall_resolve_num_raw = m68k_syscall_resolve_num, + .syscall_rewrite = abi_syscall_rewrite, + .rule_add = abi_rule_add, + .syscall_name_kver = m68k_syscall_name_kver, + .syscall_num_kver = m68k_syscall_num_kver, +}; diff --git a/src/arch-m68k.h b/src/arch-m68k.h new file mode 100644 index 0000000..e165ab4 --- /dev/null +++ b/src/arch-m68k.h @@ -0,0 +1,34 @@ +/** + * Enhanced Seccomp m68k Specific Code + * + * Copyright (c) 2015 Freescale + * 2017-2023 John Paul Adrian Glaubitz + * Author: Bogdan Purcareata + * John Paul Adrian Glaubitz + * + * Derived from the PPC-specific code + * + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#ifndef _ARCH_M68K_H +#define _ARCH_M68K_H + +#include "arch.h" + +ARCH_DECL(m68k) + +#endif diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c index abc1680..c0acae6 100644 --- a/src/arch-syscall-dump.c +++ b/src/arch-syscall-dump.c @@ -35,6 +35,7 @@ #include "arch-x32.h" #include "arch-arm.h" #include "arch-loongarch64.h" +#include "arch-m68k.h" #include "arch-mips.h" #include "arch-mips64.h" #include "arch-mips64n32.h" @@ -110,6 +111,8 @@ int main(int argc, char *argv[]) break; case SCMP_ARCH_LOONGARCH64: sys = loongarch64_syscall_iterate(iter); + case SCMP_ARCH_M68K: + sys = m68k_syscall_iterate(iter); break; case SCMP_ARCH_MIPS: case SCMP_ARCH_MIPSEL: diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate index b2f62c6..bbe2f4a 100755 --- a/src/arch-syscall-validate +++ b/src/arch-syscall-validate @@ -348,6 +348,30 @@ function dump_lib_loongarch64() { dump_lib_arch loongarch64 | mangle_lib_syscall loongarch64 } +# Dump the m68k system syscall table +# +# Arguments: +# 1 path to the kernel source +# +# Dump the architecture's syscall table to stdout. +# +function dump_sys_m68k() { + cat $1/arch/m68k/kernel/syscalls/syscall.tbl | \ + grep -v "^#" | \ + sed -n "/[0-9]\+[ \t]\+\(common\)/p" | \ + awk '{ print $3","$1 }' | \ + sort +} + +# +# Dump the m68k library syscall table +# +# Dump the library's syscall table to stdout. +# +function dump_lib_m68k() { + dump_lib_arch m68k | mangle_lib_syscall m68k +} + # # Dump the mips system syscall table # @@ -664,6 +688,9 @@ function dump_sys() { loongarch64) dump_sys_loongarch64 "$2" ;; + m68k) + dump_sys_m68k "$2" + ;; mips) dump_sys_mips "$2" ;; @@ -734,6 +761,9 @@ function dump_lib() { loongarch64) dump_lib_loongarch64 ;; + m68k) + dump_lib_m68k + ;; mips) dump_lib_mips ;; @@ -799,6 +829,7 @@ function gen_csv() { abi_list+=" x86 x86_64 x32" abi_list+=" arm aarch64" abi_list+=" loongarch64" + abi_list+=" m68k" abi_list+=" mips mips64 mips64n32" abi_list+=" parisc parisc64" abi_list+=" ppc ppc64" @@ -911,6 +942,7 @@ if [[ $opt_arches == "" ]]; then x86 x86_64 x32 \ arm aarch64 \ loongarch64 \ + m68k \ mips mips64 mips64n32 \ parisc parisc64 \ ppc ppc64 \ diff --git a/src/arch.c b/src/arch.c index 50a2321..a3ff7ca 100644 --- a/src/arch.c +++ b/src/arch.c @@ -36,6 +36,7 @@ #include "arch-arm.h" #include "arch-aarch64.h" #include "arch-loongarch64.h" +#include "arch-m68k.h" #include "arch-mips.h" #include "arch-mips64.h" #include "arch-mips64n32.h" @@ -66,6 +67,8 @@ const struct arch_def *arch_def_native = &arch_def_arm; const struct arch_def *arch_def_native = &arch_def_aarch64; #elif __loongarch_lp64 const struct arch_def *arch_def_native = &arch_def_loongarch64; +#elif __m68k__ +const struct arch_def *arch_def_native = &arch_def_m68k; #elif __mips__ && _MIPS_SIM == _MIPS_SIM_ABI32 #if __MIPSEB__ const struct arch_def *arch_def_native = &arch_def_mips; @@ -146,6 +149,8 @@ const struct arch_def *arch_def_lookup(uint32_t token) return &arch_def_aarch64; case SCMP_ARCH_LOONGARCH64: return &arch_def_loongarch64; + case SCMP_ARCH_M68K: + return &arch_def_m68k; case SCMP_ARCH_MIPS: return &arch_def_mips; case SCMP_ARCH_MIPSEL: @@ -204,6 +209,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name) return &arch_def_aarch64; else if (strcmp(arch_name, "loongarch64") == 0) return &arch_def_loongarch64; + else if (strcmp(arch_name, "m68k") == 0) + return &arch_def_m68k; else if (strcmp(arch_name, "mips") == 0) return &arch_def_mips; else if (strcmp(arch_name, "mipsel") == 0) diff --git a/src/gen_pfc.c b/src/gen_pfc.c index 9d2dedb..62dd984 100644 --- a/src/gen_pfc.c +++ b/src/gen_pfc.c @@ -63,6 +63,8 @@ static const char *_pfc_arch(const struct arch_def *arch) return "aarch64"; case SCMP_ARCH_LOONGARCH64: return "loongarch64"; + case SCMP_ARCH_M68K: + return "m68k"; case SCMP_ARCH_MIPS: return "mips"; case SCMP_ARCH_MIPSEL: diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd index a6bd0b4..a5d6c4a 100644 --- a/src/python/libseccomp.pxd +++ b/src/python/libseccomp.pxd @@ -39,6 +39,7 @@ cdef extern from "seccomp.h": SCMP_ARCH_ARM SCMP_ARCH_AARCH64 SCMP_ARCH_LOONGARCH64 + SCMP_ARCH_M68K SCMP_ARCH_MIPS SCMP_ARCH_MIPS64 SCMP_ARCH_MIPS64N32 diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx index 9891d76..7712984 100644 --- a/src/python/seccomp.pyx +++ b/src/python/seccomp.pyx @@ -207,6 +207,7 @@ cdef class Arch: ARM - ARM AARCH64 - 64-bit ARM LOONGARCH64 - 64-bit LoongArch + M68K - 32-bit Motorola 68000 MIPS - MIPS O32 ABI MIPS64 - MIPS 64-bit ABI MIPS64N32 - MIPS N32 ABI @@ -229,6 +230,7 @@ cdef class Arch: ARM = libseccomp.SCMP_ARCH_ARM AARCH64 = libseccomp.SCMP_ARCH_AARCH64 LOONGARCH64 = libseccomp.SCMP_ARCH_LOONGARCH64 + M68K = libseccomp.SCMP_ARCH_M68K MIPS = libseccomp.SCMP_ARCH_MIPS MIPS64 = libseccomp.SCMP_ARCH_MIPS64 MIPS64N32 = libseccomp.SCMP_ARCH_MIPS64N32 @@ -268,6 +270,8 @@ cdef class Arch: self._token = libseccomp.SCMP_ARCH_AARCH64 elif arch == libseccomp.SCMP_ARCH_LOONGARCH64: self._token = libseccomp.SCMP_ARCH_LOONGARCH64 + elif arch == libseccomp.SCMP_ARCH_M68K: + self._token = libseccomp.SCMP_ARCH_M68K elif arch == libseccomp.SCMP_ARCH_MIPS: self._token = libseccomp.SCMP_ARCH_MIPS elif arch == libseccomp.SCMP_ARCH_MIPS64: diff --git a/src/syscalls.h b/src/syscalls.h index 10b2b7a..2d02ccc 100644 --- a/src/syscalls.h +++ b/src/syscalls.h @@ -16,6 +16,7 @@ #include "arch-arm.h" #include "arch.h" #include "arch-loongarch64.h" +#include "arch-m68k.h" #include "arch-mips64.h" #include "arch-mips64n32.h" #include "arch-mips.h" @@ -55,6 +56,9 @@ struct arch_syscall_table { int loongarch64; enum scmp_kver loongarch64_kver; + int m68k; + enum scmp_kver m68k_kver; + int mips; enum scmp_kver mips_kver; int mips64; diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c index bdb73f7..7e2e03f 100644 --- a/tests/15-basic-resolver.c +++ b/tests/15-basic-resolver.c @@ -33,6 +33,7 @@ unsigned int