arch: Add SuperH 32-bit support

Initial support for seccomp for SuperH in Linux was added in 2.6.27-rc2, support for SECCOMP_FILTER was added for Linux 5.9. This adds support for SuperH in libseccomp, both for little-endian and big-endian mode. Signed-off-by: John Paul Adrian Glaubitz <[email protected]> Acked-by: Tom Hromatka <[email protected]> Signed-off-by: Paul Moore <[email protected]>
seccomp · Mar 9, 2021 · c12945d · c12945d · Schtiev · May 3, 2021
1 parent 83d7b02
commit c12945d
Show file tree

Hide file tree

Showing 24 changed files with 183 additions and 7 deletions.
diff --git a/CREDITS b/CREDITS
@@ -29,6 +29,7 @@ Jan Willeke <[email protected]>
 Jay Guo <[email protected]>
 Jiannan Guo <[email protected]>
 Joe MacDonald <[email protected]>
+John Paul Adrian Glaubitz <[email protected]>
 Jonah Petri <[email protected]>
 Justin Cormack <[email protected]>
 Kees Cook <[email protected]>

diff --git a/README.md b/README.md
@@ -54,6 +54,8 @@ The libseccomp library currently supports the architectures listed below:
 * 32-bit s390 (s390)
 * 64-bit s390x (s390x)
 * 64-bit RISC-V (riscv64)
+* 32-bit SuperH big endian (sheb)
+* 32-bit SuperH (sh)
 
 ## Documentation
 

diff --git a/doc/man/man1/scmp_sys_resolver.1 b/doc/man/man1/scmp_sys_resolver.1
@@ -36,7 +36,7 @@ The architecture to use for resolving the system call. Valid
 .I ARCH
 values are "x86", "x86_64", "x32", "arm", "aarch64", "mips", "mipsel", "mips64",
 "mipsel64", "mips64n32", "mipsel64n32", "parisc", "parisc64", "ppc", "ppc64",
-"ppc64le", "s390" and "s390x".
+"ppc64le", "s390", "s390x", "sheb" and "sh".
 .TP
 .B \-t
 If necessary, translate the system call name to the proper system call number,

diff --git a/include/seccomp.h.in b/include/seccomp.h.in
@@ -216,6 +216,12 @@ struct scmp_arg_cmp {
 #endif /* AUDIT_ARCH_RISCV64 */
 #define SCMP_ARCH_RISCV64 AUDIT_ARCH_RISCV64
 
+/**
+ * The SuperH architecture tokens
+ */
+#define SCMP_ARCH_SHEB AUDIT_ARCH_SH
+#define SCMP_ARCH_SH AUDIT_ARCH_SHEL /* Little-endian SH is more common than big */
+
 /**
  * Convert a syscall name into the associated syscall number
  * @param x the syscall name

diff --git a/src/Makefile.am b/src/Makefile.am
@@ -46,6 +46,7 @@ SOURCES_ALL = \
  arch-riscv64.h arch-riscv64.c \
  arch-s390.h arch-s390.c \
  arch-s390x.h arch-s390x.c \
+ arch-sh.h arch-sh.c \
  syscalls.h syscalls.c syscalls.perf.c
 
 EXTRA_DIST = \

diff --git a/src/arch-sh.c b/src/arch-sh.c
@@ -0,0 +1,42 @@
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http:https://www.gnu.org/licenses>.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <linux/audit.h>
+
+#include "arch.h"
+#include "arch-sh.h"
+
+const struct arch_def arch_def_sheb = {
+ .token = SCMP_ARCH_SHEB,
+ .token_bpf = AUDIT_ARCH_SH,
+ .size = ARCH_SIZE_32,
+ .endian = ARCH_ENDIAN_BIG,
+ .syscall_resolve_name = sh_syscall_resolve_name,
+ .syscall_resolve_num = sh_syscall_resolve_num,
+ .syscall_rewrite = NULL,
+ .rule_add = NULL,
+};
+
+const struct arch_def arch_def_sh = {
+ .token = SCMP_ARCH_SH,
+ .token_bpf = AUDIT_ARCH_SHEL,
+ .size = ARCH_SIZE_32,
+ .endian = ARCH_ENDIAN_LITTLE,
+ .syscall_resolve_name = sh_syscall_resolve_name,
+ .syscall_resolve_num = sh_syscall_resolve_num,
+ .syscall_rewrite = NULL,
+ .rule_add = NULL,
+};
diff --git a/src/arch-sh.h b/src/arch-sh.h
@@ -0,0 +1,23 @@
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http:https://www.gnu.org/licenses>.
+ */
+
+#ifndef _ARCH_SH_H
+#define _ARCH_SH_H
+
+#include "arch.h"
+
+ARCH_DECL(sheb)
+ARCH_DECL(sh)
+
+#endif
diff --git a/src/arch-syscall-check.c b/src/arch-syscall-check.c
@@ -38,6 +38,7 @@
 #include "arch-ppc64.h"
 #include "arch-s390.h"
 #include "arch-s390x.h"
+#include "arch-sh.h"
 
