summaryrefslogtreecommitdiff
path: root/riscv-sandbox.patch
diff options
context:
space:
mode:
Diffstat (limited to 'riscv-sandbox.patch')
-rw-r--r--riscv-sandbox.patch2043
1 files changed, 2043 insertions, 0 deletions
diff --git a/riscv-sandbox.patch b/riscv-sandbox.patch
new file mode 100644
index 0000000..a73aa9d
--- /dev/null
+++ b/riscv-sandbox.patch
@@ -0,0 +1,2043 @@
+Index: chromium-122.0.6261.128/sandbox/features.gni
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/features.gni
++++ chromium-122.0.6261.128/sandbox/features.gni
+@@ -9,7 +9,8 @@
+ use_seccomp_bpf = (is_linux || is_chromeos || is_android) &&
+ (current_cpu == "x86" || current_cpu == "x64" ||
+ current_cpu == "arm" || current_cpu == "arm64" ||
+- current_cpu == "mipsel" || current_cpu == "mips64el")
++ current_cpu == "mipsel" || current_cpu == "mips64el" ||
++ current_cpu == "riscv64")
+
+ # SSBD (Speculative Store Bypass Disable) is a mitigation of Spectre Variant 4.
+ # As Spectre Variant 4 can be mitigated by site isolation, opt-out SSBD on site
+Index: chromium-122.0.6261.128/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
++++ chromium-122.0.6261.128/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
+@@ -56,6 +56,13 @@
+ #define MAX_PUBLIC_SYSCALL __NR_syscalls
+ #define MAX_SYSCALL MAX_PUBLIC_SYSCALL
+
++#elif defined(__riscv)
++
++#include <asm/unistd.h>
++#define MIN_SYSCALL 0u
++#define MAX_PUBLIC_SYSCALL __NR_syscalls
++#define MAX_SYSCALL MAX_PUBLIC_SYSCALL
++
+ #else
+ #error "Unsupported architecture"
+ #endif
+Index: chromium-122.0.6261.128/sandbox/linux/bpf_dsl/seccomp_macros.h
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/bpf_dsl/seccomp_macros.h
++++ chromium-122.0.6261.128/sandbox/linux/bpf_dsl/seccomp_macros.h
+@@ -343,6 +343,48 @@ struct regs_struct {
+ #define SECCOMP_PT_PARM4(_regs) (_regs).regs[3]
+ #define SECCOMP_PT_PARM5(_regs) (_regs).regs[4]
+ #define SECCOMP_PT_PARM6(_regs) (_regs).regs[5]
++
++#elif defined(__riscv)
++struct regs_struct {
++ unsigned long regs[32];
++};
++
++#define SECCOMP_ARCH AUDIT_ARCH_RISCV64
++
++#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.__gregs[_reg])
++
++#define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, REG_A0)
++#define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, REG_A0+7)
++#define SECCOMP_IP(_ctx) (_ctx)->uc_mcontext.__gregs[REG_PC]
++#define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, REG_A0)
++#define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, REG_A0+1)
++#define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, REG_A0+2)
++#define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, REG_A0+3)
++#define SECCOMP_PARM5(_ctx) SECCOMP_REG(_ctx, REG_A0+4)
++#define SECCOMP_PARM6(_ctx) SECCOMP_REG(_ctx, REG_A0+5)
++#define SECCOMP_PARM7(_ctx) SECCOMP_REG(_ctx, REG_A0+6)
++
++#define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr))
++#define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch))
++#define SECCOMP_IP_MSB_IDX \
++ (offsetof(struct arch_seccomp_data, instruction_pointer) + 4)
++#define SECCOMP_IP_LSB_IDX \
++ (offsetof(struct arch_seccomp_data, instruction_pointer) + 0)
++#define SECCOMP_ARG_MSB_IDX(nr) \
++ (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 4)
++#define SECCOMP_ARG_LSB_IDX(nr) \
++ (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 0)
++
++#define SECCOMP_PT_RESULT(_regs) (_regs).regs[REG_A0]
++#define SECCOMP_PT_SYSCALL(_regs) (_regs).regs[REG_A0+7]
++#define SECCOMP_PT_IP(_regs) (_regs).regs[REG_PC]
++#define SECCOMP_PT_PARM1(_regs) (_regs).regs[REG_A0]
++#define SECCOMP_PT_PARM2(_regs) (_regs).regs[REG_A0+1]
++#define SECCOMP_PT_PARM3(_regs) (_regs).regs[REG_A0+2]
++#define SECCOMP_PT_PARM4(_regs) (_regs).regs[REG_A0+3]
++#define SECCOMP_PT_PARM5(_regs) (_regs).regs[REG_A0+4]
++#define SECCOMP_PT_PARM6(_regs) (_regs).regs[REG_A0+5]
++#define SECCOMP_PT_PARM7(_regs) (_regs).regs[REG_A0+6]
+ #else
+ #error Unsupported target platform
+
+Index: chromium-122.0.6261.128/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
++++ chromium-122.0.6261.128/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+@@ -60,6 +60,9 @@ bool IsBaselinePolicyAllowed(int sysno)
+ #if defined(__mips__)
+ SyscallSets::IsMipsPrivate(sysno) ||
+ #endif
++#if defined(__riscv)
++ SyscallSets::IsRiscvPrivate(sysno) ||
++#endif
+ SyscallSets::IsAllowedOperationOnFd(sysno);
+ // clang-format on
+ }
+@@ -193,7 +196,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de
+ return RestrictFcntlCommands();
+ #endif
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ // fork() is never used as a system call (clone() is used instead), but we
+ // have seen it in fallback code on Android.
+ if (sysno == __NR_fork) {
+@@ -255,7 +258,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de
+ }
+
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ if (sysno == __NR_mmap)
+ return RestrictMmapFlags();
+ #endif
+@@ -276,7 +279,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de
+ return RestrictPrctl();
+
+ #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ if (sysno == __NR_socketpair) {
+ // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen.
+ static_assert(AF_UNIX == PF_UNIX,
+@@ -366,7 +369,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de
+ // Allow creating pipes, but don't allow weird flags to pipe2().
+ // O_NOTIFICATION_PIPE (== O_EXCL) can be used to create
+ // "notification pipes", which are rarely used.
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ if (sysno == __NR_pipe) {
+ return Allow();
+ }
+Index: chromium-122.0.6261.128/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
++++ chromium-122.0.6261.128/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+@@ -37,6 +37,7 @@
+
+ #if (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_LACROS)) && \
+ !defined(__arm__) && !defined(__aarch64__) && \
++ !defined(__riscv) && \
+ !defined(PTRACE_GET_THREAD_AREA)
+ // Also include asm/ptrace-abi.h since ptrace.h in older libc (for instance
+ // the one in Ubuntu 16.04 LTS) is missing PTRACE_GET_THREAD_AREA.
+@@ -463,8 +464,10 @@ ResultExpr RestrictPtrace() {
+ #endif
+ return Switch(request)
+ .Cases({
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ PTRACE_GETREGS, PTRACE_GETFPREGS, PTRACE_GET_THREAD_AREA,
++#endif
++#if !defined(__aarch64__)
+ PTRACE_GETREGSET,
+ #endif
+ #if defined(__arm__)
+Index: chromium-122.0.6261.128/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
++++ chromium-122.0.6261.128/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+@@ -103,7 +103,7 @@ bool SyscallSets::IsUmask(int sysno) {
+ // Both EPERM and ENOENT are valid errno unless otherwise noted in comment.
+ bool SyscallSets::IsFileSystem(int sysno) {
+ switch (sysno) {
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_access: // EPERM not a valid errno.
