diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 29b8bb413b..6a25492693 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -323,11 +323,17 @@ jobs: cd build sudo ./test/drivers/drivers_test -k - build-libs-s390x: - name: build-libs-s390x ๐Ÿ˜ (system_deps) + build-drivers-s390x-ppc64le: + name: build-drivers-${{ matrix.arch }} ๐Ÿ˜ (system_deps) runs-on: ubuntu-22.04 needs: paths-filter - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libsinsp_changed == 'true' + if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + strategy: + matrix: + arch: [s390x, ppc64le] + fail-fast: false + env: + PLATFORM: ${{ matrix.arch == 'ppc64le' && 'powerpc64le' || 's390x' }} steps: - name: Checkout Libs โคต๏ธ @@ -336,14 +342,14 @@ jobs: fetch-depth: 0 - uses: uraimo/run-on-arch-action@4ed76f16f09d12e83abd8a49e1ac1e5bf08784d4 # v2.5.1 - name: Run s390x build ๐Ÿ—๏ธ + name: Run ${{ matrix.arch }} build ๐Ÿ—๏ธ with: - arch: s390x + arch: ${{ matrix.arch }} distro: ubuntu22.04 githubToken: ${{ github.token }} install: | - apt update && apt install -y --no-install-recommends ca-certificates cmake build-essential clang llvm git pkg-config autoconf automake libtool libelf-dev wget libc-ares-dev libcurl4-openssl-dev libssl-dev libtbb-dev libjq-dev libjsoncpp-dev libgrpc++-dev protobuf-compiler-grpc libgtest-dev libprotobuf-dev linux-headers-generic + apt update && apt install -y --no-install-recommends ca-certificates cmake build-essential clang llvm git pkg-config autoconf automake libtool libelf-dev wget libc-ares-dev libcurl4-openssl-dev libssl-dev libtbb-dev libjq-dev libjsoncpp-dev libgrpc++-dev protobuf-compiler-grpc libcap-dev libgtest-dev libprotobuf-dev linux-headers-generic git clone https://github.com/libbpf/bpftool.git --branch v7.0.0 --single-branch cd bpftool git submodule update --init @@ -351,16 +357,14 @@ jobs: cd ../../ git clone https://github.com/libbpf/libbpf.git --branch v1.0.1 --single-branch cd libbpf/src && BUILD_STATIC_ONLY=y DESTDIR=/ make install - ln -s /usr/lib64/libbpf.a /usr/lib/s390x-linux-gnu/ - + ln -s /usr/lib64/libbpf.a /usr/lib/${{env.PLATFORM}}-linux-gnu/ # Please note: we cannot inject the BPF probe inside QEMU, so right now, we only build it run: | git config --global --add safe.directory $GITHUB_WORKSPACE .github/install-deps.sh mkdir -p build - cd build && cmake -DBUILD_BPF=On -DUSE_BUNDLED_DEPS=OFF -DMODERN_PROBE_INCLUDE="-I/usr/include/s390x-linux-gnu" -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../ - KERNELDIR=/lib/modules/$(ls /lib/modules)/build make scap-open driver bpf unit-test-libsinsp -j6 - ./libsinsp/test/unit-test-libsinsp + cd build && cmake -DBUILD_BPF=On -DUSE_BUNDLED_DEPS=OFF -DMODERN_PROBE_INCLUDE="-I/usr/include/${{env.PLATFORM}}-linux-gnu" -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DENABLE_DRIVERS_TESTS=On -DCREATE_TEST_TARGETS=On -DBUILD_LIBSCAP_GVISOR=OFF ../ + KERNELDIR=/lib/modules/$(ls /lib/modules)/build make driver bpf drivers_test -j6 # This job checks that a bundled deps of libs is as static as possible test-libs-static: diff --git a/README.md b/README.md index ac23e680bf..bd7fe9e463 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ Our drivers officially support the following architectures: | **aarch64** | >= [3.16](https://github.com/torvalds/linux/commit/055b1212d141f1f398fca548f8147787c0b6253f) | >= 