 /**
  * compare the syscall values
@@ -77,6 +78,7 @@ int main(int argc, char *argv[])
  int i_ppc64 = 0;
  int i_s390 = 0;
  int i_s390x = 0;
+ int i_sh = 0;
  char str_miss[256];
  const char *sys_name;
  const struct arch_syscall_def *sys;
@@ -115,6 +117,8 @@ int main(int argc, char *argv[])
  s390_syscall_iterate(i_s390));
  syscall_check(str_miss, sys_name, "s390x",
  s390x_syscall_iterate(i_s390x));
+ syscall_check(str_miss, sys_name, "sh",
+ sh_syscall_iterate(i_sh));
 
  /* output the results */
  printf("%s: ", sys_name);
@@ -151,12 +155,14 @@ int main(int argc, char *argv[])
  i_s390 = -1;
  if (!s390x_syscall_iterate(++i_s390x)->name)
  i_s390x = -1;
+ if (!sh_syscall_iterate(++i_sh)->name)
+ i_sh = -1;
  } while (i_x86_64 >= 0 && i_x32 >= 0 &&
  i_arm >= 0 && i_aarch64 >= 0 &&
  i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
  i_parisc >= 0 &&
  i_ppc >= 0 && i_ppc64 >= 0 &&
- i_s390 >= 0 && i_s390x >= 0);
+ i_s390 >= 0 && i_s390x >= 0 && i_sh >= 0);
 
  /* check for any leftovers */
  sys = x86_syscall_iterate(i_x86 + 1);
@@ -212,6 +218,10 @@ int main(int argc, char *argv[])
  printf("ERROR, s390x has additional syscalls\n");
  return 1;
  }
+ if (i_sh >= 0) {
+ printf("ERROR, sh has additional syscalls\n");
+ return 1;
+ }
 
  /* if we made it here, all is good */
  return 0;

diff --git a/src/arch-syscall-dump.c b/src/arch-syscall-dump.c
@@ -45,6 +45,7 @@
 #include "arch-riscv64.h"
 #include "arch-s390.h"
 #include "arch-s390x.h"
+#include "arch-sh.h"
 
 /**
  * Print the usage information to stderr and exit
@@ -140,6 +141,10 @@ int main(int argc, char *argv[])
  case SCMP_ARCH_S390X:
  sys = s390x_syscall_iterate(iter);
  break;
+ case SCMP_ARCH_SH:
+ case SCMP_ARCH_SHEB:
+ sys = sh_syscall_iterate(iter);
+ break;
  default:
  /* invalid arch */
  exit_usage(argv[0]);

diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate
@@ -567,6 +567,31 @@ function dump_lib_s390x() {
  dump_lib_arch s390x | mangle_lib_syscall s390x
 }
 
+#
+# Dump the sh system syscall table
+#
+# Arguments:
+# 1 path to the kernel source
+#
+# Dump the architecture's syscall table to stdout.
+#
+function dump_sys_sh() {
+ cat $1/arch/sh/kernel/syscalls/syscall.tbl | \
+ grep -v "^#" | \
+ sed -n "/[0-9]\+[ \t]\+\(common\)/p" | \
+ awk '{ print $3","$1 }' | \
+ sort
+}
+
+#
+# Dump the sh library syscall table
+#
+# Dump the library's syscall table to stdout.
+#
+function dump_lib_sh() {
+ dump_lib_arch sh | mangle_lib_syscall sh
+}
+
 #
 # Dump the system syscall table
 #
@@ -623,6 +648,9 @@ function dump_sys() {
  s390x)
  dump_sys_s390x "$2"
  ;;
+ sh)
+ dump_sys_sh "$2"
+ ;;
  *)
  echo ""
  return 1
@@ -687,6 +715,9 @@ function dump_lib() {
  s390x)
  dump_lib_s390x
  ;;
+ sh)
+ dump_lib_sh
+ ;;
  *)
  echo ""
  return 1
@@ -722,6 +753,7 @@ function gen_csv() {
  abi_list+=" ppc ppc64"
  abi_list+=" riscv64"
  abi_list+=" s390 s390x"
+ abi_list+=" sh"
 
  # get the full syscall list
  for abi in $abi_list; do
@@ -809,7 +841,8 @@ if [[ $opt_arches == "" ]]; then
  mips mips64 mips64n32 \
  parisc parisc64 \
  ppc ppc64 \
- s390 s390x"
+ s390 s390x \
+ sh"
 fi
 
 # sanity checks

diff --git a/src/arch.c b/src/arch.c
@@ -45,6 +45,7 @@
 #include "arch-riscv64.h"
 #include "arch-s390.h"
 #include "arch-s390x.h"
+#include "arch-sh.h"
 #include "db.h"
 #include "system.h"
 