+ case __NR_chmod:
+ case __NR_chown:
+@@ -136,7 +136,7 @@ bool SyscallSets::IsFileSystem(int sysno
+ case __NR_faccessat2:
+ case __NR_fchmodat:
+ case __NR_fchownat: // Should be called chownat ?
+-#if defined(__x86_64__) || defined(__aarch64__)
++#if defined(__x86_64__) || defined(__aarch64__) || defined(__riscv)
+ case __NR_newfstatat: // fstatat(). EPERM not a valid errno.
+ #elif defined(__i386__) || defined(__arm__) || \
+ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
+@@ -241,7 +241,7 @@ bool SyscallSets::IsAllowedFileSystemAcc
+ case __NR_oldfstat:
+ #endif
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_sync_file_range: // EPERM not a valid errno.
+ #elif defined(__arm__)
+ case __NR_arm_sync_file_range: // EPERM not a valid errno.
+@@ -260,7 +260,7 @@ bool SyscallSets::IsDeniedFileSystemAcce
+ #if defined(__i386__) || defined(__arm__)
+ case __NR_fchown32:
+ #endif
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_getdents: // EPERM not a valid errno.
+ #endif
+ case __NR_getdents64: // EPERM not a valid errno.
+@@ -339,7 +339,7 @@ bool SyscallSets::IsProcessPrivilegeChan
+ bool SyscallSets::IsProcessGroupOrSession(int sysno) {
+ switch (sysno) {
+ case __NR_setpgid:
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_getpgrp:
+ #endif
+ case __NR_setsid:
+@@ -373,7 +373,7 @@ bool SyscallSets::IsAllowedSignalHandlin
+ case __NR_rt_sigqueueinfo:
+ case __NR_rt_sigsuspend:
+ case __NR_rt_tgsigqueueinfo:
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_signalfd:
+ #endif
+ case __NR_signalfd4:
+@@ -397,12 +397,12 @@ bool SyscallSets::IsAllowedOperationOnFd
+ switch (sysno) {
+ case __NR_close:
+ case __NR_dup:
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_dup2:
+ #endif
+ case __NR_dup3:
+ #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_shutdown:
+ #endif
+ return true;
+@@ -441,7 +441,7 @@ bool SyscallSets::IsAllowedProcessStartO
+ return true;
+ case __NR_clone: // Should be parameter-restricted.
+ case __NR_setns: // Privileged.
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_fork:
+ #endif
+ #if defined(__i386__) || defined(__x86_64__)
+@@ -452,7 +452,7 @@ bool SyscallSets::IsAllowedProcessStartO
+ #endif
+ case __NR_set_tid_address:
+ case __NR_unshare:
+-#if !defined(__mips__) && !defined(__aarch64__)
++#if !defined(__mips__) && !defined(__aarch64__) && !defined(__riscv)
+ case __NR_vfork:
+ #endif
+ default:
+@@ -477,7 +477,7 @@ bool SyscallSets::IsAllowedFutex(int sys
+
+ bool SyscallSets::IsAllowedEpoll(int sysno) {
+ switch (sysno) {
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_epoll_create:
+ case __NR_epoll_wait:
+ #endif
+@@ -499,7 +499,7 @@ bool SyscallSets::IsAllowedEpoll(int sys
+ bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) {
+ switch (sysno) {
+ #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_accept:
+ case __NR_accept4:
+ case __NR_bind:
+@@ -553,7 +553,7 @@ bool SyscallSets::IsAllowedAddressSpaceA
+ case __NR_mincore:
+ case __NR_mlockall:
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_mmap:
+ #endif
+ #if defined(__i386__) || defined(__arm__) || \
+@@ -586,7 +586,7 @@ bool SyscallSets::IsAllowedGeneralIo(int
+ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
+ case __NR__llseek:
+ #endif
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_poll:
+ #endif
+ case __NR_ppoll:
+@@ -607,7 +607,7 @@ bool SyscallSets::IsAllowedGeneralIo(int
+ case __NR_recv:
+ #endif
+ #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_recvfrom: // Could specify source.
+ case __NR_recvmsg: // Could specify source.
+ #endif
+@@ -622,7 +622,7 @@ bool SyscallSets::IsAllowedGeneralIo(int
+ case __NR_send:
+ #endif
+ #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_sendmsg: // Could specify destination.
+ case __NR_sendto: // Could specify destination.
+ #endif
+@@ -671,7 +671,7 @@ bool SyscallSets::IsSeccomp(int sysno) {
+ bool SyscallSets::IsAllowedBasicScheduler(int sysno) {
+ switch (sysno) {
+ case __NR_sched_yield:
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_pause:
+ #endif
+ case __NR_nanosleep:
+@@ -755,7 +755,7 @@ bool SyscallSets::IsNuma(int sysno) {
+ case __NR_getcpu:
+ case __NR_mbind:
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_migrate_pages:
+ #endif
+ case __NR_move_pages:
+@@ -790,7 +790,7 @@ bool SyscallSets::IsGlobalProcessEnviron
+ switch (sysno) {
+ case __NR_acct: // Privileged.
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_getrlimit:
+ #endif
+ #if defined(__i386__) || defined(__arm__)
+@@ -825,7 +825,7 @@ bool SyscallSets::IsDebug(int sysno) {
+
+ bool SyscallSets::IsGlobalSystemStatus(int sysno) {
+ switch (sysno) {
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR__sysctl:
+ case __NR_sysfs:
+ #endif
+@@ -843,7 +843,7 @@ bool SyscallSets::IsGlobalSystemStatus(i
+
+ bool SyscallSets::IsEventFd(int sysno) {
+ switch (sysno) {
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_eventfd:
+ #endif
+ case __NR_eventfd2:
+@@ -895,6 +895,7 @@ bool SyscallSets::IsKeyManagement(int sy
+ }
+
+ #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \
++ defined(__riscv) || \
+ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
+ bool SyscallSets::IsSystemVSemaphores(int sysno) {
+ switch (sysno) {
+@@ -914,7 +915,7 @@ bool SyscallSets::IsSystemVSemaphores(in
+ #endif
+
+ #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \
+- defined(__aarch64__) || \
++ defined(__aarch64__) || defined(__riscv) || \
+ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
+ // These give a lot of ambient authority and bypass the setuid sandbox.
+ bool SyscallSets::IsSystemVSharedMemory(int sysno) {
+@@ -931,6 +932,7 @@ bool SyscallSets::IsSystemVSharedMemory(
+ #endif
+
+ #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \
++ defined(__riscv) || \
+ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
+ bool SyscallSets::IsSystemVMessageQueue(int sysno) {
+ switch (sysno) {
+@@ -962,6 +964,7 @@ bool SyscallSets::IsSystemVIpc(int sysno
+
+ bool SyscallSets::IsAnySystemV(int sysno) {
+ #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \
++ defined(__riscv) || \
+ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
+ return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) ||
+ IsSystemVSharedMemory(sysno);
+@@ -999,7 +1002,7 @@ bool SyscallSets::IsAdvancedScheduler(in
+ bool SyscallSets::IsInotify(int sysno) {
+ switch (sysno) {
+ case __NR_inotify_add_watch:
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_inotify_init:
+ #endif
+ case __NR_inotify_init1:
+@@ -1134,7 +1137,7 @@ bool SyscallSets::IsMisc(int sysno) {
+ #if defined(__x86_64__)
+ case __NR_tuxcall:
+ #endif
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_vserver:
+ #endif
+ return true;
+@@ -1193,6 +1196,18 @@ bool SyscallSets::IsMipsMisc(int sysno)
+ }
+ #endif // defined(__mips__)
+
++#if defined(__riscv)
++bool SyscallSets::IsRiscvPrivate(int sysno) {
++ switch (sysno) {
++ case __NR_riscv_hwprobe:
++ case __NR_riscv_flush_icache:
++ return true;
++ default:
++ return false;
++ }
++}
++#endif // defined(__riscv)
++
+ bool SyscallSets::IsGoogle3Threading(int sysno) {
+ switch (sysno) {
+ case __NR_getitimer:
+Index: chromium-122.0.6261.128/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h
++++ chromium-122.0.6261.128/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h
+@@ -52,7 +52,7 @@ class SANDBOX_EXPORT SyscallSets {
+ #endif
+
+ #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ static bool IsNetworkSocketInformation(int sysno);
+ #endif
+
+@@ -79,18 +79,21 @@ class SANDBOX_EXPORT SyscallSets {
+ static bool IsAsyncIo(int sysno);
+ static bool IsKeyManagement(int sysno);
+ #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \
+- (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
++ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \
++ defined(__riscv)
+ static bool IsSystemVSemaphores(int sysno);
+ #endif
+ #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \
+ defined(__aarch64__) || \
+- (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
++ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \
++ defined(__riscv)
+ // These give a lot of ambient authority and bypass the setuid sandbox.