4.17 | >= 5.8 | _STABLE_ | | **s390x** | >= 2.6 | >= [5.5](https://github.com/torvalds/linux/commit/6ae08ae3dea) | >= 5.8 | _EXPERIMENTAL_ | | **riscv64** | >= [5.0](https://github.com/torvalds/linux/commit/5aeb1b36cedd3a1dfdbfe368629fed52dee34103) | N/A | N/A | _EXPERIMENTAL_ | -| **ppc64le** | N/A | N/A | >= 5.8 | _EXPERIMENTAL_ | +| **ppc64le** | >=2.6 | >=4.18 | >= 5.8 | _EXPERIMENTAL_ | To access up-to-date status reports on Falco drivers kernel testing, please visit this [page](https://falcosecurity.github.io/libs/). It provides a list of supported syscalls as well as the [report](https://falcosecurity.github.io/libs/report/). diff --git a/driver/CMakeLists.txt b/driver/CMakeLists.txt index 74cb4b4bc2..e78c8af380 100644 --- a/driver/CMakeLists.txt +++ b/driver/CMakeLists.txt @@ -13,7 +13,8 @@ set(TARGET_ARCH ${CMAKE_HOST_SYSTEM_PROCESSOR}) if((NOT TARGET_ARCH STREQUAL "x86_64") AND (NOT TARGET_ARCH STREQUAL "aarch64") AND (NOT TARGET_ARCH STREQUAL "s390x") AND - (NOT TARGET_ARCH STREQUAL "riscv64")) + (NOT TARGET_ARCH STREQUAL "riscv64") AND + (NOT TARGET_ARCH STREQUAL "ppc64le")) message(WARNING "Target architecture not officially supported by our drivers!") else() # Load current kernel version @@ -26,6 +27,7 @@ else() set(kmod_min_kver_map_aarch64 3.16) set(kmod_min_kver_map_s390x 2.6) set(kmod_min_kver_map_riscv64 5.0) + set(kmod_min_kver_map_ppc64le 2.6) if (LINUX_KERNEL_VERSION VERSION_LESS ${kmod_min_kver_map_${TARGET_ARCH}}) message(WARNING "[KMOD] To run this driver you need a Linux kernel version >= ${kmod_min_kver_map_${TARGET_ARCH}} but actual kernel version is: ${UNAME_RESULT}") endif() diff --git a/driver/bpf/CMakeLists.txt b/driver/bpf/CMakeLists.txt index 457b222d20..f42a1a6c48 100644 --- a/driver/bpf/CMakeLists.txt +++ b/driver/bpf/CMakeLists.txt @@ -15,6 +15,7 @@ if(BUILD_BPF) set(bpf_min_kver_map_x86_64 4.14) set(bpf_min_kver_map_aarch64 4.17) set(bpf_min_kver_map_s390x 5.5) + set(bpf_min_kver_map_ppc64le 4.18) if (LINUX_KERNEL_VERSION VERSION_LESS ${bpf_min_kver_map_${TARGET_ARCH}}) message(WARNING "[BPF] To run this driver you need a Linux kernel version >= ${bpf_min_kver_map_${TARGET_ARCH}} but actual kernel version is: ${UNAME_RESULT}") endif() diff --git a/driver/bpf/plumbing_helpers.h b/driver/bpf/plumbing_helpers.h index 5e7e54608f..bbbb9306ab 100644 --- a/driver/bpf/plumbing_helpers.h +++ b/driver/bpf/plumbing_helpers.h @@ -130,6 +130,14 @@ static __always_inline bool bpf_in_ia32_syscall() status = _READ(task->thread_info.flags); return status & _TIF_31BIT; +#elif defined(CONFIG_PPC64) + + /* See here for the definition: + * https://github.com/torvalds/linux/blob/9b6de136b5f0158c60844f85286a593cb70fb364/arch/powerpc/include/asm/thread_info.h#L127 + */ + status = _READ(task->thread_info.flags); + return status & _TIF_32BIT; + #else /* Unknown architecture. */ @@ -172,6 +180,13 @@ static __always_inline long bpf_syscall_get_nr(void *ctx) id = _READ(regs->int_code); id = id & 0xffff; +#elif CONFIG_PPC64 + + /* See here for the definition: + * https://github.com/torvalds/linux/blob/f1a09972a45ae63efbd1587337c4be13b1893330/arch/powerpc/include/asm/syscall.h#L37 + */ + id = _READ(regs->gpr[0]); + #endif /* CONFIG_X86_64 */ #else @@ -304,6 +319,26 @@ static __always_inline