diff --git a/backport-bpf-pfc-Add-handling-for-0-syscalls-in-the-binary-tr.patch b/backport-bpf-pfc-Add-handling-for-0-syscalls-in-the-binary-tr.patch deleted file mode 100644 index e26abde..0000000 --- a/backport-bpf-pfc-Add-handling-for-0-syscalls-in-the-binary-tr.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 2de3b87122c18b58b3e2b32ab2e81ac43774a7aa Mon Sep 17 00:00:00 2001 -From: Tom Hromatka -Date: Wed, 16 Mar 2022 11:19:14 -0600 -Subject: [PATCH] bpf: pfc: Add handling for 0 syscalls in the binary tree - -Handle the unlikely case where a user has chosen the -binary tree optimization but has zero syscalls in their -filter. - -Fixes: https://github.com/seccomp/libseccomp/issues/370 -Fixes: a3732b32b8e67 ("bpf:pfc: Add optimization option to use a binary tree") -Signed-off-by: Tom Hromatka -Acked-by: Paul Moore ---- - src/gen_bpf.c | 3 +++ - src/gen_pfc.c | 3 +++ - 2 files changed, 6 insertions(+) - -diff --git a/src/gen_bpf.c b/src/gen_bpf.c -index c878f44..7131761 100644 ---- a/src/gen_bpf.c -+++ b/src/gen_bpf.c -@@ -1348,6 +1348,9 @@ static int _get_bintree_levels(unsigned int syscall_cnt) - { - unsigned int i = 2, max_level = SYSCALLS_PER_NODE * 2; - -+ if (syscall_cnt == 0) -+ return 0; -+ - while (max_level < syscall_cnt) { - max_level <<= 1; - i++; -diff --git a/src/gen_pfc.c b/src/gen_pfc.c -index c7fb536..4916055 100644 ---- a/src/gen_pfc.c -+++ b/src/gen_pfc.c -@@ -275,6 +275,9 @@ static int _get_bintree_levels(unsigned int syscall_cnt, - /* Only use a binary tree if requested */ - return 0; - -+ if (syscall_cnt == 0) -+ return 0; -+ - do { - max_level = SYSCALLS_PER_NODE << i; - i++; --- -2.27.0 - diff --git a/backport-tests-Add-a-binary-tree-test-with-zero-syscalls.patch b/backport-tests-Add-a-binary-tree-test-with-zero-syscalls.patch deleted file mode 100644 index 510fa56..0000000 --- a/backport-tests-Add-a-binary-tree-test-with-zero-syscalls.patch +++ /dev/null @@ -1,187 +0,0 @@ -From 5731dd9f73df9025b2c8924e2f4ce78a7d94af00 Mon Sep 17 00:00:00 2001 -From: Tom Hromatka -Date: Wed, 16 Mar 2022 11:24:40 -0600 -Subject: [PATCH] tests: Add a binary tree test with zero syscalls - -Add a test that exercises the binary tree optimization but -the seccomp filter has zero syscalls in it. - -Related-bug: https://github.com/seccomp/libseccomp/issues/370 -Signed-off-by: Tom Hromatka -Acked-by: Paul Moore ---- - tests/59-basic-empty_binary_tree.c | 54 ++++++++++++++++++++++++++ - tests/59-basic-empty_binary_tree.py | 41 +++++++++++++++++++ - tests/59-basic-empty_binary_tree.tests | 16 ++++++++ - tests/Makefile.am | 9 +++-- - 4 files changed, 117 insertions(+), 3 deletions(-) - create mode 100644 tests/59-basic-empty_binary_tree.c - create mode 100755 tests/59-basic-empty_binary_tree.py - create mode 100644 tests/59-basic-empty_binary_tree.tests - -diff --git a/tests/59-basic-empty_binary_tree.c b/tests/59-basic-empty_binary_tree.c -new file mode 100644 -index 0000000..6b6485e ---- /dev/null -+++ b/tests/59-basic-empty_binary_tree.c -@@ -0,0 +1,54 @@ -+/** -+ * Seccomp Library test program -+ * -+ * Copyright (c) 2018-2020 Oracle and/or its affiliates. -+ * Author: Tom Hromatka -+ */ -+ -+/* -+ * This library is free software; you can redistribute it and/or modify it -+ * under the terms of version 2.1 of the GNU Lesser General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This library is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+ * for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, see . -+ */ -+ -+#include -+#include -+ -+#include -+ -+#include "util.h" -+ -+int main(int argc, char *argv[]) -+{ -+ int rc; -+ struct util_options opts; -+ scmp_filter_ctx ctx = NULL; -+ -+ rc = util_getopt(argc, argv, &opts); -+ if (rc < 0) -+ goto out; -+ -+ ctx = seccomp_init(SCMP_ACT_ALLOW); -+ if (ctx == NULL) -+ return ENOMEM; -+ -+ rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_OPTIMIZE, 2); -+ if (rc < 0) -+ goto out; -+ -+ rc = util_filter_output(&opts, ctx); -+ if (rc) -+ goto out; -+ -+out: -+ seccomp_release(ctx); -+ return (rc < 0 ? -rc : rc); -+} -diff --git a/tests/59-basic-empty_binary_tree.py b/tests/59-basic-empty_binary_tree.py -new file mode 100755 -index 0000000..5acbbd4 ---- /dev/null -+++ b/tests/59-basic-empty_binary_tree.py -@@ -0,0 +1,41 @@ -+#!