+ static bool IsSystemVSharedMemory(int sysno);
+ #endif
+
+ #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \
+- (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
++ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) || \
++ defined(__riscv)
+ static bool IsSystemVMessageQueue(int sysno);
+ #endif
+
+@@ -117,6 +120,9 @@ class SANDBOX_EXPORT SyscallSets {
+ static bool IsMipsPrivate(int sysno);
+ static bool IsMipsMisc(int sysno);
+ #endif // defined(__mips__)
++#if defined(__riscv)
++ static bool IsRiscvPrivate(int sysno);
++#endif
+ static bool IsGoogle3Threading(int sysno);
+ };
+
+Index: chromium-122.0.6261.128/sandbox/linux/seccomp-bpf/syscall.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/seccomp-bpf/syscall.cc
++++ chromium-122.0.6261.128/sandbox/linux/seccomp-bpf/syscall.cc
+@@ -18,7 +18,7 @@ namespace sandbox {
+ namespace {
+
+ #if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \
+- defined(ARCH_CPU_MIPS_FAMILY)
++ defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_RISCV_FAMILY)
+ // Number that's not currently used by any Linux kernel ABIs.
+ const int kInvalidSyscallNumber = 0x351d3;
+ #else
+@@ -308,6 +308,28 @@ asm(// We need to be able to tell the ke
+ "2:ret\n"
+ ".cfi_endproc\n"
+ ".size SyscallAsm, .-SyscallAsm\n"
++#elif defined(__riscv)
++ ".text\n"
++ ".align 2\n"
++ ".type SyscallAsm, %function\n"
++ "SyscallAsm:\n"
++ ".cfi_startproc\n"
++ "bgez a0,1f\n"
++ "lla a0,2f\n"
++ "j 2f\n"
++ "1:mv a7, a0\n"
++ "ld a0, (a1)\n"
++ "ld a2, 16(a1)\n"
++ "ld a3, 24(a1)\n"
++ "ld a4, 32(a1)\n"
++ "ld a5, 40(a1)\n"
++ "ld a6, 48(a1)\n"
++ "ld a1, 8(a1)\n"
++ // Enter the kernel
++ "scall\n"
++ "2:ret\n"
++ ".cfi_endproc\n"
++ ".size SyscallAsm, .-SyscallAsm\n"
+ #endif
+ ); // asm
+
+@@ -319,6 +341,10 @@ intptr_t SyscallAsm(intptr_t nr, const i
+ extern "C" {
+ intptr_t SyscallAsm(intptr_t nr, const intptr_t args[8]);
+ }
++#elif defined(__riscv)
++extern "C" {
++intptr_t SyscallAsm(intptr_t nr, const intptr_t args[7]);
++}
+ #endif
+
+ } // namespace
+@@ -351,6 +377,10 @@ intptr_t Syscall::Call(int nr,
+ // where that makes sense.
+ #if defined(__mips__)
+ const intptr_t args[8] = {p0, p1, p2, p3, p4, p5, p6, p7};
++#elif defined(__riscv)
++ DCHECK_EQ(p7, 0) << " Support for syscalls with more than seven arguments "
++ "not added for this architecture";
++ const intptr_t args[7] = {p0, p1, p2, p3, p4, p5, p6};
+ #else
+ DCHECK_EQ(p6, 0) << " Support for syscalls with more than six arguments not "
+ "added for this architecture";
+@@ -425,6 +455,8 @@ intptr_t Syscall::Call(int nr,
+ ret = inout;
+ }
+
++#elif defined(__riscv)
++ intptr_t ret = SyscallAsm(nr, args);
+ #else
+ #error "Unimplemented architecture"
+ #endif
+Index: chromium-122.0.6261.128/sandbox/linux/services/credentials.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/services/credentials.cc
++++ chromium-122.0.6261.128/sandbox/linux/services/credentials.cc
+@@ -80,7 +80,7 @@ bool ChrootToSafeEmptyDir() {
+ pid_t pid = -1;
+ alignas(16) char stack_buf[PTHREAD_STACK_MIN];
+ #if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \
+- defined(ARCH_CPU_MIPS_FAMILY)
++ defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_RISCV_FAMILY)
+ // The stack grows downward.
+ void* stack = stack_buf + sizeof(stack_buf);
+ #else
+Index: chromium-122.0.6261.128/sandbox/linux/services/syscall_wrappers.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/services/syscall_wrappers.cc
++++ chromium-122.0.6261.128/sandbox/linux/services/syscall_wrappers.cc
+@@ -61,7 +61,7 @@ long sys_clone(unsigned long flags,
+ #if defined(ARCH_CPU_X86_64)
+ return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls);
+ #elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \
+- defined(ARCH_CPU_MIPS_FAMILY)
++ defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_RISCV_FAMILY)
+ // CONFIG_CLONE_BACKWARDS defined.
+ return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid);
+ #endif
+Index: chromium-122.0.6261.128/sandbox/linux/syscall_broker/broker_process.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/syscall_broker/broker_process.cc
++++ chromium-122.0.6261.128/sandbox/linux/syscall_broker/broker_process.cc
+@@ -122,44 +122,46 @@ bool BrokerProcess::IsSyscallBrokerable(
+ // and are default disabled in Android. So, we should refuse to broker them
+ // to be consistent with the platform's restrictions.
