diff options
Diffstat (limited to 'www-client/chromium/files/05riscv-sandbox.patch')
| -rw-r--r-- | www-client/chromium/files/05riscv-sandbox.patch | 1995 |
1 files changed, 1995 insertions, 0 deletions
diff --git a/www-client/chromium/files/05riscv-sandbox.patch b/www-client/chromium/files/05riscv-sandbox.patch new file mode 100644 index 0000000..eb14a7d --- /dev/null +++ b/www-client/chromium/files/05riscv-sandbox.patch @@ -0,0 +1,1995 @@ +From 50538ec46b4ef930fedf96aa8d5519f678240dfa Mon Sep 17 00:00:00 2001 +From: kxxt <rsworktech@outlook.com> +Date: Sat, 12 Aug 2023 08:34:05 +0800 +Subject: [PATCH] upgpatch: fix sandbox for chromium + +--- + sandbox/features.gni | 3 +- + sandbox/linux/bpf_dsl/linux_syscall_ranges.h | 7 + + sandbox/linux/bpf_dsl/seccomp_macros.h | 40 + + .../seccomp-bpf-helpers/baseline_policy.cc | 11 +- + .../syscall_parameters_restrictions.cc | 3 +- + .../linux/seccomp-bpf-helpers/syscall_sets.cc | 69 +- + .../linux/seccomp-bpf-helpers/syscall_sets.h | 14 +- + sandbox/linux/seccomp-bpf/syscall.cc | 36 +- + sandbox/linux/services/credentials.cc | 2 +- + sandbox/linux/services/syscall_wrappers.cc | 2 +- + .../linux/syscall_broker/broker_process.cc | 20 +- + sandbox/linux/system_headers/linux_seccomp.h | 8 + + sandbox/linux/system_headers/linux_signal.h | 2 +- + sandbox/linux/system_headers/linux_stat.h | 2 +- + sandbox/linux/system_headers/linux_syscalls.h | 4 + + .../system_headers/riscv64_linux_syscalls.h | 1222 +++++++++++++++++ + .../linux/bpf_cros_amd_gpu_policy_linux.cc | 2 +- + sandbox/policy/linux/bpf_gpu_policy_linux.cc | 2 +- + .../policy/linux/bpf_network_policy_linux.cc | 2 +- + 19 files changed, 1397 insertions(+), 54 deletions(-) + create mode 100644 sandbox/linux/system_headers/riscv64_linux_syscalls.h + +diff --git a/sandbox/features.gni b/sandbox/features.gni +index 8434144118b49..8aa52983f78f8 100644 +--- a/sandbox/features.gni ++++ b/sandbox/features.gni +@@ -9,7 +9,8 @@ + use_seccomp_bpf = (is_linux || is_chromeos || is_android) && + (current_cpu == "x86" || current_cpu == "x64" || + current_cpu == "arm" || current_cpu == "arm64" || +- current_cpu == "mipsel" || current_cpu == "mips64el") ++ current_cpu == "mipsel" || current_cpu == "mips64el" || ++ current_cpu == "riscv64") + + # SSBD (Speculative Store Bypass Disable) is a mitigation of Spectre Variant 4. + # As Spectre Variant 4 can be mitigated by site isolation, opt-out SSBD on site +diff --git a/sandbox/linux/bpf_dsl/linux_syscall_ranges.h b/sandbox/linux/bpf_dsl/linux_syscall_ranges.h +index 1d0590b7dd6ce..b722fbc95ee3e 100644 +--- a/sandbox/linux/bpf_dsl/linux_syscall_ranges.h ++++ b/sandbox/linux/bpf_dsl/linux_syscall_ranges.h +@@ -56,6 +56,13 @@ + #define MAX_PUBLIC_SYSCALL __NR_syscalls + #define MAX_SYSCALL MAX_PUBLIC_SYSCALL + ++#elif defined(__riscv) ++ ++#include <asm/unistd.h> ++#define MIN_SYSCALL 0u ++#define MAX_PUBLIC_SYSCALL __NR_syscalls ++#define MAX_SYSCALL MAX_PUBLIC_SYSCALL ++ + #else + #error "Unsupported architecture" + #endif +diff --git a/sandbox/linux/bpf_dsl/seccomp_macros.h b/sandbox/linux/bpf_dsl/seccomp_macros.h +index 87d5825aa3ddb..cc9b89ba3714a 100644 +--- a/sandbox/linux/bpf_dsl/seccomp_macros.h ++++ b/sandbox/linux/bpf_dsl/seccomp_macros.h +@@ -343,6 +343,46 @@ struct regs_struct { + #define SECCOMP_PT_PARM4(_regs) (_regs).regs[3] + #define SECCOMP_PT_PARM5(_regs) (_regs).regs[4] + #define SECCOMP_PT_PARM6(_regs) (_regs).regs[5] ++ ++#elif defined(__riscv) ++struct regs_struct { ++ unsigned long regs[32]; ++}; ++ ++#define SECCOMP_ARCH AUDIT_ARCH_RISCV64 ++ ++#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.__gregs[_reg]) ++ ++#define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, REG_A0) ++#define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, REG_A0+7) ++#define SECCOMP_IP(_ctx) (_ctx)->uc_mcontext.__gregs[REG_PC] ++#define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, REG_A0) ++#define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, REG_A0+1) ++#define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, REG_A0+2) ++#define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, REG_A0+3) ++#define SECCOMP_PARM5(_ctx) SECCOMP_REG(_ctx, REG_A0+4) ++#define SECCOMP_PARM6(_ctx) SECCOMP_REG(_ctx, REG_A0+5) ++ ++#define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr)) ++#define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch)) ++#define SECCOMP_IP_MSB_IDX \ ++ (offsetof(struct arch_seccomp_data, instruction_pointer) + 4) ++#define SECCOMP_IP_LSB_IDX \ ++ (offsetof(struct arch_seccomp_data, instruction_pointer) + 0) ++#define SECCOMP_ARG_MSB_IDX(nr) \ ++ (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 4) ++#define SECCOMP_ARG_LSB_IDX(nr) \ ++ (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 0) ++ ++#define SECCOMP_PT_RESULT(_regs) (_regs).regs[REG_A0] ++#define SECCOMP_PT_SYSCALL(_regs) (_regs).regs[REG_A0+7] ++#define SECCOMP_PT_IP(_regs) (_regs).regs[REG_PC] ++#define SECCOMP_PT_PARM1(_regs) (_regs).regs[REG_A0] ++#define SECCOMP_PT_PARM2(_regs) (_regs).regs[REG_A0+1] ++#define SECCOMP_PT_PARM3(_regs) (_regs).regs[REG_A0+2] ++#define SECCOMP_PT_PARM4(_regs) (_regs).regs[REG_A0+3] ++#define SECCOMP_PT_PARM5(_regs) (_regs).regs[REG_A0+4] ++#define SECCOMP_PT_PARM6(_regs) (_regs).regs[REG_A0+5] + #else + #error Unsupported target platform + +diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +index 7bde501115bdf..b92ab3901acd8 100644 +--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +@@ -59,6 +59,9 @@ bool IsBaselinePolicyAllowed(int sysno) { + #endif + #if defined(__mips__) + SyscallSets::IsMipsPrivate(sysno) || ++#endif ++#if defined(__riscv) ++ SyscallSets::IsRiscvPrivate(sysno) || + #endif + SyscallSets::IsAllowedOperationOnFd(sysno); + // clang-format on +@@ -193,7 +196,7 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, + return RestrictFcntlCommands(); + #endif + +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + // fork() is never used as a system call (clone() is used instead), but we + // have seen it in fallback code on Android. + if (sysno == __NR_fork) { +@@ -255,7 +258,7 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, + } + + #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + if (sysno == __NR_mmap) + return RestrictMmapFlags(); + #endif +@@ -276,7 +279,7 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, + return RestrictPrctl(); + + #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + if (sysno == __NR_socketpair) { + // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen. + static_assert(AF_UNIX == PF_UNIX, +@@ -366,7 +369,7 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, + // Allow creating pipes, but don't allow weird flags to pipe2(). + // O_NOTIFICATION_PIPE (== O_EXCL) can be used to create + // "notification pipes", which are rarely used. +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + if (sysno == __NR_pipe) { + return Allow(); + } +diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc +index 026e86bd85bec..ebb72ddcd5f67 100644 +--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc +@@ -37,6 +37,7 @@ + + #if (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_LACROS)) && \ + !defined(__arm__) && !defined(__aarch64__) && \ ++ !defined(__riscv) && \ + !defined(PTRACE_GET_THREAD_AREA) + // Also include asm/ptrace-abi.h since ptrace.h in older libc (for instance + // the one in Ubuntu 16.04 LTS) is missing PTRACE_GET_THREAD_AREA. +@@ -449,7 +450,7 @@ ResultExpr RestrictPtrace() { + #endif + return Switch(request) + .Cases({ +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + PTRACE_GETREGS, PTRACE_GETFPREGS, PTRACE_GET_THREAD_AREA, + PTRACE_GETREGSET, + #endif +diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +index 27ea264070dcd..8fc2d3c354adb 100644 +--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc ++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +@@ -103,7 +103,7 @@ bool SyscallSets::IsUmask(int sysno) { + // Both EPERM and ENOENT are valid errno unless otherwise noted in comment. + bool SyscallSets::IsFileSystem(int sysno) { + switch (sysno) { +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_access: // EPERM not a valid errno. + case __NR_chmod: + case __NR_chown: +@@ -136,7 +136,7 @@ bool SyscallSets::IsFileSystem(int sysno) { + case __NR_faccessat2: + case __NR_fchmodat: + case __NR_fchownat: // Should be called chownat ? +-#if defined(__x86_64__) || defined(__aarch64__) ++#if defined(__x86_64__) || defined(__aarch64__) || defined(__riscv) + case __NR_newfstatat: // fstatat(). EPERM not a valid errno. + #elif defined(__i386__) || defined(__arm__) || \ + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) +@@ -241,7 +241,7 @@ bool SyscallSets::IsAllowedFileSystemAccessViaFd(int sysno) { + case __NR_oldfstat: + #endif + #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + case __NR_sync_file_range: // EPERM not a valid errno. + #elif defined(__arm__) + case __NR_arm_sync_file_range: // EPERM not a valid errno. +@@ -260,7 +260,7 @@ bool SyscallSets::IsDeniedFileSystemAccessViaFd(int sysno) { + #if defined(__i386__) || defined(__arm__) + case __NR_fchown32: + #endif +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_getdents: // EPERM not a valid errno. + #endif + case __NR_getdents64: // EPERM not a valid errno. +@@ -339,7 +339,7 @@ bool SyscallSets::IsProcessPrivilegeChange(int sysno) { + bool SyscallSets::IsProcessGroupOrSession(int sysno) { + switch (sysno) { + case __NR_setpgid: +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_getpgrp: + #endif + case __NR_setsid: +@@ -373,7 +373,7 @@ bool SyscallSets::IsAllowedSignalHandling(int sysno) { + case __NR_rt_sigqueueinfo: + case __NR_rt_sigsuspend: + case __NR_rt_tgsigqueueinfo: +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_signalfd: + #endif + case __NR_signalfd4: +@@ -397,12 +397,12 @@ bool SyscallSets::IsAllowedOperationOnFd(int sysno) { + switch (sysno) { + case __NR_close: + case __NR_dup: +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_dup2: + #endif + case __NR_dup3: + #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + case __NR_shutdown: + #endif + return true; +@@ -441,7 +441,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { + return true; + case __NR_clone: // Should be parameter-restricted. + case __NR_setns: // Privileged. +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_fork: + #endif + #if defined(__i386__) || defined(__x86_64__) +@@ -452,7 +452,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { + #endif + case __NR_set_tid_address: + case __NR_unshare: +-#if !defined(__mips__) && !defined(__aarch64__) ++#if !defined(__mips__) && !defined(__aarch64__) && !defined(__riscv) + case __NR_vfork: + #endif + default: +@@ -477,7 +477,7 @@ bool SyscallSets::IsAllowedFutex(int sysno) { + + bool SyscallSets::IsAllowedEpoll(int sysno) { + switch (sysno) { +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_epoll_create: + case __NR_epoll_wait: + #endif +@@ -499,7 +499,7 @@ bool SyscallSets::IsAllowedEpoll(int sysno) { + bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) { + switch (sysno) { + #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + case __NR_accept: + case __NR_accept4: + case __NR_bind: +@@ -553,7 +553,7 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) { + case __NR_mincore: + case __NR_mlockall: + #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + case __NR_mmap: + #endif + #if defined(__i386__) || defined(__arm__) || \ +@@ -586,7 +586,7 @@ bool SyscallSets::IsAllowedGeneralIo(int sysno) { + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + case __NR__llseek: + #endif +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_poll: + #endif + case __NR_ppoll: +@@ -607,7 +607,7 @@ bool SyscallSets::IsAllowedGeneralIo(int sysno) { + case __NR_recv: + #endif + #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + case __NR_recvfrom: // Could specify source. + case __NR_recvmsg: // Could specify source. + #endif +@@ -622,7 +622,7 @@ bool SyscallSets::IsAllowedGeneralIo(int sysno) { + case __NR_send: + #endif + #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + case __NR_sendmsg: // Could specify destination. + case __NR_sendto: // Could specify destination. + #endif +@@ -671,7 +671,7 @@ bool SyscallSets::IsSeccomp(int sysno) { + bool SyscallSets::IsAllowedBasicScheduler(int sysno) { + switch (sysno) { + case __NR_sched_yield: +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_pause: + #endif + case __NR_nanosleep: +@@ -755,7 +755,7 @@ bool SyscallSets::IsNuma(int sysno) { + case __NR_getcpu: + case __NR_mbind: + #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + case __NR_migrate_pages: + #endif + case __NR_move_pages: +@@ -790,7 +790,7 @@ bool SyscallSets::IsGlobalProcessEnvironment(int sysno) { + switch (sysno) { + case __NR_acct: // Privileged. + #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + case __NR_getrlimit: + #endif + #if defined(__i386__) || defined(__arm__) +@@ -825,7 +825,7 @@ bool SyscallSets::IsDebug(int sysno) { + + bool SyscallSets::IsGlobalSystemStatus(int sysno) { + switch (sysno) { +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR__sysctl: + case __NR_sysfs: + #endif +@@ -843,7 +843,7 @@ bool SyscallSets::IsGlobalSystemStatus(int sysno) { + + bool SyscallSets::IsEventFd(int sysno) { + switch (sysno) { +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_eventfd: + #endif + case __NR_eventfd2: +@@ -895,7 +895,8 @@ bool SyscallSets::IsKeyManagement(int sysno) { + } + + #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ +- (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) ++ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \ ++ defined(__riscv) + bool SyscallSets::IsSystemVSemaphores(int sysno) { + switch (sysno) { + case __NR_semctl: +@@ -915,7 +916,8 @@ bool SyscallSets::IsSystemVSemaphores(int sysno) { + + #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \ + defined(__aarch64__) || \ +- (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) ++ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \ ++ defined(__riscv) + // These give a lot of ambient authority and bypass the setuid sandbox. + bool SyscallSets::IsSystemVSharedMemory(int sysno) { + switch (sysno) { +@@ -931,7 +933,8 @@ bool SyscallSets::IsSystemVSharedMemory(int sysno) { + #endif + + #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ +- (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) ++ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \ ++ defined(__riscv) + bool SyscallSets::IsSystemVMessageQueue(int sysno) { + switch (sysno) { + case __NR_msgctl: +@@ -962,7 +965,8 @@ bool SyscallSets::IsSystemVIpc(int sysno) { + + bool SyscallSets::IsAnySystemV(int sysno) { + #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ +- (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) ++ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \ ++ defined(__riscv) + return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) || + IsSystemVSharedMemory(sysno); + #elif defined(__i386__) || \ +@@ -999,7 +1003,7 @@ bool SyscallSets::IsAdvancedScheduler(int sysno) { + bool SyscallSets::IsInotify(int sysno) { + switch (sysno) { + case __NR_inotify_add_watch: +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_inotify_init: + #endif + case __NR_inotify_init1: +@@ -1137,7 +1141,7 @@ bool SyscallSets::IsMisc(int sysno) { + #if defined(__x86_64__) + case __NR_tuxcall: + #endif +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_vserver: + #endif + return true; +@@ -1196,6 +1200,17 @@ bool SyscallSets::IsMipsMisc(int sysno) { + } + #endif // defined(__mips__) + ++#if defined(__riscv) ++bool SyscallSets::IsRiscvPrivate(int sysno) { ++ switch (sysno) { ++ case __NR_riscv_flush_icache: ++ return true; ++ default: ++ return false; ++ } ++} ++#endif // defined(__riscv) ++ + bool SyscallSets::IsGoogle3Threading(int sysno) { + switch (sysno) { + case __NR_getitimer: +diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h +index 9be7b03ec4377..41b3605dce15d 100644 +--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h ++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h +@@ -52,7 +52,7 @@ class SANDBOX_EXPORT SyscallSets { + #endif + + #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + static bool IsNetworkSocketInformation(int sysno); + #endif + +@@ -79,18 +79,21 @@ class SANDBOX_EXPORT SyscallSets { + static bool IsAsyncIo(int sysno); + static bool IsKeyManagement(int sysno); + #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ +- (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) ++ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \ ++ defined(__riscv) + static bool IsSystemVSemaphores(int sysno); + #endif + #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \ + defined(__aarch64__) || \ +- (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) ++ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \ ++ defined(__riscv) + // These give a lot of ambient authority and bypass the setuid sandbox. + static bool IsSystemVSharedMemory(int sysno); + #endif + + #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ +- (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) ++ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \ ++ defined(__riscv) + static bool IsSystemVMessageQueue(int sysno); + #endif + +@@ -117,6 +120,9 @@ class SANDBOX_EXPORT SyscallSets { + static bool IsMipsPrivate(int sysno); + static bool IsMipsMisc(int sysno); + #endif // defined(__mips__) ++#if defined(__riscv) ++ static bool IsRiscvPrivate(int sysno); ++#endif + static bool IsGoogle3Threading(int sysno); + }; + +diff --git a/sandbox/linux/seccomp-bpf/syscall.cc b/sandbox/linux/seccomp-bpf/syscall.cc +index 02cbb047c1558..57da8c1754f46 100644 +--- a/sandbox/linux/seccomp-bpf/syscall.cc ++++ b/sandbox/linux/seccomp-bpf/syscall.cc +@@ -18,7 +18,7 @@ namespace sandbox { + namespace { + + #if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \ +- defined(ARCH_CPU_MIPS_FAMILY) ++ defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_RISCV_FAMILY) + // Number that's not currently used by any Linux kernel ABIs. + const int kInvalidSyscallNumber = 0x351d3; + #else +@@ -308,6 +308,28 @@ asm(// We need to be able to tell the kernel exactly where we made a + "2:ret\n" + ".cfi_endproc\n" + ".size SyscallAsm, .-SyscallAsm\n" ++#elif defined(__riscv) ++ ".text\n" ++ ".align 2\n" ++ ".type SyscallAsm, %function\n" ++ "SyscallAsm:\n" ++ ".cfi_startproc\n" ++ "bgez a0,1f\n" ++ "la a0,2f\n" ++ "j 2f\n" ++ "1:mv a7, a0\n" ++ "ld a0, (t0)\n" ++ "ld a1, 8(t0)\n" ++ "ld a2, 16(t0)\n" ++ "ld a3, 24(t0)\n" ++ "ld a4, 32(t0)\n" ++ "ld a5, 40(t0)\n" ++ "ld a6, 48(t0)\n" ++ // Enter the kernel ++ "scall\n" ++ "2:ret\n" ++ ".cfi_endproc\n" ++ ".size SyscallAsm, .