/usr/bin/env python -+ -+# -+# Seccomp Library test program -+# -+# Copyright (c) 2022 Oracle and/or its affiliates. -+# Author: Tom Hromatka -+# -+ -+# -+# This library is free software; you can redistribute it and/or modify it -+# under the terms of version 2.1 of the GNU Lesser General Public License as -+# published by the Free Software Foundation. -+# -+# This library is distributed in the hope that it will be useful, but WITHOUT -+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License -+# for more details. -+# -+# You should have received a copy of the GNU Lesser General Public License -+# along with this library; if not, see . -+# -+ -+import argparse -+import sys -+ -+import util -+ -+from seccomp import * -+ -+def test(args): -+ f = SyscallFilter(ALLOW) -+ f.set_attr(Attr.CTL_OPTIMIZE, 2) -+ return f -+ -+args = util.get_opt() -+ctx = test(args) -+util.filter_output(args, ctx) -+ -+# kate: syntax python; -+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off; -diff --git a/tests/59-basic-empty_binary_tree.tests b/tests/59-basic-empty_binary_tree.tests -new file mode 100644 -index 0000000..ff6dbc3 ---- /dev/null -+++ b/tests/59-basic-empty_binary_tree.tests -@@ -0,0 +1,16 @@ -+# -+# libseccomp regression test automation data -+# -+# Copyright (c) 2022 Oracle and/or its affiliates. -+# Author: Tom Hromatka -+# -+ -+test type: bpf-sim -+ -+# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -+59-basic-empty_binary_tree all,-x32 0-350 N N N N N N ALLOW -+ -+test type: bpf-valgrind -+ -+# Testname -+59-basic-empty_binary_tree -diff --git a/tests/Makefile.am b/tests/Makefile.am -index b39ee06..f0a1f8e 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -93,7 +93,8 @@ check_PROGRAMS = \ - 55-basic-pfc_binary_tree \ - 56-basic-iterate_syscalls \ - 57-basic-rawsysrc \ -- 58-live-tsync_notify -+ 58-live-tsync_notify \ -+ 59-basic-empty_binary_tree - - EXTRA_DIST_TESTPYTHON = \ - util.py \ -@@ -152,7 +153,8 @@ EXTRA_DIST_TESTPYTHON = \ - 54-live-binary_tree.py \ - 56-basic-iterate_syscalls.py \ - 57-basic-rawsysrc.py \ -- 58-live-tsync_notify.py -+ 58-live-tsync_notify.py \ -+ 59-basic-empty_binary_tree.py - - EXTRA_DIST_TESTCFGS = \ - 01-sim-allow.tests \ -@@ -212,7 +214,8 @@ EXTRA_DIST_TESTCFGS = \ - 55-basic-pfc_binary_tree.tests \ - 56-basic-iterate_syscalls.tests \ - 57-basic-rawsysrc.tests \ -- 58-live-tsync_notify.tests -+ 58-live-tsync_notify.tests \ -+ 59-basic-empty_binary_tree.tests - - EXTRA_DIST_TESTSCRIPTS = \ - 38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc \ --- -2.27.0 - diff --git a/libseccomp-2.5.3.tar.gz b/libseccomp-2.5.3.tar.gz deleted file mode 100644 index b56a085..0000000 Binary files a/libseccomp-2.5.3.tar.gz and /dev/null differ diff --git a/libseccomp-2.5.4.tar.gz b/libseccomp-2.5.4.tar.gz new file mode 100644 index 0000000..d5d74c0 Binary files /dev/null and b/libseccomp-2.5.4.tar.gz differ diff --git a/libseccomp.spec b/libseccomp.spec index f851ea7..7aad9d2 100644 --- a/libseccomp.spec +++ b/libseccomp.spec @@ -1,13 +1,11 @@ Name: libseccomp -Version: 2.5.3 -Release: 3 +Version: 2.5.4 +Release: 1 Summary: Interface to the syscall filtering mechanism License: LGPLv2 URL: https://github.com/seccomp/libseccomp Source0: https://github.com/seccomp/libseccomp/releases/download/v%{version}/%{name}-%{version}.tar.gz -Patch0: backport-bpf-pfc-Add-handling-for-0-syscalls-in-the-binary-tr.patch -Patch1: backport-tests-Add-a-binary-tree-test-with-zero-syscalls.patch Patch2: backport-arch-disambiguate-in-arch-syscall-validate.patch BuildRequires: gcc gperf autoconf automake @@ -72,6 +70,9 @@ make check %{_mandir}/man*/* %changelog +* Sat Jan 28 2023 shixuantong - 2.5.4-1 +- upgrade version to 2.5.4 + * Mon Nov 14 2022 shixuantong - 2.5.3-3 - arch: disambiguate in arch-syscall-validate