+ switch (sysno) {
+-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID)
++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv)
+ case __NR_access:
+ #endif
+ case __NR_faccessat:
+ case __NR_faccessat2:
+ return !fast_check || policy_->allowed_command_set.test(COMMAND_ACCESS);
+
+-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID)
++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv)
+ case __NR_mkdir:
+ #endif
+ case __NR_mkdirat:
+ return !fast_check || policy_->allowed_command_set.test(COMMAND_MKDIR);
+
+-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID)
++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv)
+ case __NR_open:
+ #endif
+ case __NR_openat:
+ return !fast_check || policy_->allowed_command_set.test(COMMAND_OPEN);
+
+-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID)
++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv)
+ case __NR_readlink:
+ #endif
+ case __NR_readlinkat:
+ return !fast_check || policy_->allowed_command_set.test(COMMAND_READLINK);
+
+-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID)
++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv)
+ case __NR_rename:
+ #endif
++#ifdef __NR_renameat
+ case __NR_renameat:
++#endif
+ case __NR_renameat2:
+ return !fast_check || policy_->allowed_command_set.test(COMMAND_RENAME);
+
+-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID)
++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv)
+ case __NR_rmdir:
+ return !fast_check || policy_->allowed_command_set.test(COMMAND_RMDIR);
+ #endif
+
+-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID)
++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv)
+ case __NR_stat:
+ case __NR_lstat:
+ #endif
+@@ -169,7 +171,7 @@ bool BrokerProcess::IsSyscallBrokerable(
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+ #endif
+-#if defined(__x86_64__) || defined(__aarch64__)
++#if defined(__x86_64__) || defined(__aarch64__) || defined(__riscv)
+ case __NR_newfstatat:
+ #endif
+ return !fast_check || policy_->allowed_command_set.test(COMMAND_STAT);
+@@ -184,7 +186,7 @@ bool BrokerProcess::IsSyscallBrokerable(
+ return !fast_check || policy_->allowed_command_set.test(COMMAND_STAT);
+ #endif
+
+-#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID)
++#if !defined(__aarch64__) && !BUILDFLAG(IS_ANDROID) && !defined(__riscv)
+ case __NR_unlink:
+ return !fast_check || policy_->allowed_command_set.test(COMMAND_UNLINK);
+ #endif
+Index: chromium-122.0.6261.128/sandbox/linux/system_headers/linux_seccomp.h
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/system_headers/linux_seccomp.h
++++ chromium-122.0.6261.128/sandbox/linux/system_headers/linux_seccomp.h
+@@ -39,6 +39,10 @@
+ #define EM_AARCH64 183
+ #endif
+
++#ifndef EM_RISCV
++#define EM_RISCV 243
++#endif
++
+ #ifndef __AUDIT_ARCH_64BIT
+ #define __AUDIT_ARCH_64BIT 0x80000000
+ #endif
+@@ -71,6 +75,10 @@
+ #define AUDIT_ARCH_AARCH64 (EM_AARCH64 | __AUDIT_ARCH_64BIT | __AUDIT_ARCH_LE)
+ #endif
+
++#ifndef AUDIT_ARCH_RISCV64
++#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
++#endif
++
+ // For prctl.h
+ #ifndef PR_SET_SECCOMP
+ #define PR_SET_SECCOMP 22
+Index: chromium-122.0.6261.128/sandbox/linux/system_headers/linux_signal.h
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/system_headers/linux_signal.h
++++ chromium-122.0.6261.128/sandbox/linux/system_headers/linux_signal.h
+@@ -13,7 +13,7 @@
+ // (not undefined, but defined different values and in different memory
+ // layouts). So, fill the gap here.
+ #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+
+ #define LINUX_SIGHUP 1
+ #define LINUX_SIGINT 2
+Index: chromium-122.0.6261.128/sandbox/linux/system_headers/linux_stat.h
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/system_headers/linux_stat.h
++++ chromium-122.0.6261.128/sandbox/linux/system_headers/linux_stat.h
+@@ -150,7 +150,7 @@ struct kernel_stat {
+ int st_blocks;
+ int st_pad4[14];
+ };
+-#elif defined(__aarch64__)
++#elif defined(__aarch64__) || defined(__riscv)
+ struct kernel_stat {
+ unsigned long st_dev;
+ unsigned long st_ino;
+Index: chromium-122.0.6261.128/sandbox/linux/system_headers/linux_syscalls.h
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/linux/system_headers/linux_syscalls.h
++++ chromium-122.0.6261.128/sandbox/linux/system_headers/linux_syscalls.h
+@@ -35,5 +35,9 @@
+ #include "sandbox/linux/system_headers/arm64_linux_syscalls.h"
+ #endif
+
++#if defined(__riscv) && __riscv_xlen == 64
++#include "sandbox/linux/system_headers/riscv64_linux_syscalls.h"
++#endif
++
+ #endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_
+
+Index: chromium-122.0.6261.128/sandbox/linux/system_headers/riscv64_linux_syscalls.h
+===================================================================
+--- /dev/null
++++ chromium-122.0.6261.128/sandbox/linux/system_headers/riscv64_linux_syscalls.h
+@@ -0,0 +1,1226 @@
++// Copyright 2014 The Chromium Authors
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_RISCV64_LINUX_SYSCALLS_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_RISCV64_LINUX_SYSCALLS_H_
++
++#include <asm-generic/unistd.h>
++
++#if !defined(__NR_io_setup)
++#define __NR_io_setup 0
++#endif
++
++#if !defined(__NR_io_destroy)
++#define __NR_io_destroy 1
++#endif
++
++#if !defined(__NR_io_submit)
++#define __NR_io_submit 2
++#endif
++
++#if !defined(__NR_io_cancel)
++#define __NR_io_cancel 3
++#endif
++
++#if !defined(__NR_io_getevents)
++#define __NR_io_getevents 4
++#endif
++
++#if !defined(__NR_setxattr)
++#define __NR_setxattr 5
++#endif
++
++#if !defined(__NR_lsetxattr)
++#define __NR_lsetxattr 6
++#endif
++
++#if !defined(__NR_fsetxattr)
++#define __NR_fsetxattr 7
++#endif
++
++#if !defined(__NR_getxattr)
++#define __NR_getxattr 8
++#endif
++
++#if !defined(__NR_lgetxattr)
++#define __NR_lgetxattr 9
++#endif
++
++#if !defined(__NR_fgetxattr)
++#define __NR_fgetxattr 10
++#endif
++
++#if !defined(__NR_listxattr)
++#define __NR_listxattr 11
++#endif
++
++#if !defined(__NR_llistxattr)
++#define __NR_llistxattr 12
++#endif
++
++#if !defined(__NR_flistxattr)
++#define __NR_flistxattr 13
++#endif
++
++#if !defined(__NR_removexattr)
++#define __NR_removexattr 14
++#endif
++
++#if !defined(__NR_lremovexattr)
++#define __NR_lremovexattr 15
