base-linux: 64-bit ARM support

This patch adds support for running Genode/Linux on the AARCH64 architecture. - The kernel-agnostic startup code (crt0) had to be extended to capture the initial stack pointer, which the Linux kernel uses to pass the process environment. This is in line with the existing startup code for x86_32 and x86_64. - The link order of the host libraries linked to lx_hybrid programs had to be adjusted such that libgcc appears at last because the other libraries depend on symbols provided by libgcc. - When using AARCH64 Linux as host, one can execute run scripts via 'make run/<script> KERNEL=linux BOARD=linux' now. Issue #4136
2026-01-21 12:32:56 +01:00 · 2021-05-05 19:20:37 +02:00
parent 718f44ae5b
commit 2f9d430c00
21 changed files with 126 additions and 8 deletions
--- a/tool/seccomp/.gitignore
+++ b/tool/seccomp/.gitignore
@@ -1,3 +1,4 @@
-/seccomp_bpf_policy_arm.bin
+/seccomp_bpf_policy_arm_32.bin
+/seccomp_bpf_policy_arm_64.bin
 /seccomp_bpf_policy_x86_32.bin
 /seccomp_bpf_policy_x86_64.bin
--- a/tool/seccomp/Makefile
+++ b/tool/seccomp/Makefile
@@ -1,6 +1,8 @@
 .DEFAULT_GOAL := seccomp_bpf_filters

-seccomp_bpf_filters: seccomp_bpf_policy_x86_32.bin seccomp_bpf_policy_x86_64.bin seccomp_bpf_policy_arm.bin
+ARCHS := x86_32 x86_64 arm_32 arm_64
+
+seccomp_bpf_filters: $(foreach A,$(ARCHS),seccomp_bpf_policy_$A.bin)

 seccomp_bpf_policy_%.bin: seccomp_bpf_compiler_%.prg
 	./$< > $@
--- a/tool/seccomp/seccomp_bpf_compiler.h
+++ b/tool/seccomp/seccomp_bpf_compiler.h
@@ -122,8 +122,9 @@ class Filter
 			_add_allow_rule(SCMP_SYS(gettimeofday));
 			_add_allow_rule(SCMP_SYS(getpeername));

-			int clone_flags = CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND
-			                | CLONE_THREAD | CLONE_SYSVSEM;
+			unsigned long clone_flags = CLONE_VM | CLONE_FS | CLONE_FILES
+			                          | CLONE_SIGHAND | CLONE_THREAD
+			                          | CLONE_SYSVSEM;

 			switch (_arch)
 			{
@@ -196,6 +197,16 @@ class Filter
 						_add_allow_rule(SCMP_SYS(sigreturn));
 					}
 					break;
+				case SCMP_ARCH_AARCH64:
+					 {
+						_add_allow_rule(SCMP_SYS(tgkill), SCMP_CMP32(0, SCMP_CMP_EQ, 0xCAFEAFFE),
+						                                  SCMP_CMP32(2, SCMP_CMP_EQ, SIGRTMIN));
+						_add_allow_rule(SCMP_SYS(clone), SCMP_CMP32(0, SCMP_CMP_EQ, clone_flags));
+						_add_allow_rule(SCMP_SYS(mmap));
+						_add_allow_rule(SCMP_SYS(cacheflush));
+						_add_allow_rule(SCMP_SYS(sigreturn));
+					}
+					break;
 				default:
 					fprintf(stderr, "Unsupported architecture\n");
 					throw -104;
--- a/tool/seccomp/seccomp_bpf_compiler_arm_32.cc
+++ b/tool/seccomp/seccomp_bpf_compiler_arm_32.cc
--- a/tool/seccomp/seccomp_bpf_compiler_arm_64.cc
+++ b/tool/seccomp/seccomp_bpf_compiler_arm_64.cc
@@ -0,0 +1,23 @@
+/*
+ * \brief  Generate seccomp filter policy for base-linux on arm
+ * \author Stefan Thoeni
+ * \date   2019-12-13
+ */
+
+/*
+ * Copyright (C) 2019 Genode Labs GmbH
+ * Copyright (C) 2019 gapfruit AG
+ *
+ * This file is part of the Genode OS framework, which is distributed
+ * under the terms of the GNU Affero General Public License version 3.
+ */
+
+#include <stdio.h>   /* printf */
+#include <seccomp.h> /* libseccomp */
+#include "seccomp_bpf_compiler.h"
+
+int main()
+{
+	Filter filter(SCMP_ARCH_AARCH64);
+	return filter.create();
+}