@@ -98,6 +99,12 @@ const struct arch_def *arch_def_native = &arch_def_s390x;
 const struct arch_def *arch_def_native = &arch_def_s390;
 #elif __riscv && __riscv_xlen == 64
 const struct arch_def *arch_def_native = &arch_def_riscv64;
+#elif __sh__
+#ifdef __BIG_ENDIAN__
+const struct arch_def *arch_def_native = &arch_def_sheb;
+#else
+const struct arch_def *arch_def_native = &arch_def_sh;
+#endif
 #else
 #error the arch code needs to know about your machine type
 #endif /* machine type guess */
@@ -162,6 +169,10 @@ const struct arch_def *arch_def_lookup(uint32_t token)
  return &arch_def_s390x;
  case SCMP_ARCH_RISCV64:
  return &arch_def_riscv64;
+ case SCMP_ARCH_SHEB:
+ return &arch_def_sheb;
+ case SCMP_ARCH_SH:
+ return &arch_def_sh;
  }
 
  return NULL;
@@ -214,6 +225,10 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name)
  return &arch_def_s390x;
  else if (strcmp(arch_name, "riscv64") == 0)
  return &arch_def_riscv64;
+ else if (strcmp(arch_name, "sheb") == 0)
+ return &arch_def_sheb;
+ else if (strcmp(arch_name, "sh") == 0)
+ return &arch_def_sh;
 
  return NULL;
 }

diff --git a/src/gen_pfc.c b/src/gen_pfc.c
@@ -89,6 +89,10 @@ static const char *_pfc_arch(const struct arch_def *arch)
  return "s390";
  case SCMP_ARCH_RISCV64:
  return "riscv64";
+ case SCMP_ARCH_SHEB:
+ return "sheb";
+ case SCMP_ARCH_SH:
+ return "sh";
  default:
  return "UNKNOWN";
  }

diff --git a/src/syscalls.c b/src/syscalls.c
@@ -51,6 +51,7 @@ ARCH_DEF(ppc64)
 ARCH_DEF(ppc)
 ARCH_DEF(s390)
 ARCH_DEF(s390x)
+ARCH_DEF(sh)
 ARCH_DEF(x32)
 ARCH_DEF(x86)
 ARCH_DEF(riscv64)
diff --git a/src/syscalls.h b/src/syscalls.h
@@ -22,6 +22,7 @@
 #include "arch-ppc.h"
 #include "arch-s390.h"
 #include "arch-s390x.h"
+#include "arch-sh.h"
 #include "arch-x32.h"
 #include "arch-x86_64.h"
 #include "arch-x86.h"
@@ -51,6 +52,7 @@ struct arch_syscall_table {
  int riscv64;
  int s390;
  int s390x;
+ int sh;
 };
 #define OFFSET_ARCH(NAME) offsetof(struct arch_syscall_table, NAME)
 

diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c
@@ -93,6 +93,9 @@ int main(int argc, char *argv[])
  if (rc != 0)
  goto out;
  rc = seccomp_arch_add(ctx, SCMP_ARCH_RISCV64);
+ if (rc != 0)
+ goto out;
+ rc = seccomp_arch_add(ctx, SCMP_ARCH_SH);
  if (rc != 0)
  goto out;
 

diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py
@@ -45,6 +45,7 @@ def test(args):
  f.add_arch(Arch("mipsel64n32"))
  f.add_arch(Arch("ppc64le"))
  f.add_arch(Arch("riscv64"))
+ f.add_arch(Arch("sh"))
  f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
  f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
  f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))

diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c
@@ -72,6 +72,9 @@ int main(int argc, char *argv[])
  if (rc != 0)
  goto out;
  rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("riscv64"));
+ if (rc != 0)
+ goto out;
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("sh"));
  if (rc != 0)
  goto out;
 

diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py
@@ -41,6 +41,7 @@ def test(args):
  f.add_arch(Arch("mipsel64n32"))
  f.add_arch(Arch("ppc64le"))
  f.add_arch(Arch("riscv64"))
+ f.add_arch(Arch("sh"))
  f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
  f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
  f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))

diff --git a/tests/26-sim-arch_all_be_basic.c b/tests/26-sim-arch_all_be_basic.c
@@ -68,6 +68,9 @@ int main(int argc, char *argv[])
  if (rc != 0)
  goto out;
  rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("s390x"));
+ if (rc != 0)
+ goto out;
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("sheb"));
  if (rc != 0)
  goto out;
 

diff --git a/tests/26-sim-arch_all_be_basic.py b/tests/26-sim-arch_all_be_basic.py
@@ -39,6 +39,7 @@ def test(args):
  f.add_arch(Arch("ppc64"))
  f.add_arch(Arch("s390"))
  f.add_arch(Arch("s390x"))
+ f.add_arch(Arch("sheb"))
  f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()))
  f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno()))
  f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno()))