++#endif
++
++#if !defined(__NR_fremovexattr)
++#define __NR_fremovexattr 16
++#endif
++
++#if !defined(__NR_getcwd)
++#define __NR_getcwd 17
++#endif
++
++#if !defined(__NR_lookup_dcookie)
++#define __NR_lookup_dcookie 18
++#endif
++
++#if !defined(__NR_eventfd2)
++#define __NR_eventfd2 19
++#endif
++
++#if !defined(__NR_epoll_create1)
++#define __NR_epoll_create1 20
++#endif
++
++#if !defined(__NR_epoll_ctl)
++#define __NR_epoll_ctl 21
++#endif
++
++#if !defined(__NR_epoll_pwait)
++#define __NR_epoll_pwait 22
++#endif
++
++#if !defined(__NR_dup)
++#define __NR_dup 23
++#endif
++
++#if !defined(__NR_dup3)
++#define __NR_dup3 24
++#endif
++
++#if !defined(__NR_fcntl)
++#define __NR_fcntl 25
++#endif
++
++#if !defined(__NR_inotify_init1)
++#define __NR_inotify_init1 26
++#endif
++
++#if !defined(__NR_inotify_add_watch)
++#define __NR_inotify_add_watch 27
++#endif
++
++#if !defined(__NR_inotify_rm_watch)
++#define __NR_inotify_rm_watch 28
++#endif
++
++#if !defined(__NR_ioctl)
++#define __NR_ioctl 29
++#endif
++
++#if !defined(__NR_ioprio_set)
++#define __NR_ioprio_set 30
++#endif
++
++#if !defined(__NR_ioprio_get)
++#define __NR_ioprio_get 31
++#endif
++
++#if !defined(__NR_flock)
++#define __NR_flock 32
++#endif
++
++#if !defined(__NR_mknodat)
++#define __NR_mknodat 33
++#endif
++
++#if !defined(__NR_mkdirat)
++#define __NR_mkdirat 34
++#endif
++
++#if !defined(__NR_unlinkat)
++#define __NR_unlinkat 35
++#endif
++
++#if !defined(__NR_symlinkat)
++#define __NR_symlinkat 36
++#endif
++
++#if !defined(__NR_linkat)
++#define __NR_linkat 37
++#endif
++
++#if !defined(__NR_renameat)
++#define __NR_renameat 38
++#endif
++
++#if !defined(__NR_umount2)
++#define __NR_umount2 39
++#endif
++
++#if !defined(__NR_mount)
++#define __NR_mount 40
++#endif
++
++#if !defined(__NR_pivot_root)
++#define __NR_pivot_root 41
++#endif
++
++#if !defined(__NR_nfsservctl)
++#define __NR_nfsservctl 42
++#endif
++
++#if !defined(__NR_statfs)
++#define __NR_statfs 43
++#endif
++
++#if !defined(__NR_fstatfs)
++#define __NR_fstatfs 44
++#endif
++
++#if !defined(__NR_truncate)
++#define __NR_truncate 45
++#endif
++
++#if !defined(__NR_ftruncate)
++#define __NR_ftruncate 46
++#endif
++
++#if !defined(__NR_fallocate)
++#define __NR_fallocate 47
++#endif
++
++#if !defined(__NR_faccessat)
++#define __NR_faccessat 48
++#endif
++
++#if !defined(__NR_chdir)
++#define __NR_chdir 49
++#endif
++
++#if !defined(__NR_fchdir)
++#define __NR_fchdir 50
++#endif
++
++#if !defined(__NR_chroot)
++#define __NR_chroot 51
++#endif
++
++#if !defined(__NR_fchmod)
++#define __NR_fchmod 52
++#endif
++
++#if !defined(__NR_fchmodat)
++#define __NR_fchmodat 53
++#endif
++
++#if !defined(__NR_fchownat)
++#define __NR_fchownat 54
++#endif
++
++#if !defined(__NR_fchown)
++#define __NR_fchown 55
++#endif
++
++#if !defined(__NR_openat)
++#define __NR_openat 56
++#endif
++
++#if !defined(__NR_close)
++#define __NR_close 57
++#endif
++
++#if !defined(__NR_vhangup)
++#define __NR_vhangup 58
++#endif
++
++#if !defined(__NR_pipe2)
++#define __NR_pipe2 59
++#endif
++
++#if !defined(__NR_quotactl)
++#define __NR_quotactl 60
++#endif
++
++#if !defined(__NR_getdents64)
++#define __NR_getdents64 61
++#endif
++
++#if !defined(__NR_lseek)
++#define __NR_lseek 62
++#endif
++
++#if !defined(__NR_read)
++#define __NR_read 63
++#endif
++
++#if !defined(__NR_write)
++#define __NR_write 64
++#endif
++
++#if !defined(__NR_readv)
++#define __NR_readv 65
++#endif
++
++#if !defined(__NR_writev)
++#define __NR_writev 66
++#endif
++
++#if !defined(__NR_pread64)
++#define __NR_pread64 67
++#endif
++
++#if !defined(__NR_pwrite64)
++#define __NR_pwrite64 68
++#endif
++
++#if !defined(__NR_preadv)
++#define __NR_preadv 69
++#endif
++
++#if !defined(__NR_pwritev)
++#define __NR_pwritev 70
++#endif
++
++#if !defined(__NR_sendfile)
++#define __NR_sendfile 71
++#endif
++
++#if !defined(__NR_pselect6)
++#define __NR_pselect6 72
++#endif
++
++#if !defined(__NR_ppoll)
++#define __NR_ppoll 73
++#endif
++
++#if !defined(__NR_signalfd4)
++#define __NR_signalfd4 74
++#endif
++
++#if !defined(__NR_vmsplice)
++#define __NR_vmsplice 75
++#endif
++
++#if !defined(__NR_splice)
++#define __NR_splice 76
++#endif
++
++#if !defined(__NR_tee)
++#define __NR_tee 77
++#endif
++
++#if !defined(__NR_readlinkat)
++#define __NR_readlinkat 78
++#endif
++
++#if !defined(__NR_newfstatat)
++#define __NR_newfstatat 79
++#endif
++
++#if !defined(__NR_fstat)
++#define __NR_fstat 80
++#endif
++
++#if !defined(__NR_sync)
++#define __NR_sync 81
++#endif
++
++#if !defined(__NR_fsync)
++#define __NR_fsync 82
++#endif
++
++#if !defined(__NR_fdatasync)
++#define __NR_fdatasync 83
++#endif
++
++#if !defined(__NR_sync_file_range)
++#define __NR_sync_file_range 84
++#endif
++
++#if !defined(__NR_timerfd_create)
++#define __NR_timerfd_create 85
++#endif
++
++#if !defined(__NR_timerfd_settime)
++#define __NR_timerfd_settime 86
++#endif
++
++#if !defined(__NR_timerfd_gettime)
++#define __NR_timerfd_gettime 87
++#endif
++
++#if !defined(__NR_utimensat)
++#define __NR_utimensat 88
++#endif
++
++#if !defined(__NR_acct)
++#define __NR_acct 89
++#endif
++
++#if !defined(__NR_capget)
++#define __NR_capget 90
++#endif
++
++#if !defined(__NR_capset)
++#define __NR_capset 91
++#endif
++
++#if !defined(__NR_personality)
++#define __NR_personality 92
++#endif
++
++#if !defined(__NR_exit)
++#define __NR_exit 93
++#endif
++
++#if !defined(__NR_exit_group)
++#define __NR_exit_group 94
++#endif
++
++#if !defined(__NR_waitid)
++#define __NR_waitid 95
++#endif
++
++#if !defined(__NR_set_tid_address)
++#define __NR_set_tid_address 96
++#endif
++
++#if !defined(__NR_unshare)
++#define __NR_unshare 97
++#endif
++
++#if !defined(__NR_futex)
++#define __NR_futex 98
++#endif
++
++#if !defined(__NR_set_robust_list)
++#define __NR_set_robust_list 99
++#endif
++
++#if !defined(__NR_get_robust_list)
++#define __NR_get_robust_list 100
++#endif
++
++#if !defined(__NR_nanosleep)
++#define __NR_nanosleep 101
++#endif
++
++#if !defined(__NR_getitimer)
++#define __NR_getitimer 102
++#endif
++
++#if !defined(__NR_setitimer)
++#define __NR_setitimer 103
++#endif
++
++#if !defined(__NR_kexec_load)
++#define __NR_kexec_load 104
++#endif
++
++#if !defined(__NR_init_module)
++#define __NR_init_module 105