unsigned long bpf_syscall_get_argument_from_ctx(void *ctx arg = 0; } +#elif CONFIG_PPC64 + + /* See here for the definition: + * https://github.com/libbpf/libbpf/blob/master/src/bpf_tracing.h#L290-L306 + */ + switch (idx) { + case 0: + arg = _READ(regs->orig_gpr3); + break; + case 1: + case 2: + case 3: + case 4: + case 5: + arg = _READ(regs->gpr[idx+3]); + break; + default: + arg = 0; + } + #endif /* CONFIG_X86_64 */ #else diff --git a/driver/bpf/quirks.h b/driver/bpf/quirks.h index 2bd2972ea3..e9a4847349 100644 --- a/driver/bpf/quirks.h +++ b/driver/bpf/quirks.h @@ -25,7 +25,7 @@ or GPL2.txt for full copies of the license. #define BPF_FORBIDS_ZERO_ACCESS #endif -#if (defined(CONFIG_X86_64) || defined(CONFIG_ARM64) || defined(CONFIG_S390)) && LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0) +#if (defined(CONFIG_X86_64) || defined(CONFIG_ARM64) || defined(CONFIG_S390) || defined(CONFIG_PPC64)) && LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0) #define BPF_SUPPORTS_RAW_TRACEPOINTS #endif diff --git a/driver/main.c b/driver/main.c index cedcb6713b..b3aaa6aa80 100644 --- a/driver/main.c +++ b/driver/main.c @@ -2133,6 +2133,9 @@ static inline bool kmod_in_ia32_syscall(void) #elif defined(CONFIG_S390) if (unlikely(task_thread_info(current)->flags & _TIF_31BIT)) return true; +#elif defined(CONFIG_PPC64) + if (unlikely(task_thread_info(current)->flags & _TIF_32BIT)) + return true; #endif /* CONFIG_X86_64 */ return false; } diff --git a/test/drivers/test_suites/syscall_exit_suite/execveat_x.cpp b/test/drivers/test_suites/syscall_exit_suite/execveat_x.cpp index ff277ae5cb..1df56ca41c 100644 --- a/test/drivers/test_suites/syscall_exit_suite/execveat_x.cpp +++ b/test/drivers/test_suites/syscall_exit_suite/execveat_x.cpp @@ -211,7 +211,7 @@ TEST(SyscallExit, execveatX_correct_exit) evt_test->disable_capture(); -#if defined(__s390x__) || defined(__riscv) +#if defined(__s390x__) || defined(__riscv) || defined(__powerpc64__) /* We search for a child event. */ evt_test->assert_event_presence(ret_pid); @@ -338,7 +338,7 @@ TEST(SyscallExit, execveatX_execve_exit) evt_test->disable_capture(); /* `s390x` returns an `EXECVEAT_X` event while other architectures retun an `EXECVE_X` */ -#if defined(__s390x__) || defined(__riscv) +#if defined(__s390x__) || defined(__riscv) || defined(__powerpc64__) /* We search for a child event. */ evt_test->assert_event_absence(ret_pid, PPME_SYSCALL_EXECVE_19_X); #else @@ -494,7 +494,7 @@ TEST(SyscallExit, execveatX_success_memfd) evt_test->disable_capture(); -#if defined(__s390x__) || defined(__riscv) +#if defined(__s390x__) || defined(__riscv) || defined(__powerpc64__) /* We search for a child event. */ evt_test->assert_event_presence(ret_pid); diff --git a/userspace/libscap/engine/gvisor/parsers.cpp b/userspace/libscap/engine/gvisor/parsers.cpp index cb4d6d64e0..1d300bc795 100644 --- a/userspace/libscap/engine/gvisor/parsers.cpp +++ b/userspace/libscap/engine/gvisor/parsers.cpp @@ -33,6 +33,10 @@ limitations under the License. #include "../../driver/syscall_compat_aarch64.h" #elif __s390x__ #include "../../driver/syscall_compat_s390x.h" +#elif __powerpc64__ +#include "../../driver/syscall_compat_ppc64le.h" +#elif __riscv +#include "../../driver/syscall_compat_riscv64.h" #endif /* __x86_64__ */ #include