-SyscallAsm\n" + #endif + ); // asm + +@@ -425,6 +447,18 @@ intptr_t Syscall::Call(int nr, + ret = inout; + } + ++#elif defined(__riscv) ++ intptr_t ret; ++ { ++ register intptr_t inout __asm__("a0") = nr; ++ register const intptr_t* data __asm__("t0") = args; ++ asm volatile("jal SyscallAsm\n" ++ : "=r"(inout) ++ : "0"(inout), "r"(data) ++ : "memory", "a1", "a2", "a3", "a4", "a5", "a6", "a7"); ++ ret = inout; ++ } ++ + #else + #error "Unimplemented architecture" + #endif +diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc +index e284c59d239ae..5b5346a2778bc 100644 +--- a/sandbox/linux/services/credentials.cc ++++ b/sandbox/linux/services/credentials.cc +@@ -80,7 +80,7 @@ bool ChrootToSafeEmptyDir() { + pid_t pid = -1; + alignas(16) char stack_buf[PTHREAD_STACK_MIN]; + #if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \ +- defined(ARCH_CPU_MIPS_FAMILY) ++ defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_RISCV_FAMILY) + // The stack grows downward. + void* stack = stack_buf + sizeof(stack_buf); + #else +diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc +index 7650e983b3802..bb4bd33236381 100644 +--- a/sandbox/linux/services/syscall_wrappers.cc ++++ b/sandbox/linux/services/syscall_wrappers.cc +@@ -61,7 +61,7 @@ long sys_clone(unsigned long flags, + #if defined(ARCH_CPU_X86_64) + return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls); + #elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \ +- defined(ARCH_CPU_MIPS_FAMILY) ++ defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_RISCV_FAMILY) + // CONFIG_CLONE_BACKWARDS defined. + return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid); + #endif +diff --git a/sandbox/linux/syscall_broker/broker_process.cc b/sandbox/linux/syscall_broker/broker_process.cc +index a55b548a8ec75..39279b947828e 100644 +--- a/sandbox/linux/syscall_broker/broker_process.cc ++++ b/sandbox/linux/syscall_broker/broker_process.cc +@@ -122,44 +122,46 @@ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const { + // and are default disabled in Android. So, we should refuse to broker them + // to be consistent with the platform's restrictions. + switch (sysno) { +-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) ++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv) + case __NR_access: + #endif + case __NR_faccessat: + case __NR_faccessat2: + return !fast_check || policy_->allowed_command_set.test(COMMAND_ACCESS); + +-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) ++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv) + case __NR_mkdir: + #endif + case __NR_mkdirat: + return !fast_check || policy_->allowed_command_set.test(COMMAND_MKDIR); + +-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) ++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv) + case __NR_open: + #endif + case __NR_openat: + return !fast_check || policy_->allowed_command_set.test(COMMAND_OPEN); + +-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) ++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv) + case __NR_readlink: + #endif + case __NR_readlinkat: + return !fast_check || policy_->allowed_command_set.test(COMMAND_READLINK); + +-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) ++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv) + case __NR_rename: + #endif ++#ifdef __NR_renameat + case __NR_renameat: ++#endif + case __NR_renameat2: + return !fast_check || policy_->allowed_command_set.test(COMMAND_RENAME); + +-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) ++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv) + case __NR_rmdir: + return !fast_check || policy_->allowed_command_set.test(COMMAND_RMDIR); + #endif + +-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) ++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv) + case __NR_stat: + case __NR_lstat: + #endif +@@ -169,7 +171,7 @@ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const { + #if defined(__NR_fstatat64) + case __NR_fstatat64: + #endif +-#if defined(__x86_64__) || defined(__aarch64__) ++#if defined(__x86_64__) || defined(__aarch64__) || defined(__riscv) + case __NR_newfstatat: + #endif + return !fast_check || policy_->allowed_command_set.test(COMMAND_STAT); +@@ -184,7 +186,7 @@ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const { + return !fast_check || policy_->allowed_command_set.test(COMMAND_STAT); + #endif + +-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) ++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv) + case __NR_unlink: + return !fast_check || policy_->allowed_command_set.test(COMMAND_UNLINK); + #endif +diff --git a/sandbox/linux/system_headers/linux_seccomp.h b/sandbox/linux/system_headers/linux_seccomp.h +index 8690a96eb01b1..dec2afc744985 100644 +--- a/sandbox/linux/system_headers/linux_seccomp.h ++++ b/sandbox/linux/system_headers/linux_seccomp.h +@@ -39,6 +39,10 @@ + #define EM_AARCH64 183 + #endif + ++#ifndef EM_RISCV ++#define EM_RISCV 243 ++#endif ++ + #ifndef __AUDIT_ARCH_64BIT + #define __AUDIT_ARCH_64BIT 0x80000000 + #endif +@@ -71,6 +75,10 @@ + #define AUDIT_ARCH_AARCH64 (EM_AARCH64 | __AUDIT_ARCH_64BIT | __AUDIT_ARCH_LE) + #endif + ++#ifndef AUDIT_ARCH_RISCV64 ++#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif ++ + // For prctl.h + #ifndef PR_SET_SECCOMP + #define PR_SET_SECCOMP 22 +diff --git a/sandbox/linux/system_headers/linux_signal.h b/sandbox/linux/system_headers/linux_signal.h +index 69ccaf1081578..2ffe30973cd32 100644 +--- a/sandbox/linux/system_headers/linux_signal.h ++++ b/sandbox/linux/system_headers/linux_signal.h +@@ -13,7 +13,7 @@ + // (not undefined, but defined different values and in different memory + // layouts). So, fill the gap here. + #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \ +- defined(__aarch64__) ++ defined(__aarch64__) || defined(__riscv) + + #define LINUX_SIGHUP 1 + #define LINUX_SIGINT 2 +diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h +index 3aae8cbced775..74977adb53caf 100644 +--- a/sandbox/linux/system_headers/linux_stat.h ++++ b/sandbox/linux/system_headers/linux_stat.h +@@ -150,7 +150,7 @@ struct kernel_stat { + int st_blocks; + int st_pad4[14]; + }; +-#elif