Libseccomp: RFE: add RISC-V support
From @rwmjones:
RISC-V is an open source, free ISA developed at UCB since 2010 (https://riscv.org/).
We have one older PR from @rwmjones in #50 which added libseccomp support before the kernel support was in place (Fall 2016).
We have a more recent PR from @Icenowy in #108 which adds libseccomp support, although the kernel support is still unknown (February 2018).
This issue is designed to track notes and progress across PRs.
pcmoore
All 28 comments
@pcmoore Kernel support is upstream in 4.15.0. (More drivers are needed to boot, they are expected in 4.17, but 4.15 has the complete uapi)
sorear
on 20 Feb 2018
@sorear I think it's okay to just comment once in the other PR for things like the above.
... and for my future self, it doesn't appear that v4.16-rc2+ has the necessary HAVE_ARCH_SECCOMP_FILTER support for RISC-V.
pcmoore
on 21 Feb 2018
Quick update, kernel support is still missing in Linus' tree:
# grep "HAVE_ARCH_SECCOMP_FILTER" $(find arch/*/ -type f)
arch/arm/Kconfig: select HAVE_ARCH_SECCOMP_FILTER if (AEABI && !OABI_COMPAT)
arch/arm/kernel/ptrace.c:#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
arch/arm64/Kconfig: select HAVE_ARCH_SECCOMP_FILTER
arch/mips/Kconfig: select HAVE_ARCH_SECCOMP_FILTER
arch/parisc/Kconfig: select HAVE_ARCH_SECCOMP_FILTER
arch/powerpc/Kconfig: select HAVE_ARCH_SECCOMP_FILTER
arch/s390/Kconfig: select HAVE_ARCH_SECCOMP_FILTER
arch/um/Kconfig.common: select HAVE_ARCH_SECCOMP_FILTER
arch/x86/Kconfig: select HAVE_ARCH_SECCOMP_FILTER
I pushed a prototype commit to our development risc-v kernel branch here: https://github.com/riscv/riscv-linux/commit/0712587b63964272397ed34864130912d2a87020
I'm not really sure how to test it, though.
terpstra
on 17 Apr 2018
Hi @terpstra
If you haven't already been in touch with @kees you might want to talk with him as he maintains the seccomp code in the kernel. As far as testing is concerned, libseccomp has a few "live" tests (cd tests; ./regression -T live) which exercise the seccomp code in the kernel; there is also samples/seccomp in the kernel sources, but I don't have any direct experience with those.
pcmoore
on 17 Apr 2018
I think, there is a 3rd patch in openSUSE: https://build.opensuse.org/package/view_file/openSUSE:Factory:RISCV/libseccomp/riscv.patch?expand=1
but it's missing __NR_riscv_flush_icache.
davidlt
on 25 May 2018
The latest libseccomp PR: https://github.com/seccomp/libseccomp/pull/134
pcmoore
on 6 Dec 2018
Hi @terpstra, have the patch https://github.com/riscv/riscv-linux/commit/0712587b63964272397ed34864130912d2a87020 merged into the Mainline Kernel? Any idea on a timeline for it? Maybe @palmer-dabbelt can help-out on this.
carlosedp
on 5 Jun 2019
I have offloaded all the linux driver stuff I wrote for the U540 to Paul
and Palmer. I am no longer in the loop on upstreaming.
On Wed, Jun 5, 2019 at 12:53 PM Carlos Eduardo notifications@github.com
wrote:
Hi @terpstra https://github.com/terpstra, have the patch
riscv/riscv-linux@0712587
https://github.com/riscv/riscv-linux/commit/0712587b63964272397ed34864130912d2a87020
merged into the Mainline Kernel? Any idea on a timeline for it? Maybe
@palmer-dabbelt https://github.com/palmer-dabbelt can help-out on this.—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/seccomp/libseccomp/issues/110?email_source=notifications&email_token=AAIM7CU2KQFCLUTSCO2VYILPZAKUXA5CNFSM4ERS6NOKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXA2PKY#issuecomment-499230635,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAIM7CXIDCVBETFXJLBRY73PZAKUXANCNFSM4ERS6NOA
.
terpstra
on 5 Jun 2019
I have sent out seccomp v1 patches in few months ago (I think), which was passing libseccomp testsuite and kernel selftests. I need to find time to retest on the latest kernel to send out v2. libseccomp patch is here: https://github.com/seccomp/libseccomp/pull/134
@carlosedp how fast do you need it?
davidlt
on 7 Jun 2019
I wouldn't worry about it until the kernel patch has landed in Linus' tree, but PR #134 looks like it needs a forward port to the current libseccomp master branch.
