stratovirt/0004-micro_comman-syscall-Update-ioctl-allow-list.patch

From e9c9d3de82eb926ab6d494358c7a1891b171e190 Mon Sep 17 00:00:00 2001
From: frankyj915 <yangjieyj.yang@huawei.com>
Date: Sun, 15 Dec 2024 09:35:03 +0800
Subject: [PATCH] micro_comman/syscall: Update ioctl allow list

Signed-off-by: frankyj915 <yangjieyj.yang@huawei.com>
---
 hypervisor/src/kvm/mod.rs           | 6 ++++++
 machine/src/micro_common/syscall.rs | 8 +++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/hypervisor/src/kvm/mod.rs b/hypervisor/src/kvm/mod.rs
index e20f102..b88aeed 100644
--- a/hypervisor/src/kvm/mod.rs
+++ b/hypervisor/src/kvm/mod.rs
@@ -99,6 +99,12 @@ ioctl_iowr_nr!(KVM_GET_IRQCHIP, KVMIO, 0x62, kvm_irqchip);
 ioctl_iow_nr!(KVM_IRQ_LINE, KVMIO, 0x61, kvm_irq_level);
 ioctl_iow_nr!(KVM_SET_MP_STATE, KVMIO, 0x99, kvm_mp_state);
 ioctl_iow_nr!(KVM_SET_VCPU_EVENTS, KVMIO, 0xa0, kvm_vcpu_events);
+#[cfg(target_arch = "x86_64")]
+ioctl_iow_nr!(KVM_SET_PIT2, KVMIO, 0xa0, kvm_pit_state2);
+#[cfg(target_arch = "x86_64")]
+ioctl_iow_nr!(KVM_SET_CLOCK, KVMIO, 0x7b, kvm_clock_data);
+#[cfg(target_arch = "x86_64")]
+ioctl_ior_nr!(KVM_SET_IRQCHIP, KVMIO, 0x63, kvm_irqchip);
 
 #[allow(clippy::upper_case_acronyms)]
 #[derive(Default)]
diff --git a/machine/src/micro_common/syscall.rs b/machine/src/micro_common/syscall.rs
index 6ae9a56..ca8327f 100644
--- a/machine/src/micro_common/syscall.rs
+++ b/machine/src/micro_common/syscall.rs
@@ -160,7 +160,13 @@ fn ioctl_allow_list() -> BpfRule {
         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MP_STATE() as u32)
         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MP_STATE() as u32)
         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
-        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32);
+        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32)
+        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_USER_MEMORY_REGION);
+    #[cfg(target_arch = "x86_64")]
+    let bpf_rule = bpf_rule
+        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_PIT2() as u32)
+        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_CLOCK() as u32)
+        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_IRQCHIP() as u32);
     arch_ioctl_allow_list(bpf_rule)
 }
 
-- 
2.34.1
Update to 2.4.0-5 Signed-off-by: frankyj915 <yangjieyj.yang@huawei.com> 2024-12-15 09:45:18 +08:00			`From e9c9d3de82eb926ab6d494358c7a1891b171e190 Mon Sep 17 00:00:00 2001`
			`From: frankyj915 <yangjieyj.yang@huawei.com>`
			`Date: Sun, 15 Dec 2024 09:35:03 +0800`
			`Subject: [PATCH] micro_comman/syscall: Update ioctl allow list`

			`Signed-off-by: frankyj915 <yangjieyj.yang@huawei.com>`
			`---`
			`hypervisor/src/kvm/mod.rs \| 6 ++++++`
			`machine/src/micro_common/syscall.rs \| 8 +++++++-`
			`2 files changed, 13 insertions(+), 1 deletion(-)`

			`diff --git a/hypervisor/src/kvm/mod.rs b/hypervisor/src/kvm/mod.rs`
			`index e20f102..b88aeed 100644`
			`--- a/hypervisor/src/kvm/mod.rs`
			`+++ b/hypervisor/src/kvm/mod.rs`
			`@@ -99,6 +99,12 @@ ioctl_iowr_nr!(KVM_GET_IRQCHIP, KVMIO, 0x62, kvm_irqchip);`
			`ioctl_iow_nr!(KVM_IRQ_LINE, KVMIO, 0x61, kvm_irq_level);`
			`ioctl_iow_nr!(KVM_SET_MP_STATE, KVMIO, 0x99, kvm_mp_state);`
			`ioctl_iow_nr!(KVM_SET_VCPU_EVENTS, KVMIO, 0xa0, kvm_vcpu_events);`
			`+#[cfg(target_arch = "x86_64")]`
			`+ioctl_iow_nr!(KVM_SET_PIT2, KVMIO, 0xa0, kvm_pit_state2);`
			`+#[cfg(target_arch = "x86_64")]`
			`+ioctl_iow_nr!(KVM_SET_CLOCK, KVMIO, 0x7b, kvm_clock_data);`
			`+#[cfg(target_arch = "x86_64")]`
			`+ioctl_ior_nr!(KVM_SET_IRQCHIP, KVMIO, 0x63, kvm_irqchip);`

			`#[allow(clippy::upper_case_acronyms)]`
			`#[derive(Default)]`
			`diff --git a/machine/src/micro_common/syscall.rs b/machine/src/micro_common/syscall.rs`
			`index 6ae9a56..ca8327f 100644`
			`--- a/machine/src/micro_common/syscall.rs`
			`+++ b/machine/src/micro_common/syscall.rs`
			`@@ -160,7 +160,13 @@ fn ioctl_allow_list() -> BpfRule {`
			`.add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MP_STATE() as u32)`
			`.add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MP_STATE() as u32)`
			`.add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)`
			`- .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32);`
			`+ .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32)`
			`+ .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_USER_MEMORY_REGION);`
			`+ #[cfg(target_arch = "x86_64")]`
			`+ let bpf_rule = bpf_rule`
			`+ .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_PIT2() as u32)`
			`+ .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_CLOCK() as u32)`
			`+ .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_IRQCHIP() as u32);`
			`arch_ioctl_allow_list(bpf_rule)`
			`}`

			`--`
			`2.34.1`