defined(__aarch64__) ++#elif defined(__aarch64__) || defined(__riscv) + struct kernel_stat { + unsigned long st_dev; + unsigned long st_ino; +diff --git a/sandbox/linux/system_headers/linux_syscalls.h b/sandbox/linux/system_headers/linux_syscalls.h +index 438147b4018b6..d6de8c1cb2340 100644 +--- a/sandbox/linux/system_headers/linux_syscalls.h ++++ b/sandbox/linux/system_headers/linux_syscalls.h +@@ -35,5 +35,9 @@ + #include "sandbox/linux/system_headers/arm64_linux_syscalls.h" + #endif + ++#if defined(__riscv) && __riscv_xlen == 64 ++#include "sandbox/linux/system_headers/riscv64_linux_syscalls.h" ++#endif ++ + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_ + +diff --git a/sandbox/linux/system_headers/riscv64_linux_syscalls.h b/sandbox/linux/system_headers/riscv64_linux_syscalls.h +new file mode 100644 +index 0000000000000..822f660dc5086 +--- /dev/null ++++ b/sandbox/linux/system_headers/riscv64_linux_syscalls.h +@@ -0,0 +1,1222 @@ ++// Copyright 2014 The Chromium Authors ++// Use of this source code is governed by a BSD-style license that can be ++// found in the LICENSE file. ++ ++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_RISCV64_LINUX_SYSCALLS_H_ ++#define SANDBOX_LINUX_SYSTEM_HEADERS_RISCV64_LINUX_SYSCALLS_H_ ++ ++#include <asm-generic/unistd.h> ++ ++#if !defined(__NR_io_setup) ++#define __NR_io_setup 0 ++#endif ++ ++#if !defined(__NR_io_destroy) ++#define __NR_io_destroy 1 ++#endif ++ ++#if !defined(__NR_io_submit) ++#define __NR_io_submit 2 ++#endif ++ ++#if !defined(__NR_io_cancel) ++#define __NR_io_cancel 3 ++#endif ++ ++#if !defined(__NR_io_getevents) ++#define __NR_io_getevents 4 ++#endif ++ ++#if !defined(__NR_setxattr) ++#define __NR_setxattr 5 ++#endif ++ ++#if !defined(__NR_lsetxattr) ++#define __NR_lsetxattr 6 ++#endif ++ ++#if !defined(__NR_fsetxattr) ++#define __NR_fsetxattr 7 ++#endif ++ ++#if !defined(__NR_getxattr) ++#define __NR_getxattr 8 ++#endif ++ ++#if !defined(__NR_lgetxattr) ++#define __NR_lgetxattr 9 ++#endif ++ ++#if !defined(__NR_fgetxattr) ++#define __NR_fgetxattr 10 ++#endif ++ ++#if !defined(__NR_listxattr) ++#define __NR_listxattr 11 ++#endif ++ ++#if !defined(__NR_llistxattr) ++#define __NR_llistxattr 12 ++#endif ++ ++#if !defined(__NR_flistxattr) ++#define __NR_flistxattr 13 ++#endif ++ ++#if !defined(__NR_removexattr) ++#define __NR_removexattr 14 ++#endif ++ ++#if !defined(__NR_lremovexattr) ++#define __NR_lremovexattr 15 ++#endif ++ ++#if !defined(__NR_fremovexattr) ++#define __NR_fremovexattr 16 ++#endif ++ ++#if !defined(__NR_getcwd) ++#define __NR_getcwd 17 ++#endif ++ ++#if !defined(__NR_lookup_dcookie) ++#define __NR_lookup_dcookie 18 ++#endif ++ ++#if !defined(__NR_eventfd2) ++#define __NR_eventfd2 19 ++#endif ++ ++#if !defined(__NR_epoll_create1) ++#define __NR_epoll_create1 20 ++#endif ++ ++#if !defined(__NR_epoll_ctl) ++#define __NR_epoll_ctl 21 ++#endif ++ ++#if !defined(__NR_epoll_pwait) ++#define __NR_epoll_pwait 22 ++#endif ++ ++#if !defined(__NR_dup) ++#define __NR_dup 23 ++#endif ++ ++#if !defined(__NR_dup3) ++#define __NR_dup3 24 ++#endif ++ ++#if !defined(__NR_fcntl) ++#define __NR_fcntl 25 ++#endif ++ ++#if !defined(__NR_inotify_init1) ++#define __NR_inotify_init1 26 ++#endif ++ ++#if !defined(__NR_inotify_add_watch) ++#define __NR_inotify_add_watch 27 ++#endif ++ ++#if !defined(__NR_inotify_rm_watch) ++#define __NR_inotify_rm_watch 28 ++#endif ++ ++#if !defined(__NR_ioctl) ++#define __NR_ioctl 29 ++#endif ++ ++#if !defined(__NR_ioprio_set) ++#define __NR_ioprio_set 30 ++#endif ++ ++#if !defined(__NR_ioprio_get) ++#define __NR_ioprio_get 31 ++#endif ++ ++#if !defined(__NR_flock) ++#define __NR_flock 32 ++#endif ++ ++#if !defined(__NR_mknodat) ++#define __NR_mknodat 33 ++#endif ++ ++#if !defined(__NR_mkdirat) ++#define __NR_mkdirat 34 ++#endif ++ ++#if !defined(__NR_unlinkat) ++#define __NR_unlinkat 35 ++#endif ++ ++#if !defined(__NR_symlinkat) ++#define __NR_symlinkat 36 ++#endif ++ ++#if !defined(__NR_linkat) ++#define __NR_linkat 37 ++#endif ++ ++#if !defined(__NR_renameat) ++#define __NR_renameat 38 ++#endif ++ ++#if !defined(__NR_umount2) ++#define __NR_umount2 39 ++#endif ++ ++#if !defined(__NR_mount) ++#define __NR_mount 40 ++#endif ++ ++#if !defined(__NR_pivot_root) ++#define __NR_pivot_root 41 ++#endif ++ ++#if !defined(__NR_nfsservctl) ++#define __NR_nfsservctl 42 ++#endif ++ ++#if !defined(__NR_statfs) ++#define __NR_statfs 43 ++#endif ++ ++#if !defined(__NR_fstatfs) ++#define __NR_fstatfs 44 ++#endif ++ ++#if !defined(__NR_truncate) ++#define __NR_truncate 45 ++#endif ++ ++#if !defined(__NR_ftruncate) ++#define __NR_ftruncate 46 ++#endif ++ ++#if !defined(__NR_fallocate) ++#define __NR_fallocate 47 ++#endif ++ ++#if !defined(__NR_faccessat) ++#define __NR_faccessat 48 ++#endif ++ ++#if !defined(__NR_chdir) ++#define __NR_chdir 49 ++#endif ++ ++#if !defined(__NR_fchdir) ++#define __NR_fchdir 50 ++#endif ++ ++#if !defined(__NR_chroot) ++#define __NR_chroot 51 ++#endif ++ ++#if !defined(__NR_fchmod) ++#define __NR_fchmod 52 ++#endif ++ ++#if !defined(__NR_fchmodat) ++#define __NR_fchmodat 53 ++#endif ++ ++#if !defined(__NR_fchownat) ++#define __NR_fchownat 54 ++#endif ++ ++#if !defined(__NR_fchown) ++#define __NR_fchown 55 ++#endif ++ ++#if !defined(__NR_openat) ++#define __NR_openat 56 ++#endif ++ ++#if !defined(__NR_close) ++#define __NR_close 57 ++#endif ++ ++#if !defined(__NR_vhangup) ++#define __NR_vhangup 58 ++#endif ++ ++#if !defined(__NR_pipe2) ++#define __NR_pipe2 59 ++#endif ++ ++#if !defined(__NR_quotactl) ++#define __NR_quotactl 60 ++#endif ++ ++#if !defined(__NR_getdents64) ++#define __NR_getdents64 61 ++#endif ++ ++#if !defined(__NR_lseek) ++#define __NR_lseek 62 ++#endif ++ ++#if !defined(__NR_read) ++#define __NR_read 63 ++#endif ++ ++#if !defined(__NR_write) ++#define __NR_write 64 ++#endif ++ ++#if !defined(__NR_readv) ++#define __NR_readv 65 ++#endif ++ ++#if !defined(__NR_writev) ++#define __NR_writev 66 ++#endif ++ ++#if !defined(__NR_pread64) ++#define __NR_pread64 67 ++#endif ++ ++#if !defined(__NR_pwrite64) ++#define __NR_pwrite64 68 ++#endif ++ ++#if !defined(__NR_preadv) ++#define __NR_preadv 69 ++#endif ++ ++#if !defined(__NR_pwritev) ++#define __NR_pwritev 70 ++#endif ++ ++#if !defined(__NR_sendfile) ++#define __NR_sendfile 71 ++#endif ++ ++#if !defined(__NR_pselect6) ++#define __NR_pselect6 72 ++#endif ++ ++#if !defined(__NR_ppoll) ++#define __NR_ppoll 73 ++#endif ++ ++#if !defined(__NR_signalfd4) ++#define __NR_signalfd4 74 ++#endif ++ ++#if !defined(__NR_vmsplice) ++#define __NR_vmsplice 75 ++#endif ++ ++#if !defined(__NR_splice) ++#define __NR_splice 76 ++#endif ++ ++#if !defined(__NR_tee) ++#define __NR_tee 77 ++#endif ++ ++#if !defined(__NR_readlinkat) ++#define __NR_readlinkat 78 ++#endif ++ ++#if !defined(__NR_newfstatat) ++#define __NR_newfstatat 79 ++#endif ++ ++#if !defined(__NR_fstat) ++#define __NR_fstat 80 ++#endif ++ ++#if !defined(__NR_sync) ++#define __NR_sync 81 ++#endif ++ ++#if !defined(__NR_fsync) ++#define __NR_fsync 82 ++#endif ++ ++#if !defined(__NR_fdatasync) ++#define __NR_fdatasync 83 ++#endif ++ ++#if !defined(__NR_sync_file_range) ++#define __NR_sync_file_range 84 ++#endif ++ ++#if !defined(__NR_timerfd_create) ++#define __NR_timerfd_create 85 ++#endif ++ ++#if !defined(__NR_timerfd_settime) ++#define __NR_timerfd_settime 86 ++#endif ++ ++#if !defined(__NR_timerfd_gettime) ++#define __NR_timerfd_gettime 87 ++#endif ++ ++#if !defined(__NR_utimensat) ++#define __NR_utimensat 88 ++#endif ++ ++#if !defined(__NR_acct) ++#define __NR_acct 89 ++#endif ++ ++#if !defined(__NR_capget) ++#define __NR_capget 90 ++#endif ++ ++#if !defined(__NR_capset) ++#define __NR_capset 91 ++#endif ++ ++#if !defined(__NR_personality) ++#define __NR_personality 92 ++#endif ++ ++#if !defined(__NR_exit) ++#define __NR_exit 93 ++#endif ++ ++#if !defined(__NR_exit_group) ++#define __NR_exit_group 94 ++#endif ++ ++#if !defined(__NR_waitid) ++#define __NR_waitid 95 ++#endif ++ ++#if !defined(__NR_set_tid_address) ++#define __NR_set_tid_address 96 ++#endif ++ ++#if !defined(__NR_unshare) ++#define __NR_unshare 97 ++#endif ++ ++#if !defined(__NR_futex) ++#define __NR_futex 98 ++#endif ++ ++#if !defined(__NR_set_robust_list) ++#define __NR_set_robust_list 99 ++#endif ++ ++#if !defined(__NR_get_robust_list) ++#define __NR_get_robust_list 100 ++#endif ++ ++#if !defined(__NR_nanosleep) ++#define __NR_nanosleep 101 ++#endif ++ ++#if !defined(__NR_getitimer) ++#define __NR_getitimer 102 ++#endif ++ ++#if !defined(__NR_setitimer) ++#define __NR_setitimer 103 ++#endif ++ ++#if !defined(__NR_kexec_load) ++#define __NR_kexec_load 104 ++#endif ++ ++#if !defined(__NR_init_module) ++#define __NR_init_module 105 ++#endif ++ ++#if !defined(__NR_delete_module) ++#define __NR_delete_module 106 ++#endif ++ ++#if !defined(__NR_timer_create) ++#define __NR_timer_create 107 ++#endif ++ ++#if !defined(__NR_timer_gettime) ++#define __NR_timer_gettime 108 ++#endif ++ ++#if !defined(__NR_timer_getoverrun) ++#define __NR_timer_getoverrun 109 ++#endif ++ ++#if !defined(__NR_timer_settime) ++#define __NR_timer_settime 110 ++#endif ++ ++#if !defined(__NR_timer_delete) ++#define __NR_timer_delete 111 ++#endif ++ ++#if !defined(__NR_clock_settime) ++#define __NR_clock_settime 112 ++#endif ++ ++#if !defined(__NR_clock_gettime) ++#define __NR_clock_gettime 113 ++#endif ++ ++#if !defined(__NR_clock_getres) ++#define __NR_clock_getres 114 ++#endif ++ ++#if !defined(__NR_clock_nanosleep) ++#define __NR_clock_nanosleep 115 ++#endif ++ ++#if !defined(__NR_syslog) ++#define __NR_syslog 116 ++#endif ++ ++#if !defined(__NR_ptrace) ++#define __NR_ptrace 117 ++#endif ++ ++#if !defined(__NR_sched_setparam) ++#define __NR_sched_setparam 118 ++#endif ++ ++#if !defined(__NR_sched_setscheduler) ++#define __NR_sched_setscheduler 119 ++#endif ++ ++#if !defined(__NR_sched_getscheduler) ++#define __NR_sched_getscheduler 120 ++#endif ++ ++#if !defined(__NR_sched_getparam) ++#define __NR_sched_getparam 121 ++#endif ++ ++#if !defined(__NR_sched_setaffinity) ++#define __NR_sched_setaffinity 122 ++#endif ++ ++#if !defined(__NR_sched_getaffinity) ++#define __NR_sched_getaffinity 123 ++#endif ++ ++#if !defined(__NR_sched_yield) ++#define __NR_sched_yield 124 ++#endif ++ ++#if !defined(__NR_sched_get_priority_max) ++#define __NR_sched_get_priority_max 125 ++#endif ++ ++#if !defined(__NR_sched_get_priority_min) ++#define __NR_sched_get_priority_min 126 ++#endif ++ ++#if !defined(__NR_sched_rr_get_interval) ++#define __NR_sched_rr_get_interval 127 ++#endif ++ ++#if !defined(__NR_restart_syscall) ++#define __NR_restart_syscall 128 ++#endif ++ ++#if !defined(__NR_kill) ++#define __NR_kill 129 ++#endif ++ ++#if !defined(__NR_tkill) ++#define __NR_tkill 130 ++#endif ++ ++#if !defined(__NR_tgkill) ++#define __NR_tgkill 131 ++#endif ++ ++#if !defined(__NR_sigaltstack) ++#define __NR_sigaltstack 132 ++#endif ++ ++#if !defined(__NR_rt_sigsuspend) ++#define __NR_rt_sigsuspend 133 ++#endif ++ ++#if !defined(__NR_rt_sigaction) ++#define __NR_rt_sigaction 134 ++#endif ++ ++#if !defined(__NR_rt_sigprocmask) ++#define __NR_rt_sigprocmask 135 ++#endif ++ ++#if !defined(__NR_rt_sigpending) ++#define __NR_rt_sigpending 136 ++#endif ++ ++#if !defined(__NR_rt_sigtimedwait) ++#define __NR_rt_sigtimedwait 137 ++#endif ++ ++#if !defined(__NR_rt_sigqueueinfo) ++#define __NR_rt_sigqueueinfo 138 ++#endif ++ ++#if !defined(__NR_rt_sigreturn) ++#define __NR_rt_sigreturn 139 ++#endif ++ ++#if !defined(__NR_setpriority) ++#define __NR_setpriority 140 ++#endif ++ ++#if !defined(__NR_getpriority) ++#define __NR_getpriority 141 ++#endif ++ ++#if !defined(__NR_reboot) ++#define __NR_reboot 142 ++#endif ++ ++#if !defined(__NR_setregid) ++#define __NR_setregid 143 ++#endif ++ ++#if !defined(__NR_setgid) ++#define __NR_setgid 144 ++#endif ++ ++#if !defined(__NR_setreuid) ++#define __NR_setreuid 145 ++#endif ++ ++#if !defined(__NR_setuid) ++#define __NR_setuid 146 ++#endif ++ ++#if !defined(__NR_setresuid) ++#define __NR_setresuid 147 ++#endif ++ ++#if !defined(__NR_getresuid) ++#define __NR_getresuid 148 ++#endif ++ ++#if !defined(__NR_setresgid) ++#define __NR_setresgid 149 ++#endif ++ ++#if !defined(__NR_getresgid) ++#define __NR_getresgid 150 ++#endif ++ ++#if !defined(__NR_setfsuid) ++#define __NR_setfsuid 151 ++#endif ++ ++#if !defined(__NR_setfsgid) ++#define __NR_setfsgid 152 ++#endif ++ ++#if !defined(__NR_times) ++#define __NR_times 153 ++#endif ++ ++#if !defined(__NR_setpgid) ++#define __NR_setpgid 154 ++#endif ++ ++#if !defined(__NR_getpgid) ++#define __NR_getpgid 155 ++#endif ++ ++#if !defined(__NR_getsid) ++#define __NR_getsid 156 ++#endif ++ ++#if !defined(__NR_setsid) ++#define __NR_setsid 157 ++#endif ++ ++#if !defined(__NR_getgroups) ++#define __NR_getgroups 158 ++#endif ++ ++#if !defined(__NR_setgroups) ++#define __NR_setgroups 159 ++#endif ++ ++#if !defined(__NR_uname) ++#define __NR_uname 160 ++#endif ++ ++#if !defined(__NR_sethostname) ++#define __NR_sethostname 161 ++#endif ++ ++#if !defined(__NR_setdomainname) ++#define __NR_setdomainname 162 ++#endif ++ ++#if !defined(__NR_getrlimit) ++#define __NR_getrlimit 163 ++#endif ++ ++#if !defined(__NR_setrlimit) ++#define __NR_setrlimit 164 ++#endif ++ ++#if !defined(__NR_getrusage) ++#define __NR_getrusage 165 ++#endif ++ ++#if !defined(__NR_umask) ++#define __NR_umask 166 ++#endif ++ ++#if !defined(__NR_prctl) ++#define __NR_prctl 167 ++#endif ++ ++#if !defined(__NR_getcpu) ++#define __NR_getcpu 168 ++#endif ++ ++#if !defined(__NR_gettimeofday) ++#define __NR_gettimeofday 169 ++#endif ++ ++#if !defined(__NR_settimeofday) ++#define __NR_settimeofday 170 ++#endif ++ ++#if !defined(__NR_adjtimex) ++#define __NR_adjtimex 171 ++#endif ++ ++#if !defined(__NR_getpid) ++#define __NR_getpid 172 ++#endif ++ ++#if !defined(__NR_getppid) ++#define __NR_getppid 173 ++#endif ++ ++#if !defined(__NR_getuid) ++#define __NR_getuid 174 ++#endif ++ ++#if !defined(__NR_geteuid) ++#define __NR_geteuid 175 ++#endif ++ ++#if !defined(__NR_getgid) ++#define __NR_getgid 176 ++#endif ++ ++#if !defined(__NR_getegid) ++#define __NR_getegid 177 ++#endif ++ ++#if !defined(__NR_gettid) ++#define __NR_gettid 178 ++#endif ++ ++#if !defined(__NR_sysinfo) ++#define __NR_sysinfo 179 ++#endif ++ ++#if !defined(__NR_mq_open) ++#define __NR_mq_open 180 ++#endif ++ ++#if !defined(__NR_mq_unlink) ++#define __NR_mq_unlink 181 ++#endif ++ ++#if !defined(__NR_mq_timedsend) ++#define __NR_mq_timedsend 182 ++#endif ++ ++#if !defined(__NR_mq_timedreceive) ++#define __NR_mq_timedreceive 183 ++#endif ++ ++#if !defined(__NR_mq_notify) ++#define __NR_mq_notify 184 ++#endif ++ ++#if !defined(__NR_mq_getsetattr) ++#define __NR_mq_getsetattr 185 ++#endif ++ ++#if !defined(__NR_msgget) ++#define __NR_msgget 186 ++#endif ++ ++#if !defined(__NR_msgctl) ++#define __NR_msgctl 187 ++#endif ++ ++#if !defined(__NR_msgrcv) ++#define __NR_msgrcv 188 ++#endif ++ ++#if !defined(__NR_msgsnd) ++#define __NR_msgsnd 189 ++#endif ++ ++#if !defined(__NR_semget) ++#define __NR_semget 190 ++#endif ++ ++#if !defined(__NR_semctl) ++#define __NR_semctl 191 ++#endif ++ ++#if !defined(__NR_semtimedop) ++#define __NR_semtimedop 192 ++#endif ++ ++#if !defined(__NR_semop) ++#define __NR_semop 193 ++#endif ++ ++#if !defined(__NR_shmget) ++#define __NR_shmget 194 ++#endif ++ ++#if !defined(__NR_shmctl) ++#define __NR_shmctl 195 ++#endif ++ ++#if !defined(__NR_shmat) ++#define __NR_shmat 196 ++#endif ++ ++#if !defined(__NR_shmdt) ++#define __NR_shmdt 197 ++#endif ++ ++#if !defined(__NR_socket) ++#define __NR_socket 198 ++#endif ++ ++#if !defined(__NR_socketpair) ++#define __NR_socketpair 199 ++#endif ++ ++#if !defined(__NR_bind) ++#define __NR_bind 200 ++#endif ++ ++#if !defined(__NR_listen) ++#define __NR_listen 201 ++#endif ++ ++#if !defined(__NR_accept) ++#define __NR_accept 202 ++#endif ++ ++#if !defined(__NR_connect) ++#define __NR_connect 203 ++#endif ++ ++#if !defined(__NR_getsockname) ++#define __NR_getsockname 204 ++#endif ++ ++#if !defined(__NR_getpeername) ++#define __NR_getpeername 205 ++#endif ++ ++#if !defined(__NR_sendto) ++#define __NR_sendto 206 ++#endif ++ ++#if !defined(__NR_recvfrom) ++#define __NR_recvfrom 207 ++#endif ++ ++#if !defined(__NR_setsockopt) ++#define __NR_setsockopt 208 ++#endif ++ ++#if !defined(__NR_getsockopt) ++#define __NR_getsockopt 209 ++#endif ++ ++#if !defined(__NR_shutdown) ++#define __NR_shutdown 210 ++#endif ++ ++#if !defined(__NR_sendmsg) ++#define __NR_sendmsg 211 ++#endif ++ ++#if !defined(__NR_recvmsg) ++#define __NR_recvmsg 212 ++#endif ++ ++#if !defined(__NR_readahead) ++#define __NR_readahead 213 ++#endif ++ ++#if !defined(__NR_brk) ++#define __NR_brk 214 ++#endif ++ ++#if !defined(__NR_munmap) ++#define __NR_munmap 215 ++#endif ++ ++#if !defined(__NR_mremap) ++#define __NR_mremap 216 ++#endif ++ ++#if !defined(__NR_add_key) ++#define __NR_add_key 217 ++#endif ++ ++#if !defined(__NR_request_key) ++#define __NR_request_key 218 ++#endif ++ ++#if !defined(__NR_keyctl) ++#define __NR_keyctl 219 ++#endif ++ ++#if !defined(__NR_clone) ++#define __NR_clone 220 ++#endif ++ ++#if !defined(__NR_execve) ++#define __NR_execve 221 ++#endif ++ ++#if !defined(__NR_mmap) ++#define __NR_mmap 222 ++#endif ++ ++#if !defined(__NR_fadvise64) ++#define __NR_fadvise64 223 ++#endif ++ ++#if !defined(__NR_swapon) ++#define __NR_swapon 224 ++#endif ++ ++#if !defined(__NR_swapoff) ++#define __NR_swapoff 225 ++#endif ++ ++#if !defined(__NR_mprotect) ++#define __NR_mprotect 226 ++#endif ++ ++#if !defined(__NR_msync) ++#define __NR_msync 227 ++#endif ++ ++#if !defined(__NR_mlock) ++#define __NR_mlock 228 ++#endif ++ ++#if !defined(__NR_munlock) ++#define __NR_munlock 229 ++#endif ++ ++#if !defined(__NR_mlockall) ++#define __NR_mlockall 230 ++#endif ++ ++#if !defined(__NR_munlockall) ++#define __NR_munlockall 231 ++#endif ++ ++#if !defined(__NR_mincore) ++#define __NR_mincore 232 ++#endif ++ ++#if !defined(__NR_madvise) ++#define __NR_madvise 233 ++#endif ++ ++#if !defined(__NR_remap_file_pages) ++#define __NR_remap_file_pages 234 ++#endif ++ ++#if !defined(__NR_mbind) ++#define __NR_mbind 235 ++#endif ++ ++#if !defined(__NR_get_mempolicy) ++#define __NR_get_mempolicy 236 ++#endif ++ ++#if !defined(__NR_set_mempolicy) ++#define __NR_set_mempolicy 237 ++#endif ++ ++#if !defined(__NR_migrate_pages) ++#define __NR_migrate_pages 238 ++#endif ++ ++#if !defined(__NR_move_pages) ++#define __NR_move_pages 239 ++#endif ++ ++#if !defined(__NR_rt_tgsigqueueinfo) ++#define __NR_rt_tgsigqueueinfo 240 ++#endif ++ ++#if !defined(__NR_perf_event_open) ++#define __NR_perf_event_open 241 ++#endif ++ ++#if !defined(__NR_accept4) ++#define __NR_accept4 242 ++#endif ++ ++#if !defined(__NR_recvmmsg) ++#define __NR_recvmmsg 