On Fri, 20 Mar 2020, John Paul Adrian Glaubitz wrote:
Hi! Would it be possible to add seccomp support for m68k in the kernel? There are some packages like kscreensaver in Debian that require libseccomp-dev and it would therefore be desirable if we could that library on Linux/m68k as well. From what I have learned from Helge Deller who added seccomp for hppa, it doesn't seem much that is necessary to get seccomp working on an architecture. So, if anyone could work on the kernel part, I could do the work on libseccomp. Thanks, Adrian
I suspect (without evidence) that many m68k systems are actually virtual machines. And the need for container hosting on m68k seems negligible. Therefore, there doesn't seem to be a lot of actual benefit from seccomp. There are 17 architectures (out of 25) lacking seccomp support. This suggests that the portability issue around this missing feature can't easily be pinned on m68k. That's not the case for certain other feature, where the m68k port could more easily be blamed for harming portability or generality (potentially creating work for others). Just based on the numbers (below) the foremost would be tracehook and generic-idle-thread. Also, arguably the most desirable features for m68k are those that might improve performance (e.g. jump-labels, eBPF-JIT, locking/*, generic VDSO for 680x0 etc.). $ grep -c TODO Documentation/features/*/*/arch-support.txt | sort -t: -k2n Documentation/features/time/clockevents/arch-support.txt:1 Documentation/features/time/modern-timekeeping/arch-support.txt:1 Documentation/features/vm/numa-memblock/arch-support.txt:2 Documentation/features/vm/THP/arch-support.txt:5 Documentation/features/core/tracehook/arch-support.txt:6 Documentation/features/sched/numa-balancing/arch-support.txt:6 Documentation/features/core/generic-idle-thread/arch-support.txt:8 Documentation/features/locking/lockdep/arch-support.txt:9 Documentation/features/debug/kgdb/arch-support.txt:12 Documentation/features/debug/kprobes/arch-support.txt:13 Documentation/features/debug/kretprobes/arch-support.txt:14 Documentation/features/time/irq-time-acct/arch-support.txt:14 Documentation/features/core/jump-labels/arch-support.txt:15 Documentation/features/perf/kprobes-event/arch-support.txt:15 Documentation/features/time/virt-cpuacct/arch-support.txt:15 Documentation/features/vm/TLB/arch-support.txt:16 Documentation/features/debug/gcov-profile-all/arch-support.txt:17 Documentation/features/io/dma-contiguous/arch-support.txt:17 Documentation/features/seccomp/seccomp-filter/arch-support.txt:17 Documentation/features/vm/pte_special/arch-support.txt:17 Documentation/features/core/eBPF-JIT/arch-support.txt:18 Documentation/features/debug/stackprotector/arch-support.txt:18 Documentation/features/debug/uprobes/arch-support.txt:18 Documentation/features/locking/queued-rwlocks/arch-support.txt:18 Documentation/features/vm/ELF-ASLR/arch-support.txt:18 Documentation/features/locking/queued-spinlocks/arch-support.txt:19 Documentation/features/time/context-tracking/arch-support.txt:19 Documentation/features/perf/perf-regs/arch-support.txt:20 Documentation/features/perf/perf-stackdump/arch-support.txt:20 Documentation/features/time/arch-tick-broadcast/arch-support.txt:20 Documentation/features/vm/ioremap_prot/arch-support.txt:20 Documentation/features/debug/kprobes-on-ftrace/arch-support.txt:21 Documentation/features/core/cBPF-JIT/arch-support.txt:22 Documentation/features/debug/KASAN/arch-support.txt:22 Documentation/features/debug/optprobes/arch-support.txt:22 Documentation/features/locking/cmpxchg-local/arch-support.txt:22 Documentation/features/sched/membarrier-sync-core/arch-support.txt:22 Documentation/features/vm/PG_uncached/arch-support.txt:23 Documentation/features/vm/huge-vmap/arch-support.txt:23 Documentation/features/debug/user-ret-profiler/arch-support.txt:24 m68k has a "TODO" against all of the above features, except for the 6 that I've indented. Some of these seem to be inapplicable (e.g. virt-cpuacct, perf-regs).