arch_list[] = { SCMP_ARCH_ARM, SCMP_ARCH_AARCH64, SCMP_ARCH_LOONGARCH64, + SCMP_ARCH_M68K, SCMP_ARCH_MIPS, SCMP_ARCH_MIPS64, SCMP_ARCH_MIPS64N32, diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c index 7db48ea..2b83f0b 100644 --- a/tests/26-sim-arch_all_be_basic.c +++ b/tests/26-sim-arch_all_be_basic.c @@ -43,6 +43,9 @@ int main(int argc, char *argv[]) if (rc != 0) goto out; + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("m68k")); + if (rc != 0) + goto out; rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips")); if (rc != 0) goto out; diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py index b0e5f5a..2afa93a 100755 --- a/tests/26-sim-arch_all_be_basic.py +++ b/tests/26-sim-arch_all_be_basic.py @@ -30,6 +30,7 @@ from seccomp import * def test(args): f = SyscallFilter(KILL) f.remove_arch(Arch()) + f.add_arch(Arch("m68k")) f.add_arch(Arch("mips")) f.add_arch(Arch("mips64")) f.add_arch(Arch("mips64n32")) diff --git a/tests/56-basic-iterate_syscalls.c b/tests/56-basic-iterate_syscalls.c index b514afa..d5cf746 100644 --- a/tests/56-basic-iterate_syscalls.c +++ b/tests/56-basic-iterate_syscalls.c @@ -34,6 +34,7 @@ unsigned int arch_list[] = { SCMP_ARCH_ARM, SCMP_ARCH_AARCH64, SCMP_ARCH_LOONGARCH64, + SCMP_ARCH_M68K, SCMP_ARCH_MIPS, SCMP_ARCH_MIPS64, SCMP_ARCH_MIPS64N32, diff --git a/tests/regression b/tests/regression index 32463c0..a1be57d 100755 --- a/tests/regression +++ b/tests/regression @@ -30,6 +30,7 @@ GLBL_ARCH_LE_SUPPORT=" \ riscv64 \ sh" GLBL_ARCH_BE_SUPPORT=" \ + m68k \ mips mips64 mips64n32 \ parisc parisc64 \ ppc ppc64 \ @@ -39,6 +40,7 @@ GLBL_ARCH_BE_SUPPORT=" \ GLBL_ARCH_32B_SUPPORT=" \ x86 x32 \ arm \ + m68k \ mips mipsel mips64n32 mipsel64n32 \ parisc \ ppc \ @@ -803,7 +805,7 @@ function run_test_live() { # setup the arch specific return values case "$arch" in - x86|x86_64|x32|arm|aarch64|loongarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64|sh|sheb) + x86|x86_64|x32|arm|aarch64|loongarch64|m68k|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64|sh|sheb) rc_kill_process=159 rc_kill=159 rc_allow=160 diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c index c23cf7f..dcf33ad 100644 --- a/tools/scmp_arch_detect.c +++ b/tools/scmp_arch_detect.c @@ -83,6 +83,8 @@ int main(int argc, char *argv[]) break; case SCMP_ARCH_LOONGARCH64: printf("loongarch64\n"); + case SCMP_ARCH_M68K: + printf("m68k\n"); break; case SCMP_ARCH_MIPS: printf("mips\n"); diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c index 7d31d79..46e449e 100644 --- a/tools/scmp_bpf_sim.c +++ b/tools/scmp_bpf_sim.c @@ -261,6 +261,8 @@ int main(int argc, char *argv[]) arch = AUDIT_ARCH_AARCH64; else if (strcmp(optarg, "loongarch64") == 0) arch = AUDIT_ARCH_LOONGARCH64; + else if (strcmp(optarg, "m68k") == 0) + arch = AUDIT_ARCH_M68K; else if (strcmp(optarg, "mips") == 0) arch = AUDIT_ARCH_MIPS; else if (strcmp(optarg, "mipsel") == 0) diff --git a/tools/util.c b/tools/util.c index f67dea7..1e39c79 100644 --- a/tools/util.c +++ b/tools/util.c @@ -46,6 +46,8 @@ #define ARCH_NATIVE AUDIT_ARCH_AARCH64 #elif __loongarch_lp64 #define ARCH_NATIVE AUDIT_ARCH_LOONGARCH64 +#elif __m68k__ +#define ARCH_NATIVE AUDIT_ARCH_M68K #elif __mips__ && _MIPS_SIM == _MIPS_SIM_ABI32 #if __MIPSEB__ #define ARCH_NATIVE AUDIT_ARCH_MIPS -- cgit v1.2.1