[v2] seccomp: add cacheflush to whitelist

cacheflush is an arm-specific syscall that qemu built for arm
uses. Add it to the whitelist, but only if we're linking with
a recent enough libseccomp.

Signed-off-by: Andrew Jones <drjones@redhat.com>

---
v2: only add cacheflush if libseccomp supports it

 qemu-seccomp.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

-- 
1.8.3.1

On 2 November 2015 at 17:56, Andrew Jones <drjones@redhat.com> wrote:
> cacheflush is an arm-specific syscall that qemu built for arm

> uses. Add it to the whitelist, but only if we're linking with

> a recent enough libseccomp.

>

> Signed-off-by: Andrew Jones <drjones@redhat.com>

> ---

> v2: only add cacheflush if libseccomp supports it

>

>  qemu-seccomp.c | 9 ++++++++-

>  1 file changed, 8 insertions(+), 1 deletion(-)

>

> diff --git a/qemu-seccomp.c b/qemu-seccomp.c

> index 80d034a8d5190..e76097e958779 100644

> --- a/qemu-seccomp.c

> +++ b/qemu-seccomp.c

> @@ -16,6 +16,10 @@

>  #include <seccomp.h>

>  #include "sysemu/seccomp.h"

>

> +#if SCMP_VER_MAJOR >= 2 && SCMP_VER_MINOR >= 2 && SCMP_VER_MICRO >= 3

> +#define HAVE_CACHEFLUSH

> +#endif


This will claim that a hypothetical future version 3.0.0 does not
have cacheflush...

thanks
-- PMM

On Mon, Nov 02, 2015 at 06:09:41PM +0000, Peter Maydell wrote:
> On 2 November 2015 at 17:56, Andrew Jones <drjones@redhat.com> wrote:

> > cacheflush is an arm-specific syscall that qemu built for arm

> > uses. Add it to the whitelist, but only if we're linking with

> > a recent enough libseccomp.

> >

> > Signed-off-by: Andrew Jones <drjones@redhat.com>

> > ---

> > v2: only add cacheflush if libseccomp supports it

> >

> >  qemu-seccomp.c | 9 ++++++++-

> >  1 file changed, 8 insertions(+), 1 deletion(-)

> >

> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c

> > index 80d034a8d5190..e76097e958779 100644

> > --- a/qemu-seccomp.c

> > +++ b/qemu-seccomp.c

> > @@ -16,6 +16,10 @@

> >  #include <seccomp.h>

> >  #include "sysemu/seccomp.h"

> >

> > +#if SCMP_VER_MAJOR >= 2 && SCMP_VER_MINOR >= 2 && SCMP_VER_MICRO >= 3

> > +#define HAVE_CACHEFLUSH

> > +#endif

> 

> This will claim that a hypothetical future version 3.0.0 does not

> have cacheflush...


Indeed. Sigh... In that case, how about just

#if defined(TARGET_ARM) || defined(TARGET_AARCH64)
    { SCMP_SYS(cacheflush), 240 },
#endif

Thanks,
drew

> 

> thanks

> -- PMM

>

On 2 November 2015 at 19:04, Andrew Jones <drjones@redhat.com> wrote:
> On Mon, Nov 02, 2015 at 06:09:41PM +0000, Peter Maydell wrote:

>> On 2 November 2015 at 17:56, Andrew Jones <drjones@redhat.com> wrote:

>> > cacheflush is an arm-specific syscall that qemu built for arm

>> > uses. Add it to the whitelist, but only if we're linking with

>> > a recent enough libseccomp.

>> >

>> > Signed-off-by: Andrew Jones <drjones@redhat.com>

>> > ---

>> > v2: only add cacheflush if libseccomp supports it

>> >

>> >  qemu-seccomp.c | 9 ++++++++-

>> >  1 file changed, 8 insertions(+), 1 deletion(-)

>> >

>> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c

>> > index 80d034a8d5190..e76097e958779 100644

>> > --- a/qemu-seccomp.c

>> > +++ b/qemu-seccomp.c

>> > @@ -16,6 +16,10 @@

>> >  #include <seccomp.h>

>> >  #include "sysemu/seccomp.h"

>> >

>> > +#if SCMP_VER_MAJOR >= 2 && SCMP_VER_MINOR >= 2 && SCMP_VER_MICRO >= 3

>> > +#define HAVE_CACHEFLUSH

>> > +#endif

>>

>> This will claim that a hypothetical future version 3.0.0 does not

>> have cacheflush...

>

> Indeed. Sigh... In that case, how about just

>

> #if defined(TARGET_ARM) || defined(TARGET_AARCH64)

>     { SCMP_SYS(cacheflush), 240 },

> #endif


You want to be checking based on the host architecture,
not the target architecture. Also, not doing the check based
on seccomp version means there's no hint in the code that the
ifdefs become obsolete if we raise our cross-architecture
minimum seccomp version requirement in the future, so really
a version check is better I think.

thanks
-- PMM

On Mon, Nov 02, 2015 at 08:37:15PM +0000, Peter Maydell wrote:
> On 2 November 2015 at 19:04, Andrew Jones <drjones@redhat.com> wrote:

> > On Mon, Nov 02, 2015 at 06:09:41PM +0000, Peter Maydell wrote:

> >> On 2 November 2015 at 17:56, Andrew Jones <drjones@redhat.com> wrote:

> >> > cacheflush is an arm-specific syscall that qemu built for arm

> >> > uses. Add it to the whitelist, but only if we're linking with

> >> > a recent enough libseccomp.

> >> >

> >> > Signed-off-by: Andrew Jones <drjones@redhat.com>

> >> > ---

> >> > v2: only add cacheflush if libseccomp supports it

> >> >

> >> >  qemu-seccomp.c | 9 ++++++++-

> >> >  1 file changed, 8 insertions(+), 1 deletion(-)

> >> >

> >> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c

> >> > index 80d034a8d5190..e76097e958779 100644

> >> > --- a/qemu-seccomp.c

> >> > +++ b/qemu-seccomp.c

> >> > @@ -16,6 +16,10 @@

> >> >  #include <seccomp.h>

> >> >  #include "sysemu/seccomp.h"

> >> >

> >> > +#if SCMP_VER_MAJOR >= 2 && SCMP_VER_MINOR >= 2 && SCMP_VER_MICRO >= 3

> >> > +#define HAVE_CACHEFLUSH

> >> > +#endif

> >>

> >> This will claim that a hypothetical future version 3.0.0 does not

> >> have cacheflush...

> >

> > Indeed. Sigh... In that case, how about just

> >

> > #if defined(TARGET_ARM) || defined(TARGET_AARCH64)

> >     { SCMP_SYS(cacheflush), 240 },

> > #endif

> 

> You want to be checking based on the host architecture,

> not the target architecture. Also, not doing the check based

> on seccomp version means there's no hint in the code that the

> ifdefs become obsolete if we raise our cross-architecture

> minimum seccomp version requirement in the future, so really

> a version check is better I think.


Right. OK, I'll stop flinging junk and pull a better version
check together.

Thanks,
drew

> 

> thanks

> -- PMM

>