++#endif
++
++#if !defined(__NR_delete_module)
++#define __NR_delete_module 106
++#endif
++
++#if !defined(__NR_timer_create)
++#define __NR_timer_create 107
++#endif
++
++#if !defined(__NR_timer_gettime)
++#define __NR_timer_gettime 108
++#endif
++
++#if !defined(__NR_timer_getoverrun)
++#define __NR_timer_getoverrun 109
++#endif
++
++#if !defined(__NR_timer_settime)
++#define __NR_timer_settime 110
++#endif
++
++#if !defined(__NR_timer_delete)
++#define __NR_timer_delete 111
++#endif
++
++#if !defined(__NR_clock_settime)
++#define __NR_clock_settime 112
++#endif
++
++#if !defined(__NR_clock_gettime)
++#define __NR_clock_gettime 113
++#endif
++
++#if !defined(__NR_clock_getres)
++#define __NR_clock_getres 114
++#endif
++
++#if !defined(__NR_clock_nanosleep)
++#define __NR_clock_nanosleep 115
++#endif
++
++#if !defined(__NR_syslog)
++#define __NR_syslog 116
++#endif
++
++#if !defined(__NR_ptrace)
++#define __NR_ptrace 117
++#endif
++
++#if !defined(__NR_sched_setparam)
++#define __NR_sched_setparam 118
++#endif
++
++#if !defined(__NR_sched_setscheduler)
++#define __NR_sched_setscheduler 119
++#endif
++
++#if !defined(__NR_sched_getscheduler)
++#define __NR_sched_getscheduler 120
++#endif
++
++#if !defined(__NR_sched_getparam)
++#define __NR_sched_getparam 121
++#endif
++
++#if !defined(__NR_sched_setaffinity)
++#define __NR_sched_setaffinity 122
++#endif
++
++#if !defined(__NR_sched_getaffinity)
++#define __NR_sched_getaffinity 123
++#endif
++
++#if !defined(__NR_sched_yield)
++#define __NR_sched_yield 124
++#endif
++
++#if !defined(__NR_sched_get_priority_max)
++#define __NR_sched_get_priority_max 125
++#endif
++
++#if !defined(__NR_sched_get_priority_min)
++#define __NR_sched_get_priority_min 126
++#endif
++
++#if !defined(__NR_sched_rr_get_interval)
++#define __NR_sched_rr_get_interval 127
++#endif
++
++#if !defined(__NR_restart_syscall)
++#define __NR_restart_syscall 128
++#endif
++
++#if !defined(__NR_kill)
++#define __NR_kill 129
++#endif
++
++#if !defined(__NR_tkill)
++#define __NR_tkill 130
++#endif
++
++#if !defined(__NR_tgkill)
++#define __NR_tgkill 131
++#endif
++
++#if !defined(__NR_sigaltstack)
++#define __NR_sigaltstack 132
++#endif
++
++#if !defined(__NR_rt_sigsuspend)
++#define __NR_rt_sigsuspend 133
++#endif
++
++#if !defined(__NR_rt_sigaction)
++#define __NR_rt_sigaction 134
++#endif
++
++#if !defined(__NR_rt_sigprocmask)
++#define __NR_rt_sigprocmask 135
++#endif
++
++#if !defined(__NR_rt_sigpending)
++#define __NR_rt_sigpending 136
++#endif
++
++#if !defined(__NR_rt_sigtimedwait)
++#define __NR_rt_sigtimedwait 137
++#endif
++
++#if !defined(__NR_rt_sigqueueinfo)
++#define __NR_rt_sigqueueinfo 138
++#endif
++
++#if !defined(__NR_rt_sigreturn)
++#define __NR_rt_sigreturn 139
++#endif
++
++#if !defined(__NR_setpriority)
++#define __NR_setpriority 140
++#endif
++
++#if !defined(__NR_getpriority)
++#define __NR_getpriority 141
++#endif
++
++#if !defined(__NR_reboot)
++#define __NR_reboot 142
++#endif
++
++#if !defined(__NR_setregid)
++#define __NR_setregid 143
++#endif
++
++#if !defined(__NR_setgid)
++#define __NR_setgid 144
++#endif
++
++#if !defined(__NR_setreuid)
++#define __NR_setreuid 145
++#endif
++
++#if !defined(__NR_setuid)
++#define __NR_setuid 146
++#endif
++
++#if !defined(__NR_setresuid)
++#define __NR_setresuid 147
++#endif
++
++#if !defined(__NR_getresuid)
++#define __NR_getresuid 148
++#endif
++
++#if !defined(__NR_setresgid)
++#define __NR_setresgid 149
++#endif
++
++#if !defined(__NR_getresgid)
++#define __NR_getresgid 150
++#endif
++
++#if !defined(__NR_setfsuid)
++#define __NR_setfsuid 151
++#endif
++
++#if !defined(__NR_setfsgid)
++#define __NR_setfsgid 152
++#endif
++
++#if !defined(__NR_times)
++#define __NR_times 153
++#endif
++
++#if !defined(__NR_setpgid)
++#define __NR_setpgid 154
++#endif
++
++#if !defined(__NR_getpgid)
++#define __NR_getpgid 155
++#endif
++
++#if !defined(__NR_getsid)
++#define __NR_getsid 156
++#endif
++
++#if !defined(__NR_setsid)
++#define __NR_setsid 157
++#endif
++
++#if !defined(__NR_getgroups)
++#define __NR_getgroups 158
++#endif
++
++#if !defined(__NR_setgroups)
++#define __NR_setgroups 159
++#endif
++
++#if !defined(__NR_uname)
++#define __NR_uname 160
++#endif
++
++#if !defined(__NR_sethostname)
++#define __NR_sethostname 161
++#endif
++
++#if !defined(__NR_setdomainname)
++#define __NR_setdomainname 162
++#endif
++
++#if !defined(__NR_getrlimit)
++#define __NR_getrlimit 163
++#endif
++
++#if !defined(__NR_setrlimit)
++#define __NR_setrlimit 164
++#endif
++
++#if !defined(__NR_getrusage)
++#define __NR_getrusage 165
++#endif
++
++#if !defined(__NR_umask)
++#define __NR_umask 166
++#endif
++
++#if !defined(__NR_prctl)
++#define __NR_prctl 167
++#endif
++
++#if !defined(__NR_getcpu)
++#define __NR_getcpu 168
++#endif
++
++#if !defined(__NR_gettimeofday)
++#define __NR_gettimeofday 169
++#endif
++
++#if !defined(__NR_settimeofday)
++#define __NR_settimeofday 170
++#endif
++
++#if !defined(__NR_adjtimex)
++#define __NR_adjtimex 171
++#endif
++
++#if !defined(__NR_getpid)
++#define __NR_getpid 172
++#endif
++
++#if !defined(__NR_getppid)
++#define __NR_getppid 173
++#endif
++
++#if !defined(__NR_getuid)
++#define __NR_getuid 174
++#endif
++
++#if !defined(__NR_geteuid)
++#define __NR_geteuid 175
++#endif
++
++#if !defined(__NR_getgid)
++#define __NR_getgid 176
++#endif
++
++#if !defined(__NR_getegid)
++#define __NR_getegid 177
++#endif
++
++#if !defined(__NR_gettid)
++#define __NR_gettid 178
++#endif
++
++#if !defined(__NR_sysinfo)
++#define __NR_sysinfo 179
++#endif
++
++#if !defined(__NR_mq_open)
++#define __NR_mq_open 180
++#endif
++
++#if !defined(__NR_mq_unlink)
++#define __NR_mq_unlink 181
++#endif
++
++#if !defined(__NR_mq_timedsend)
++#define __NR_mq_timedsend 182
++#endif
++
++#if !defined(__NR_mq_timedreceive)
++#define __NR_mq_timedreceive 183
++#endif
++
++#if !defined(__NR_mq_notify)
++#define __NR_mq_notify 184
++#endif
++
++#if !defined(__NR_mq_getsetattr)
++#define __NR_mq_getsetattr 185
++#endif
++
++#if !defined(__NR_msgget)
++#define __NR_msgget 186
++#endif
++
++#if !defined(__NR_msgctl)
++#define __NR_msgctl 187
++#endif
++
++#if !defined(__NR_msgrcv)
++#define __NR_msgrcv 188
++#endif
++
++#if !defined(__NR_msgsnd)
