mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-30 22:03:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

seccomp: add PARISC (HPPA support)

Browse Source 
We have to skip the W^X protections as we need executable
memory on PARISC for now. Kernel work is in progress (started
w/ 5.18).

Closes: https://github.com/systemd/systemd/issues/23180
This commit is contained in:
Sam James 2022-04-24 02:55:41 +01:00
parent d40de37edd
commit 344e6b62fc
2 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/shared/seccomp-util.c
View File

@ -80,6 +80,11 @@ uint32_t seccomp_local_archs[] = {
SCMP_ARCH_MIPSEL64,
SCMP_ARCH_MIPS64N32,
SCMP_ARCH_MIPSEL64N32, /* native */
#elif defined(__hppa64__) && defined(SCMP_ARCH_PARISC) && defined(SCMP_ARCH_PARISC64)
SCMP_ARCH_PARISC,
SCMP_ARCH_PARISC64, /* native */
#elif defined(__hppa__) && defined(SCMP_ARCH_PARISC)
SCMP_ARCH_PARISC,
#elif defined(__powerpc64__) && __BYTE_ORDER == __BIG_ENDIAN
SCMP_ARCH_PPC,
SCMP_ARCH_PPC64LE,
@ -132,6 +137,14 @@ const char* seccomp_arch_to_string(uint32_t c) {
return "mips64-le";
case SCMP_ARCH_MIPSEL64N32:
return "mips64-le-n32";
#ifdef SCMP_ARCH_PARISC
case SCMP_ARCH_PARISC:
return "parisc";
#endif
#ifdef SCMP_ARCH_PARISC64
case SCMP_ARCH_PARISC64:
return "parisc64";
#endif
case SCMP_ARCH_PPC:
return "ppc";
case SCMP_ARCH_PPC64:
@ -181,6 +194,14 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) {
*ret = SCMP_ARCH_MIPSEL64;
else if (streq(n, "mips64-le-n32"))
*ret = SCMP_ARCH_MIPSEL64N32;
#ifdef SCMP_ARCH_PARISC
else if (streq(n, "parisc"))
*ret = SCMP_ARCH_PARISC;
#endif
#ifdef SCMP_ARCH_PARISC64
else if (streq(n, "parisc64"))
*ret = SCMP_ARCH_PARISC64;
#endif
else if (streq(n, "ppc"))
*ret = SCMP_ARCH_PPC;
else if (streq(n, "ppc64"))
@ -1443,6 +1464,12 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
case SCMP_ARCH_X86:
case SCMP_ARCH_MIPSEL:
case SCMP_ARCH_MIPS:
#ifdef SCMP_ARCH_PARISC
case SCMP_ARCH_PARISC:
#endif
#ifdef SCMP_ARCH_PARISC64
case SCMP_ARCH_PARISC64:
#endif
case SCMP_ARCH_PPC:
case SCMP_ARCH_PPC64:
case SCMP_ARCH_PPC64LE:
@ -1693,7 +1720,11 @@ int seccomp_memory_deny_write_execute(void) {
/* Note that on some architectures shmat() isn't available, and the call is multiplexed through ipc().
* We ignore that here, which means there's still a way to get writable/executable
* memory, if an IPC key is mapped like this. That's a pity, but no total loss. */
* memory, if an IPC key is mapped like this. That's a pity, but no total loss.
*
* Also, PARISC isn't here right now because it still needs executable memory, but work is in progress
* on that front (kernel work done in 5.18).
*/
case SCMP_ARCH_X86:
case SCMP_ARCH_S390:
@ -1727,7 +1758,7 @@ int seccomp_memory_deny_write_execute(void) {
/* Please add more definitions here, if you port systemd to other architectures! */
#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__) && !(defined(__riscv) && __riscv_xlen == 64)
#if !defined(__i386__) && !defined(__x86_64__) && !defined(__hppa__) && !defined(__hppa64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__) && !(defined(__riscv) && __riscv_xlen == 64)
#warning "Consider adding the right mmap() syscall definitions here!"
#endif
}

2
src/test/test-seccomp.c
View File

@ -132,6 +132,8 @@ TEST(architecture_table) {
"mips-le\0"
"mips64-le\0"
"mips64-le-n32\0"
"parisc\0"
"parisc64\0"
"ppc\0"
"ppc64\0"
"ppc64-le\0"