243 ++#endif ++ ++#if !defined(__NR_riscv_flush_icache) ++#define __NR_riscv_flush_icache 259 ++#endif ++ ++#if !defined(__NR_wait4) ++#define __NR_wait4 260 ++#endif ++ ++#if !defined(__NR_prlimit64) ++#define __NR_prlimit64 261 ++#endif ++ ++#if !defined(__NR_fanotify_init) ++#define __NR_fanotify_init 262 ++#endif ++ ++#if !defined(__NR_fanotify_mark) ++#define __NR_fanotify_mark 263 ++#endif ++ ++#if !defined(__NR_name_to_handle_at) ++#define __NR_name_to_handle_at 264 ++#endif ++ ++#if !defined(__NR_open_by_handle_at) ++#define __NR_open_by_handle_at 265 ++#endif ++ ++#if !defined(__NR_clock_adjtime) ++#define __NR_clock_adjtime 266 ++#endif ++ ++#if !defined(__NR_syncfs) ++#define __NR_syncfs 267 ++#endif ++ ++#if !defined(__NR_setns) ++#define __NR_setns 268 ++#endif ++ ++#if !defined(__NR_sendmmsg) ++#define __NR_sendmmsg 269 ++#endif ++ ++#if !defined(__NR_process_vm_readv) ++#define __NR_process_vm_readv 270 ++#endif ++ ++#if !defined(__NR_process_vm_writev) ++#define __NR_process_vm_writev 271 ++#endif ++ ++#if !defined(__NR_kcmp) ++#define __NR_kcmp 272 ++#endif ++ ++#if !defined(__NR_finit_module) ++#define __NR_finit_module 273 ++#endif ++ ++#if !defined(__NR_sched_setattr) ++#define __NR_sched_setattr 274 ++#endif ++ ++#if !defined(__NR_sched_getattr) ++#define __NR_sched_getattr 275 ++#endif ++ ++#if !defined(__NR_renameat2) ++#define __NR_renameat2 276 ++#endif ++ ++#if !defined(__NR_seccomp) ++#define __NR_seccomp 277 ++#endif ++ ++#if !defined(__NR_getrandom) ++#define __NR_getrandom 278 ++#endif ++ ++#if !defined(__NR_memfd_create) ++#define __NR_memfd_create 279 ++#endif ++ ++#if !defined(__NR_bpf) ++#define __NR_bpf 280 ++#endif ++ ++#if !defined(__NR_execveat) ++#define __NR_execveat 281 ++#endif ++ ++#if !defined(__NR_userfaultfd) ++#define __NR_userfaultfd 282 ++#endif ++ ++#if !defined(__NR_membarrier) ++#define __NR_membarrier 283 ++#endif ++ ++#if !defined(__NR_mlock2) ++#define __NR_mlock2 284 ++#endif ++ ++#if !defined(__NR_copy_file_range) ++#define __NR_copy_file_range 285 ++#endif ++ ++#if !defined(__NR_preadv2) ++#define __NR_preadv2 286 ++#endif ++ ++#if !defined(__NR_pwritev2) ++#define __NR_pwritev2 287 ++#endif ++ ++#if !defined(__NR_pkey_mprotect) ++#define __NR_pkey_mprotect 288 ++#endif ++ ++#if !defined(__NR_pkey_alloc) ++#define __NR_pkey_alloc 289 ++#endif ++ ++#if !defined(__NR_pkey_free) ++#define __NR_pkey_free 290 ++#endif ++ ++#if !defined(__NR_statx) ++#define __NR_statx 291 ++#endif ++ ++#if !defined(__NR_io_pgetevents) ++#define __NR_io_pgetevents 292 ++#endif ++ ++#if !defined(__NR_rseq) ++#define __NR_rseq 293 ++#endif ++ ++#if !defined(__NR_kexec_file_load) ++#define __NR_kexec_file_load 294 ++#endif ++ ++#if !defined(__NR_pidfd_send_signal) ++#define __NR_pidfd_send_signal 424 ++#endif ++ ++#if !defined(__NR_io_uring_setup) ++#define __NR_io_uring_setup 425 ++#endif ++ ++#if !defined(__NR_io_uring_enter) ++#define __NR_io_uring_enter 426 ++#endif ++ ++#if !defined(__NR_io_uring_register) ++#define __NR_io_uring_register 427 ++#endif ++ ++#if !defined(__NR_open_tree) ++#define __NR_open_tree 428 ++#endif ++ ++#if !defined(__NR_move_mount) ++#define __NR_move_mount 429 ++#endif ++ ++#if !defined(__NR_fsopen) ++#define __NR_fsopen 430 ++#endif ++ ++#if !defined(__NR_fsconfig) ++#define __NR_fsconfig 431 ++#endif ++ ++#if !defined(__NR_fsmount) ++#define __NR_fsmount 432 ++#endif ++ ++#if !defined(__NR_fspick) ++#define __NR_fspick 433 ++#endif ++ ++#if !defined(__NR_pidfd_open) ++#define __NR_pidfd_open 434 ++#endif ++ ++#if !defined(__NR_clone3) ++#define __NR_clone3 435 ++#endif ++ ++#if !defined(__NR_close_range) ++#define __NR_close_range 436 ++#endif ++ ++#if !defined(__NR_openat2) ++#define __NR_openat2 437 ++#endif ++ ++#if !defined(__NR_pidfd_getfd) ++#define __NR_pidfd_getfd 438 ++#endif ++ ++#if !defined(__NR_faccessat2) ++#define __NR_faccessat2 439 ++#endif ++ ++#if !defined(__NR_process_madvise) ++#define __NR_process_madvise 440 ++#endif ++ ++#if !defined(__NR_epoll_pwait2) ++#define __NR_epoll_pwait2 441 ++#endif ++ ++#if !defined(__NR_mount_setattr) ++#define __NR_mount_setattr 442 ++#endif ++ ++#if !defined(__NR_quotactl_path) ++#define __NR_quotactl_path 443 ++#endif ++ ++#if !defined(__NR_landlock_create_ruleset) ++#define __NR_landlock_create_ruleset 444 ++#endif ++ ++#if !defined(__NR_landlock_add_rule) ++#define __NR_landlock_add_rule 445 ++#endif ++ ++#if !defined(__NR_landlock_restrict_self) ++#define __NR_landlock_restrict_self 446 ++#endif ++ ++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_RISCV64_LINUX_SYSCALLS_H_ +diff --git a/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.cc b/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.cc +index df2567f74981f..41e158a292369 100644 +--- a/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.cc ++++ b/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.cc +@@ -38,7 +38,7 @@ ResultExpr CrosAmdGpuProcessPolicy::EvaluateSyscall(int sysno) const { + case __NR_sched_setscheduler: + case __NR_sysinfo: + case __NR_uname: +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_readlink: + case __NR_stat: + #endif +diff --git a/sandbox/policy/linux/bpf_gpu_policy_linux.cc b/sandbox/policy/linux/bpf_gpu_policy_linux.cc +index 35ccbb7a7f82b..65a0587e25af5 100644 +--- a/sandbox/policy/linux/bpf_gpu_policy_linux.cc ++++ b/sandbox/policy/linux/bpf_gpu_policy_linux.cc +@@ -73,7 +73,7 @@ ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const { + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + case __NR_ftruncate64: + #endif +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_getdents: + #endif + case __NR_getdents64: +diff --git a/sandbox/policy/linux/bpf_network_policy_linux.cc b/sandbox/policy/linux/bpf_network_policy_linux.cc +index 98e738a7e38be..b72914eafc775 100644 +--- a/sandbox/policy/linux/bpf_network_policy_linux.cc ++++ b/sandbox/policy/linux/bpf_network_policy_linux.cc +@@ -255,7 +255,7 @@ ResultExpr NetworkProcessPolicy::EvaluateSyscall(int sysno) const { + case __NR_fdatasync: + case __NR_fsync: + case __NR_mremap: +-#if !defined(__aarch64__) ++#if !defined(__aarch64__) && !defined(__riscv) + case __NR_getdents: + #endif + case __NR_getdents64: +-- +2.41.0 + |