++#define __NR_msgsnd 189
++#endif
++
++#if !defined(__NR_semget)
++#define __NR_semget 190
++#endif
++
++#if !defined(__NR_semctl)
++#define __NR_semctl 191
++#endif
++
++#if !defined(__NR_semtimedop)
++#define __NR_semtimedop 192
++#endif
++
++#if !defined(__NR_semop)
++#define __NR_semop 193
++#endif
++
++#if !defined(__NR_shmget)
++#define __NR_shmget 194
++#endif
++
++#if !defined(__NR_shmctl)
++#define __NR_shmctl 195
++#endif
++
++#if !defined(__NR_shmat)
++#define __NR_shmat 196
++#endif
++
++#if !defined(__NR_shmdt)
++#define __NR_shmdt 197
++#endif
++
++#if !defined(__NR_socket)
++#define __NR_socket 198
++#endif
++
++#if !defined(__NR_socketpair)
++#define __NR_socketpair 199
++#endif
++
++#if !defined(__NR_bind)
++#define __NR_bind 200
++#endif
++
++#if !defined(__NR_listen)
++#define __NR_listen 201
++#endif
++
++#if !defined(__NR_accept)
++#define __NR_accept 202
++#endif
++
++#if !defined(__NR_connect)
++#define __NR_connect 203
++#endif
++
++#if !defined(__NR_getsockname)
++#define __NR_getsockname 204
++#endif
++
++#if !defined(__NR_getpeername)
++#define __NR_getpeername 205
++#endif
++
++#if !defined(__NR_sendto)
++#define __NR_sendto 206
++#endif
++
++#if !defined(__NR_recvfrom)
++#define __NR_recvfrom 207
++#endif
++
++#if !defined(__NR_setsockopt)
++#define __NR_setsockopt 208
++#endif
++
++#if !defined(__NR_getsockopt)
++#define __NR_getsockopt 209
++#endif
++
++#if !defined(__NR_shutdown)
++#define __NR_shutdown 210
++#endif
++
++#if !defined(__NR_sendmsg)
++#define __NR_sendmsg 211
++#endif
++
++#if !defined(__NR_recvmsg)
++#define __NR_recvmsg 212
++#endif
++
++#if !defined(__NR_readahead)
++#define __NR_readahead 213
++#endif
++
++#if !defined(__NR_brk)
++#define __NR_brk 214
++#endif
++
++#if !defined(__NR_munmap)
++#define __NR_munmap 215
++#endif
++
++#if !defined(__NR_mremap)
++#define __NR_mremap 216
++#endif
++
++#if !defined(__NR_add_key)
++#define __NR_add_key 217
++#endif
++
++#if !defined(__NR_request_key)
++#define __NR_request_key 218
++#endif
++
++#if !defined(__NR_keyctl)
++#define __NR_keyctl 219
++#endif
++
++#if !defined(__NR_clone)
++#define __NR_clone 220
++#endif
++
++#if !defined(__NR_execve)
++#define __NR_execve 221
++#endif
++
++#if !defined(__NR_mmap)
++#define __NR_mmap 222
++#endif
++
++#if !defined(__NR_fadvise64)
++#define __NR_fadvise64 223
++#endif
++
++#if !defined(__NR_swapon)
++#define __NR_swapon 224
++#endif
++
++#if !defined(__NR_swapoff)
++#define __NR_swapoff 225
++#endif
++
++#if !defined(__NR_mprotect)
++#define __NR_mprotect 226
++#endif
++
++#if !defined(__NR_msync)
++#define __NR_msync 227
++#endif
++
++#if !defined(__NR_mlock)
++#define __NR_mlock 228
++#endif
++
++#if !defined(__NR_munlock)
++#define __NR_munlock 229
++#endif
++
++#if !defined(__NR_mlockall)
++#define __NR_mlockall 230
++#endif
++
++#if !defined(__NR_munlockall)
++#define __NR_munlockall 231
++#endif
++
++#if !defined(__NR_mincore)
++#define __NR_mincore 232
++#endif
++
++#if !defined(__NR_madvise)
++#define __NR_madvise 233
++#endif
++
++#if !defined(__NR_remap_file_pages)
++#define __NR_remap_file_pages 234
++#endif
++
++#if !defined(__NR_mbind)
++#define __NR_mbind 235
++#endif
++
++#if !defined(__NR_get_mempolicy)
++#define __NR_get_mempolicy 236
++#endif
++
++#if !defined(__NR_set_mempolicy)
++#define __NR_set_mempolicy 237
++#endif
++
++#if !defined(__NR_migrate_pages)
++#define __NR_migrate_pages 238
++#endif
++
++#if !defined(__NR_move_pages)
++#define __NR_move_pages 239
++#endif
++
++#if !defined(__NR_rt_tgsigqueueinfo)
++#define __NR_rt_tgsigqueueinfo 240
++#endif
++
++#if !defined(__NR_perf_event_open)
++#define __NR_perf_event_open 241
++#endif
++
++#if !defined(__NR_accept4)
++#define __NR_accept4 242
++#endif
++
++#if !defined(__NR_recvmmsg)
++#define __NR_recvmmsg 243
++#endif
++
++#if !defined(__NR_riscv_hwprobe)
++#define __NR_riscv_hwprobe 258
++#endif
++
++#if !defined(__NR_riscv_flush_icache)
++#define __NR_riscv_flush_icache 259
++#endif
++
++#if !defined(__NR_wait4)
++#define __NR_wait4 260
++#endif
++
++#if !defined(__NR_prlimit64)
++#define __NR_prlimit64 261
++#endif
++
++#if !defined(__NR_fanotify_init)
++#define __NR_fanotify_init 262
++#endif
++
++#if !defined(__NR_fanotify_mark)
++#define __NR_fanotify_mark 263
++#endif
++
++#if !defined(__NR_name_to_handle_at)
++#define __NR_name_to_handle_at 264
++#endif
++
++#if !defined(__NR_open_by_handle_at)
++#define __NR_open_by_handle_at 265
++#endif
++
++#if !defined(__NR_clock_adjtime)
++#define __NR_clock_adjtime 266
++#endif
++
++#if !defined(__NR_syncfs)
++#define __NR_syncfs 267
++#endif
++
++#if !defined(__NR_setns)
++#define __NR_setns 268
++#endif
++
++#if !defined(__NR_sendmmsg)
++#define __NR_sendmmsg 269
++#endif
++
++#if !defined(__NR_process_vm_readv)
++#define __NR_process_vm_readv 270
++#endif
++
++#if !defined(__NR_process_vm_writev)
++#define __NR_process_vm_writev 271
++#endif
++
++#if !defined(__NR_kcmp)
++#define __NR_kcmp 272
++#endif
++
++#if !defined(__NR_finit_module)
++#define __NR_finit_module 273
++#endif
++
++#if !defined(__NR_sched_setattr)
++#define __NR_sched_setattr 274
++#endif
++
++#if !defined(__NR_sched_getattr)
++#define __NR_sched_getattr 275
++#endif
++
++#if !defined(__NR_renameat2)
++#define __NR_renameat2 276
++#endif
++
++#if !defined(__NR_seccomp)
++#define __NR_seccomp 277
++#endif
++
++#if !defined(__NR_getrandom)
++#define __NR_getrandom 278
++#endif
++
++#if !defined(__NR_memfd_create)
++#define __NR_memfd_create 279
++#endif
++
++#if !defined(__NR_bpf)
++#define __NR_bpf 280
++#endif
++
++#if !defined(__NR_execveat)
++#define __NR_execveat 281
++#endif
++
++#if !defined(__NR_userfaultfd)
++#define __NR_userfaultfd 282
++#endif
++
++#if !defined(__NR_membarrier)
++#define __NR_membarrier 283
++#endif
++
++#if !defined(__NR_mlock2)
++#define __NR_mlock2 284
++#endif
++
++#if !defined(__NR_copy_file_range)
++#define __NR_copy_file_range 285
++#endif
++
++#if !defined(__NR_preadv2)
++#define __NR_preadv2 286
++#endif
++
++#if !defined(__NR_pwritev2)
++#define __NR_pwritev2 287
++#endif
++
++#if !defined(__NR_pkey_mprotect)
++#define __NR_pkey_mprotect 288
++#endif
++
++#if !defined(__NR_pkey_alloc)
++#define __NR_pkey_alloc 289
++#endif
++
++#if !defined(__NR_pkey_free)
