From: Peter Maydell <peter.maydell@linaro.org>
To: Andrew Jones <drjones@redhat.com>
Cc: QEMU Developers <qemu-devel@nongnu.org>,
Eduardo Otubo <eduardo.otubo@profitbricks.com>
Subject: Re: [Qemu-devel] [PATCH v2] seccomp: add cacheflush to whitelist
Date: Mon, 2 Nov 2015 20:37:15 +0000 [thread overview]
Message-ID: <CAFEAcA92_j+=htFaqBTcMud4BuDEW1cUy-w_AaUUF4yGCUAqVQ@mail.gmail.com> (raw)
In-Reply-To: <20151102190435.GB5279@hawk.localdomain>
On 2 November 2015 at 19:04, Andrew Jones <drjones@redhat.com> wrote:
> On Mon, Nov 02, 2015 at 06:09:41PM +0000, Peter Maydell wrote:
>> On 2 November 2015 at 17:56, Andrew Jones <drjones@redhat.com> wrote:
>> > cacheflush is an arm-specific syscall that qemu built for arm
>> > uses. Add it to the whitelist, but only if we're linking with
>> > a recent enough libseccomp.
>> >
>> > Signed-off-by: Andrew Jones <drjones@redhat.com>
>> > ---
>> > v2: only add cacheflush if libseccomp supports it
>> >
>> > qemu-seccomp.c | 9 ++++++++-
>> > 1 file changed, 8 insertions(+), 1 deletion(-)
>> >
>> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>> > index 80d034a8d5190..e76097e958779 100644
>> > --- a/qemu-seccomp.c
>> > +++ b/qemu-seccomp.c
>> > @@ -16,6 +16,10 @@
>> > #include <seccomp.h>
>> > #include "sysemu/seccomp.h"
>> >
>> > +#if SCMP_VER_MAJOR >= 2 && SCMP_VER_MINOR >= 2 && SCMP_VER_MICRO >= 3
>> > +#define HAVE_CACHEFLUSH
>> > +#endif
>>
>> This will claim that a hypothetical future version 3.0.0 does not
>> have cacheflush...
>
> Indeed. Sigh... In that case, how about just
>
> #if defined(TARGET_ARM) || defined(TARGET_AARCH64)
> { SCMP_SYS(cacheflush), 240 },
> #endif
You want to be checking based on the host architecture,
not the target architecture. Also, not doing the check based
on seccomp version means there's no hint in the code that the
ifdefs become obsolete if we raise our cross-architecture
minimum seccomp version requirement in the future, so really
a version check is better I think.
thanks
-- PMM
next prev parent reply other threads:[~2015-11-02 20:37 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-30 13:44 [Qemu-devel] [PULL 00/05] seccomp branch queue Eduardo Otubo
2015-10-30 13:44 ` [Qemu-devel] [PULL 01/05] seccomp: add cacheflush to whitelist Eduardo Otubo
2015-11-02 17:56 ` [Qemu-devel] [PATCH v2] " Andrew Jones
2015-11-02 18:09 ` Peter Maydell
2015-11-02 19:04 ` Andrew Jones
2015-11-02 20:37 ` Peter Maydell [this message]
2015-11-02 22:18 ` Andrew Jones
2015-11-02 22:53 ` [Qemu-devel] [PATCH v3] " Andrew Jones
2015-11-09 21:47 ` Andrew Jones
2015-11-11 8:23 ` Eduardo Otubo
2015-10-30 13:44 ` [Qemu-devel] [PULL 02/05] configure: arm/aarch64: allow enable-seccomp Eduardo Otubo
2015-10-30 13:44 ` [Qemu-devel] [PULL 03/05] seccomp: add madvise, shmget, and shmctl to whitelist Eduardo Otubo
2015-10-30 13:44 ` [Qemu-devel] [PULL 04/05] seccomp: add setuid, setgid, chroot and setgroups " Eduardo Otubo
2015-11-02 7:51 ` Paolo Bonzini
2015-11-11 8:25 ` Eduardo Otubo
2015-10-30 13:44 ` [Qemu-devel] [PULL 05/05] seccomp: loosen library version dependency Eduardo Otubo
2015-10-30 16:30 ` [Qemu-devel] [PULL 00/05] seccomp branch queue Peter Maydell
2015-10-30 18:35 ` Andrew Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFEAcA92_j+=htFaqBTcMud4BuDEW1cUy-w_AaUUF4yGCUAqVQ@mail.gmail.com' \
--to=peter.maydell@linaro.org \
--cc=drjones@redhat.com \
--cc=eduardo.otubo@profitbricks.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).