[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] seccomp: add cacheflush to whitelist
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH v2] seccomp: add cacheflush to whitelist |
Date: |
Mon, 2 Nov 2015 20:37:15 +0000 |
On 2 November 2015 at 19:04, Andrew Jones <address@hidden> wrote:
> On Mon, Nov 02, 2015 at 06:09:41PM +0000, Peter Maydell wrote:
>> On 2 November 2015 at 17:56, Andrew Jones <address@hidden> wrote:
>> > cacheflush is an arm-specific syscall that qemu built for arm
>> > uses. Add it to the whitelist, but only if we're linking with
>> > a recent enough libseccomp.
>> >
>> > Signed-off-by: Andrew Jones <address@hidden>
>> > ---
>> > v2: only add cacheflush if libseccomp supports it
>> >
>> > qemu-seccomp.c | 9 ++++++++-
>> > 1 file changed, 8 insertions(+), 1 deletion(-)
>> >
>> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>> > index 80d034a8d5190..e76097e958779 100644
>> > --- a/qemu-seccomp.c
>> > +++ b/qemu-seccomp.c
>> > @@ -16,6 +16,10 @@
>> > #include <seccomp.h>
>> > #include "sysemu/seccomp.h"
>> >
>> > +#if SCMP_VER_MAJOR >= 2 && SCMP_VER_MINOR >= 2 && SCMP_VER_MICRO >= 3
>> > +#define HAVE_CACHEFLUSH
>> > +#endif
>>
>> This will claim that a hypothetical future version 3.0.0 does not
>> have cacheflush...
>
> Indeed. Sigh... In that case, how about just
>
> #if defined(TARGET_ARM) || defined(TARGET_AARCH64)
> { SCMP_SYS(cacheflush), 240 },
> #endif
You want to be checking based on the host architecture,
not the target architecture. Also, not doing the check based
on seccomp version means there's no hint in the code that the
ifdefs become obsolete if we raise our cross-architecture
minimum seccomp version requirement in the future, so really
a version check is better I think.
thanks
-- PMM