Re: [PATCH v2] riscv: add support for SECCOMP and SECCOMP_FILTER
From: David Abdurachmanov
Date: Wed Aug 28 2019 - 17:38:15 EST
On Wed, Aug 28, 2019 at 10:36 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> On Thu, Aug 22, 2019 at 01:55:22PM -0700, David Abdurachmanov wrote:
> > This patch was extensively tested on Fedora/RISCV (applied by default on
> > top of 5.2-rc7 kernel for <2 months). The patch was also tested with 5.3-rc
> > on QEMU and SiFive Unleashed board.
>
> Oops, I see the mention of QEMU here. Where's the best place to find
> instructions on creating a qemu riscv image/environment?
Examples from what I personally use:
https://github.com/riscv/meta-riscv
https://fedoraproject.org/wiki/Architectures/RISC-V/Installing#Boot_with_libvirt
(might be outdated)
If you are running machine with a properly working libvirt/QEMU setup:
VIRTBUILDER_IMAGE=fedora-rawhide-developer-20190703n0
FIRMWARE=fw_payload-uboot-qemu-virt-smode.elf
wget https://dl.fedoraproject.org/pub/alt/risc-v/disk-images/fedora/rawhide/20190703.n.0/Developer/$FIRMWARE
echo riscv > /tmp/rootpw
virt-builder \
--verbose \
--source https://dl.fedoraproject.org/pub/alt/risc-v/repo/virt-builder-images/images/index
\
--no-check-signature \
--arch riscv64 \
--size 10G \
--format raw \
--hostname fedora-riscv \
-o disk \
--root-password file:/tmp/rootpw \
${VIRTBUILDER_IMAGE}
sudo virt-install \
--name fedora-riscv \
--arch riscv64 \
--vcpus 4 \
--memory 3048 \
--import \
--disk path=$PWD/disk \
--boot kernel=$PWD/${FIRMWARE} \
--network network=default \
--graphics none \
--serial log.file=/tmp/fedora-riscv.serial.log \
--noautoconsole
The following does incl. SECCOMP v2 patch on top of 5.2-rc7 kernel.
>
> > There is one failing kernel selftest: global.user_notification_signal
>
> This test has been fragile (and is not arch-specific), so as long as
> everything else is passing, I would call this patch ready to go. :)
>
> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
>
> --
> Kees Cook