I haven't looked at RISC-V in some time, is there any reasonably priced and reasonably performing RISC-V hardware for development/testing that will run a standard-ish distro?
pcmoore
on 7 Jun 2019
@davidlt I've pulled and applied the PR134 patch and it tests perfectly even without Kernel patches. It would be great to gave libseccomp to open up building other dependencies. I'm already running Docker locally built with this.
@pcmoore On the hardware side, only the SiFive Unleashed board that is pricy. There is a Qemu VM I packed with Debian (but also there is a Fedora rootfs that I could pack). It can be used for development.
I'm tracking the dependencies on https://github.com/carlosedp/riscv-bringup
carlosedp
on 7 Jun 2019
Actually I just retested with with the Tip with PR134. I got 6 failed tests.
Results can be seen on https://gist.github.com/carlosedp/7e1e222e5ccb4b45faa357dd6b30ac9a
carlosedp
on 7 Jun 2019
Hmm, that's odd. According to the test output it appears that test 46 is failing with ENOMEM, which is a bit unusual (see tools/scmp_bpf_sim.c). I'm rather busy at the moment, and don't have a RISC-V VM handy to test this, but if you need some pointers on how to debug this don't hesitate to ask.
pcmoore
on 7 Jun 2019
I have both a Qemu VM and a Risc-V board. My current Kernel does not have seccomp patches applied. If you have tips on how I can help, I'm glad to!
Otherwise if you want a RiscV Qemu VM, I put together a pack on https://github.com/carlosedp/riscv-bringup#virtual-machine-and-pre-built-docker.
carlosedp
on 7 Jun 2019
@davidlt any update on the RISC-V kernel support?
pcmoore
on 11 Nov 2019
https://lkml.org/lkml/2019/10/14/811
It seems to have been fully reviewed, but the final patch lost between two developers.
rwmjones
on 12 Nov 2019
The patch was sent to Linus for 5.4 kernel, but he didn't want to pull it so far into RCs. The patch will land in 5.5 merge window.
davidlt
on 12 Nov 2019
Note that the patch is already in linux-next, if that matters.
aurel32
on 12 Nov 2019
That's good news, thanks everyone! Since it looks like we are a few weeks away from seeing this in Linus' tree I'm going to go ahead and mark this for the libseccomp v2.5 milestone.
Does someone want to volunteer to refresh/test/resubmit the PR once the merge window closes?
pcmoore
on 12 Nov 2019
I will send a new version of PR once libseccomp lands in Linus's tree.
davidlt
on 13 Nov 2019
Great, thanks @davidlt.
pcmoore
on 13 Nov 2019
seccomp support just landed in Linus's tree:
aurel32
on 27 Nov 2019
I will wait until "[GIT PULL] seccomp updates for v5.5-rc1" is also merged. There is one small RISC-V patch there.
davidlt
on 28 Nov 2019
Thanks all. We've still got a number of things on the TODO list for the v2.5 release so I think we have some time.
pcmoore
on 28 Nov 2019
Quick update. I started updating Fedora/RISCV to 5.5-rc2 and there is a number of issues. I might have found one issue created by SECCOMP in kernel and working on fixing that first. This issues wasn't showed by libseccomp test suite or kernel seccomp self tests.
davidlt
on 17 Dec 2019
Thanks for the update. FWIW, the libseccomp tests don't aggressively test the kernel, they are focused more on the library side (running code through a BPF simulator).
pcmoore
on 17 Dec 2019
This should be resolved via #197, closing.
pcmoore
on 24 Feb 2020
Related issues
pcmoore
·
10Comments
mvo5
·
18Comments
cgwalters
·
14Comments
pcmoore
·
20Comments
oxr463
·
4Comments
Most helpful comment
I will wait until "[GIT PULL] seccomp updates for v5.5-rc1" is also merged. There is one small RISC-V patch there.