From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46674)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1ZtLrE-0007Q9-Gp
	for qemu-devel@nongnu.org; Mon, 02 Nov 2015 15:37:37 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1ZtLrD-0004Hx-L5
	for qemu-devel@nongnu.org; Mon, 02 Nov 2015 15:37:36 -0500
Received: from mail-vk0-x235.google.com ([2607:f8b0:400c:c05::235]:34220)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1ZtLrD-0004Ht-E0
	for qemu-devel@nongnu.org; Mon, 02 Nov 2015 15:37:35 -0500
Received: by vkgs66 with SMTP id s66so92970502vkg.1
	for <qemu-devel@nongnu.org>; Mon, 02 Nov 2015 12:37:35 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <20151102190435.GB5279@hawk.localdomain>
References: <1446212690-7656-2-git-send-email-eduardo.otubo@profitbricks.com>
	<1446486994-29913-1-git-send-email-drjones@redhat.com>
	<CAFEAcA8Hqq1ZBQnJ-EBx9GHSoibMs-DecBX_r4MOUEhMQmhZnQ@mail.gmail.com>
	<20151102190435.GB5279@hawk.localdomain>
From: Peter Maydell <peter.maydell@linaro.org>
Date: Mon, 2 Nov 2015 20:37:15 +0000
Message-ID: <CAFEAcA92_j+=htFaqBTcMud4BuDEW1cUy-w_AaUUF4yGCUAqVQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [Qemu-devel] [PATCH v2] seccomp: add cacheflush to whitelist
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Andrew Jones <drjones@redhat.com>
Cc: QEMU Developers <qemu-devel@nongnu.org>, Eduardo Otubo <eduardo.otubo@profitbricks.com>

On 2 November 2015 at 19:04, Andrew Jones <drjones@redhat.com> wrote:
> On Mon, Nov 02, 2015 at 06:09:41PM +0000, Peter Maydell wrote:
>> On 2 November 2015 at 17:56, Andrew Jones <drjones@redhat.com> wrote:
>> > cacheflush is an arm-specific syscall that qemu built for arm
>> > uses. Add it to the whitelist, but only if we're linking with
>> > a recent enough libseccomp.
>> >
>> > Signed-off-by: Andrew Jones <drjones@redhat.com>
>> > ---
>> > v2: only add cacheflush if libseccomp supports it
>> >
>> >  qemu-seccomp.c | 9 ++++++++-
>> >  1 file changed, 8 insertions(+), 1 deletion(-)
>> >
>> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>> > index 80d034a8d5190..e76097e958779 100644
>> > --- a/qemu-seccomp.c
>> > +++ b/qemu-seccomp.c
>> > @@ -16,6 +16,10 @@
>> >  #include <seccomp.h>
>> >  #include "sysemu/seccomp.h"
>> >
>> > +#if SCMP_VER_MAJOR >= 2 && SCMP_VER_MINOR >= 2 && SCMP_VER_MICRO >= 3
>> > +#define HAVE_CACHEFLUSH
>> > +#endif
>>
>> This will claim that a hypothetical future version 3.0.0 does not
>> have cacheflush...
>
> Indeed. Sigh... In that case, how about just
>
> #if defined(TARGET_ARM) || defined(TARGET_AARCH64)
>     { SCMP_SYS(cacheflush), 240 },
> #endif

You want to be checking based on the host architecture,
not the target architecture. Also, not doing the check based
on seccomp version means there's no hint in the code that the
ifdefs become obsolete if we raise our cross-architecture
minimum seccomp version requirement in the future, so really
a version check is better I think.

thanks
-- PMM