++#define __NR_pkey_free 290
++#endif
++
++#if !defined(__NR_statx)
++#define __NR_statx 291
++#endif
++
++#if !defined(__NR_io_pgetevents)
++#define __NR_io_pgetevents 292
++#endif
++
++#if !defined(__NR_rseq)
++#define __NR_rseq 293
++#endif
++
++#if !defined(__NR_kexec_file_load)
++#define __NR_kexec_file_load 294
++#endif
++
++#if !defined(__NR_pidfd_send_signal)
++#define __NR_pidfd_send_signal 424
++#endif
++
++#if !defined(__NR_io_uring_setup)
++#define __NR_io_uring_setup 425
++#endif
++
++#if !defined(__NR_io_uring_enter)
++#define __NR_io_uring_enter 426
++#endif
++
++#if !defined(__NR_io_uring_register)
++#define __NR_io_uring_register 427
++#endif
++
++#if !defined(__NR_open_tree)
++#define __NR_open_tree 428
++#endif
++
++#if !defined(__NR_move_mount)
++#define __NR_move_mount 429
++#endif
++
++#if !defined(__NR_fsopen)
++#define __NR_fsopen 430
++#endif
++
++#if !defined(__NR_fsconfig)
++#define __NR_fsconfig 431
++#endif
++
++#if !defined(__NR_fsmount)
++#define __NR_fsmount 432
++#endif
++
++#if !defined(__NR_fspick)
++#define __NR_fspick 433
++#endif
++
++#if !defined(__NR_pidfd_open)
++#define __NR_pidfd_open 434
++#endif
++
++#if !defined(__NR_clone3)
++#define __NR_clone3 435
++#endif
++
++#if !defined(__NR_close_range)
++#define __NR_close_range 436
++#endif
++
++#if !defined(__NR_openat2)
++#define __NR_openat2 437
++#endif
++
++#if !defined(__NR_pidfd_getfd)
++#define __NR_pidfd_getfd 438
++#endif
++
++#if !defined(__NR_faccessat2)
++#define __NR_faccessat2 439
++#endif
++
++#if !defined(__NR_process_madvise)
++#define __NR_process_madvise 440
++#endif
++
++#if !defined(__NR_epoll_pwait2)
++#define __NR_epoll_pwait2 441
++#endif
++
++#if !defined(__NR_mount_setattr)
++#define __NR_mount_setattr 442
++#endif
++
++#if !defined(__NR_quotactl_path)
++#define __NR_quotactl_path 443
++#endif
++
++#if !defined(__NR_landlock_create_ruleset)
++#define __NR_landlock_create_ruleset 444
++#endif
++
++#if !defined(__NR_landlock_add_rule)
++#define __NR_landlock_add_rule 445
++#endif
++
++#if !defined(__NR_landlock_restrict_self)
++#define __NR_landlock_restrict_self 446
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_RISCV64_LINUX_SYSCALLS_H_
+Index: chromium-122.0.6261.128/sandbox/policy/linux/bpf_cdm_policy_linux.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/policy/linux/bpf_cdm_policy_linux.cc
++++ chromium-122.0.6261.128/sandbox/policy/linux/bpf_cdm_policy_linux.cc
+@@ -33,7 +33,7 @@ ResultExpr CdmProcessPolicy::EvaluateSys
+ case __NR_ftruncate:
+ case __NR_fallocate:
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_getrlimit:
+ #endif
+ #if defined(__i386__) || defined(__arm__)
+Index: chromium-122.0.6261.128/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.cc
++++ chromium-122.0.6261.128/sandbox/policy/linux/bpf_cros_amd_gpu_policy_linux.cc
+@@ -38,7 +38,7 @@ ResultExpr CrosAmdGpuProcessPolicy::Eval
+ case __NR_sched_setscheduler:
+ case __NR_sysinfo:
+ case __NR_uname:
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_readlink:
+ case __NR_stat:
+ #endif
+Index: chromium-122.0.6261.128/sandbox/policy/linux/bpf_gpu_policy_linux.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/policy/linux/bpf_gpu_policy_linux.cc
++++ chromium-122.0.6261.128/sandbox/policy/linux/bpf_gpu_policy_linux.cc
+@@ -73,7 +73,7 @@ ResultExpr GpuProcessPolicy::EvaluateSys
+ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
+ case __NR_ftruncate64:
+ #endif
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_getdents:
+ #endif
+ case __NR_getdents64:
+Index: chromium-122.0.6261.128/sandbox/policy/linux/bpf_network_policy_linux.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/policy/linux/bpf_network_policy_linux.cc
++++ chromium-122.0.6261.128/sandbox/policy/linux/bpf_network_policy_linux.cc
+@@ -255,7 +255,7 @@ ResultExpr NetworkProcessPolicy::Evaluat
+ case __NR_fdatasync:
+ case __NR_fsync:
+ case __NR_mremap:
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(__riscv)
+ case __NR_getdents:
+ #endif
+ case __NR_getdents64:
+Index: chromium-122.0.6261.128/sandbox/policy/linux/bpf_print_compositor_policy_linux.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/policy/linux/bpf_print_compositor_policy_linux.cc
++++ chromium-122.0.6261.128/sandbox/policy/linux/bpf_print_compositor_policy_linux.cc
+@@ -33,7 +33,7 @@ ResultExpr PrintCompositorProcessPolicy:
+ case __NR_fdatasync:
+ case __NR_fsync:
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined (__riscv)
+ case __NR_getrlimit:
+ #endif
+ #if defined(__i386__) || defined(__arm__)
+Index: chromium-122.0.6261.128/sandbox/policy/linux/bpf_renderer_policy_linux.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/policy/linux/bpf_renderer_policy_linux.cc
++++ chromium-122.0.6261.128/sandbox/policy/linux/bpf_renderer_policy_linux.cc
+@@ -82,7 +82,7 @@ ResultExpr RendererProcessPolicy::Evalua
+ case __NR_ftruncate64:
+ #endif
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_getrlimit:
+ case __NR_setrlimit:
+ // We allow setrlimit to dynamically adjust the address space limit as
+Index: chromium-122.0.6261.128/sandbox/policy/linux/bpf_service_policy_linux.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/policy/linux/bpf_service_policy_linux.cc
++++ chromium-122.0.6261.128/sandbox/policy/linux/bpf_service_policy_linux.cc
+@@ -26,7 +26,7 @@ ResultExpr ServiceProcessPolicy::Evaluat
+ return RestrictIoctl();
+ // Allow the system calls below.
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_getrlimit:
+ #endif
+ #if defined(__i386__) || defined(__arm__)
+Index: chromium-122.0.6261.128/sandbox/policy/linux/bpf_utility_policy_linux.cc
+===================================================================
+--- chromium-122.0.6261.128.orig/sandbox/policy/linux/bpf_utility_policy_linux.cc
++++ chromium-122.0.6261.128/sandbox/policy/linux/bpf_utility_policy_linux.cc
+@@ -34,7 +34,7 @@ ResultExpr UtilityProcessPolicy::Evaluat
+ case __NR_fdatasync:
+ case __NR_fsync:
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+- defined(__aarch64__)
++ defined(__aarch64__) || defined(__riscv)
+ case __NR_getrlimit:
+ #endif
+ #if defined(__i386__) || defined(__arm__)
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 22:56:02 +0000