packages/stratovirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
stratovirt/0001-Micro-fix-the-ioctl-allow-for-aarch64.patch
金溢华 1326f231cf Syscall: Micro fix the ioctl allow for aarch64 
Micro fix the ioctl allow for aarch64

Signed-off-by: Yihua Jin <jinyihua@huawei.com>
2024-11-25 10:00:41 +08:00

45 lines
2.2 KiB
Diff
Raw Blame History

diff --git a/machine/src/aarch64/micro.rs b/machine/src/aarch64/micro.rs
index d7e1b1d..42e9171 100644
--- a/machine/src/aarch64/micro.rs
+++ b/machine/src/aarch64/micro.rs
@@ -235,6 +235,7 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule {
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_ONE_REG() as u32)
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_DEVICE_ATTR() as u32)
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_REG_LIST() as u32)
+ .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_ONE_REG() as u32)
}
pub(crate) fn arch_syscall_whitelist() -> Vec<BpfRule> {
diff --git a/machine/src/micro_common/syscall.rs b/machine/src/micro_common/syscall.rs
index fe03164..6ae9a56 100644
--- a/machine/src/micro_common/syscall.rs
+++ b/machine/src/micro_common/syscall.rs
@@ -86,6 +86,7 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
BpfRule::new(libc::SYS_accept4),
BpfRule::new(libc::SYS_lseek),
futex_rule(),
+ BpfRule::new(libc::SYS_clone),
BpfRule::new(libc::SYS_exit),
BpfRule::new(libc::SYS_exit_group),
BpfRule::new(libc::SYS_rt_sigreturn),
@@ -158,6 +159,7 @@ fn ioctl_allow_list() -> BpfRule {
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_API_VERSION() as u32)
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MP_STATE() as u32)
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MP_STATE() as u32)
+ .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32);
arch_ioctl_allow_list(bpf_rule)
}
diff --git a/machine/src/x86_64/micro.rs b/machine/src/x86_64/micro.rs
index d8fb92e..7b4e08e 100644
--- a/machine/src/x86_64/micro.rs
+++ b/machine/src/x86_64/micro.rs
@@ -238,7 +238,6 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule {
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_LAPIC() as u32)
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MSRS() as u32)
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MSRS() as u32)
- .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_CPUID2() as u32)
}
Reference in New Issue View Git Blame Copy Permalink