Syscall: Micro fix the ioctl allow for aarch64

Micro fix the ioctl allow for aarch64

Signed-off-by: Yihua Jin <jinyihua@huawei.com>

0001-Micro-fix-the-ioctl-allow-for-aarch64.patch

@@ -0,0 +1,44 @@
+diff --git a/machine/src/aarch64/micro.rs b/machine/src/aarch64/micro.rs
+index d7e1b1d..42e9171 100644
+--- a/machine/src/aarch64/micro.rs
++++ b/machine/src/aarch64/micro.rs
+@@ -235,6 +235,7 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule {
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_ONE_REG() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_DEVICE_ATTR() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_REG_LIST() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_ONE_REG() as u32)
+ }
+ 
+ pub(crate) fn arch_syscall_whitelist() -> Vec<BpfRule> {
+diff --git a/machine/src/micro_common/syscall.rs b/machine/src/micro_common/syscall.rs
+index fe03164..6ae9a56 100644
+--- a/machine/src/micro_common/syscall.rs
++++ b/machine/src/micro_common/syscall.rs
+@@ -86,6 +86,7 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
+         BpfRule::new(libc::SYS_accept4),
+         BpfRule::new(libc::SYS_lseek),
+         futex_rule(),
++        BpfRule::new(libc::SYS_clone),
+         BpfRule::new(libc::SYS_exit),
+         BpfRule::new(libc::SYS_exit_group),
+         BpfRule::new(libc::SYS_rt_sigreturn),
+@@ -158,6 +159,7 @@ fn ioctl_allow_list() -> BpfRule {
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_API_VERSION() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MP_STATE() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MP_STATE() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32);
+     arch_ioctl_allow_list(bpf_rule)
+ }
+diff --git a/machine/src/x86_64/micro.rs b/machine/src/x86_64/micro.rs
+index d8fb92e..7b4e08e 100644
+--- a/machine/src/x86_64/micro.rs
++++ b/machine/src/x86_64/micro.rs
+@@ -238,7 +238,6 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule {
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_LAPIC() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MSRS() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MSRS() as u32)
+-        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_CPUID2() as u32)
+ }
+ 

stratovirt.spec

@@ -6,13 +6,14 @@
 
 Name:           stratovirt
 Version:        2.4.0
-Release:        1
+Release:        2
 Summary:        StratoVirt is an opensource VMM(Virtual Machine Manager) which aims to perform next generation virtualization.
 
 License:        MulanPSL-2.0
 URL:            https://gitee.com/openeuler/stratovirt
 Source0:        https://gitee.com/openeuler/stratovirt/releases/download/v%{version}/%{name}-%{version}.tar.gz
 
+Patch001:0001-Micro-fix-the-ioctl-allow-for-aarch64.patch
 
 ExclusiveArch:  x86_64 aarch64
 
@@ -100,6 +101,9 @@ install -d %{buildroot}%{_libdir}/stratovirt/static
 install -D -m555 ./target/%{rust_musl_target}/release/stratovirt %{buildroot}%{_libdir}/stratovirt/static
 
 %changelog
+* Thu Nov 21 2024 jinyihua <jinyihua@huawei.com> - 2.4.0-2
+- Micro fix the ioctl allow for aarch64
+
 * Fri May 10 2024 wenyuanlau <liuwenyuan9@huawei.com> 2.4.0-1
 - Update to StratoVirt 2.4.0