From e9c9d3de82eb926ab6d494358c7a1891b171e190 Mon Sep 17 00:00:00 2001
From: frankyj915 <yangjieyj.yang@huawei.com>
Date: Sun, 15 Dec 2024 09:35:03 +0800
Subject: [PATCH] micro_comman/syscall: Update ioctl allow list

Signed-off-by: frankyj915 <yangjieyj.yang@huawei.com>
---
 hypervisor/src/kvm/mod.rs           | 6 ++++++
 machine/src/micro_common/syscall.rs | 8 +++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/hypervisor/src/kvm/mod.rs b/hypervisor/src/kvm/mod.rs
index e20f102..b88aeed 100644
--- a/hypervisor/src/kvm/mod.rs
+++ b/hypervisor/src/kvm/mod.rs
@@ -99,6 +99,12 @@ ioctl_iowr_nr!(KVM_GET_IRQCHIP, KVMIO, 0x62, kvm_irqchip);
 ioctl_iow_nr!(KVM_IRQ_LINE, KVMIO, 0x61, kvm_irq_level);
 ioctl_iow_nr!(KVM_SET_MP_STATE, KVMIO, 0x99, kvm_mp_state);
 ioctl_iow_nr!(KVM_SET_VCPU_EVENTS, KVMIO, 0xa0, kvm_vcpu_events);
+#[cfg(target_arch = "x86_64")]
+ioctl_iow_nr!(KVM_SET_PIT2, KVMIO, 0xa0, kvm_pit_state2);
+#[cfg(target_arch = "x86_64")]
+ioctl_iow_nr!(KVM_SET_CLOCK, KVMIO, 0x7b, kvm_clock_data);
+#[cfg(target_arch = "x86_64")]
+ioctl_ior_nr!(KVM_SET_IRQCHIP, KVMIO, 0x63, kvm_irqchip);
 
 #[allow(clippy::upper_case_acronyms)]
 #[derive(Default)]
diff --git a/machine/src/micro_common/syscall.rs b/machine/src/micro_common/syscall.rs
index 6ae9a56..ca8327f 100644
--- a/machine/src/micro_common/syscall.rs
+++ b/machine/src/micro_common/syscall.rs
@@ -160,7 +160,13 @@ fn ioctl_allow_list() -> BpfRule {
         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MP_STATE() as u32)
         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MP_STATE() as u32)
         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
-        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32);
+        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32)
+        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_USER_MEMORY_REGION);
+    #[cfg(target_arch = "x86_64")]
+    let bpf_rule = bpf_rule
+        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_PIT2() as u32)
+        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_CLOCK() as u32)
+        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_IRQCHIP() as u32);
     arch_ioctl_allow_list(bpf_rule)
 }
 
-- 
2.34.1