From 344e6b62fceea0f5fac1f1efcff7e0ccf4a4e3c8 Mon Sep 17 00:00:00 2001 From: Sam James Date: Sun, 24 Apr 2022 02:55:41 +0100 Subject: seccomp: add PARISC (HPPA support) We have to skip the W^X protections as we need executable memory on PARISC for now. Kernel work is in progress (started w/ 5.18). Closes: https://github.com/systemd/systemd/issues/23180 --- src/shared/seccomp-util.c | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) (limited to 'src/shared/seccomp-util.c') diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 0996ca6625..882547d655 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -80,6 +80,11 @@ uint32_t seccomp_local_archs[] = { SCMP_ARCH_MIPSEL64, SCMP_ARCH_MIPS64N32, SCMP_ARCH_MIPSEL64N32, /* native */ +#elif defined(__hppa64__) && defined(SCMP_ARCH_PARISC) && defined(SCMP_ARCH_PARISC64) + SCMP_ARCH_PARISC, + SCMP_ARCH_PARISC64, /* native */ +#elif defined(__hppa__) && defined(SCMP_ARCH_PARISC) + SCMP_ARCH_PARISC, #elif defined(__powerpc64__) && __BYTE_ORDER == __BIG_ENDIAN SCMP_ARCH_PPC, SCMP_ARCH_PPC64LE, @@ -132,6 +137,14 @@ const char* seccomp_arch_to_string(uint32_t c) { return "mips64-le"; case SCMP_ARCH_MIPSEL64N32: return "mips64-le-n32"; +#ifdef SCMP_ARCH_PARISC + case SCMP_ARCH_PARISC: + return "parisc"; +#endif +#ifdef SCMP_ARCH_PARISC64 + case SCMP_ARCH_PARISC64: + return "parisc64"; +#endif case SCMP_ARCH_PPC: return "ppc"; case SCMP_ARCH_PPC64: @@ -181,6 +194,14 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) { *ret = SCMP_ARCH_MIPSEL64; else if (streq(n, "mips64-le-n32")) *ret = SCMP_ARCH_MIPSEL64N32; +#ifdef SCMP_ARCH_PARISC + else if (streq(n, "parisc")) + *ret = SCMP_ARCH_PARISC; +#endif +#ifdef SCMP_ARCH_PARISC64 + else if (streq(n, "parisc64")) + *ret = SCMP_ARCH_PARISC64; +#endif else if (streq(n, "ppc")) *ret = SCMP_ARCH_PPC; else if (streq(n, "ppc64")) @@ -1443,6 +1464,12 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) { case SCMP_ARCH_X86: case SCMP_ARCH_MIPSEL: case SCMP_ARCH_MIPS: +#ifdef SCMP_ARCH_PARISC + case SCMP_ARCH_PARISC: +#endif +#ifdef SCMP_ARCH_PARISC64 + case SCMP_ARCH_PARISC64: +#endif case SCMP_ARCH_PPC: case SCMP_ARCH_PPC64: case SCMP_ARCH_PPC64LE: @@ -1693,7 +1720,11 @@ int seccomp_memory_deny_write_execute(void) { /* Note that on some architectures shmat() isn't available, and the call is multiplexed through ipc(). * We ignore that here, which means there's still a way to get writable/executable - * memory, if an IPC key is mapped like this. That's a pity, but no total loss. */ + * memory, if an IPC key is mapped like this. That's a pity, but no total loss. + * + * Also, PARISC isn't here right now because it still needs executable memory, but work is in progress + * on that front (kernel work done in 5.18). + */ case SCMP_ARCH_X86: case SCMP_ARCH_S390: @@ -1727,7 +1758,7 @@ int seccomp_memory_deny_write_execute(void) { /* Please add more definitions here, if you port systemd to other architectures! */ -#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__) && !(defined(__riscv) && __riscv_xlen == 64) +#if !defined(__i386__) && !defined(__x86_64__) && !defined(__hppa__) && !defined(__hppa64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__) && !(defined(__riscv) && __riscv_xlen == 64) #warning "Consider adding the right mmap() syscall definitions here!" #endif } -- cgit v1.2.3