packages/stratovirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
stratovirt/syscall-add-syscall-newfstatat-in-x86_64-unknown-lin.patch
Jie Yang 2d9d03c21a Update version to 2.0.0-6 
Signed-off-by: Jie Yang <yangjieyj.yang@huawei.com>
(cherry picked from commit 6158eab66897bf7fb11ce7ae8c3b568f8de0e2dd)
2021-08-30 21:19:11 +08:00

100 lines
4.1 KiB
Diff
Raw Blame History

From 2a70e217561e64f460e95d4d89d145fc615f12ec Mon Sep 17 00:00:00 2001
From: Qi Xi <xiqi1@huawei.com>
Date: Fri, 20 Aug 2021 15:43:00 +0800
Subject: [PATCH 6/8] syscall: add syscall "newfstatat" in
x86_64-unknown-linux-gnu target
When we run stratovirt, built with GNU toolchain on x86 platform, and
use serial port for IO, it will be blocked. The bug is caused by when
it is the first time for rtc device to call "libc::gmtime_r" after
seccomp taking effect, it will use the syscall "newfstatat" which is
not in the syscall whitelist.
The bug is fixed by adding "newfstatat" to syscall whitelist with
x86_64-unknown-linux-gnu target.
Signed-off-by: Qi Xi <xiqi1@huawei.com>
---
docs/config_guidebook.md | 18 +++++++++++++++---
machine/src/micro_vm/syscall.rs | 4 +++-
machine/src/standard_vm/x86_64/syscall.rs | 4 +++-
3 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/docs/config_guidebook.md b/docs/config_guidebook.md
index 6a5cda7..72b4c7e 100644
--- a/docs/config_guidebook.md
+++ b/docs/config_guidebook.md
@@ -679,10 +679,22 @@ And you can also restore StratoVirt's **pid number** to a file by:
### 4.2 Seccomp
StratoVirt use [seccomp(2)](https://man7.org/linux/man-pages/man2/seccomp.2.html) to limit the syscalls
-in StratoVirt process by default. StratoVirt use only 40 syscalls in x86_64 (39 syscalls in aarch64) after running.
-It will make a slight influence on performance to StratoVirt. If you want to disable seccomp, you can
-run StratoVirt with `-disable-seccomp`.
+in StratoVirt process by default. It will make a slight influence on performance to StratoVirt.
+* X86_64
+| Number of Syscalls | GNU Toolchain | MUSL Toolchain |
+| :----------------: | :-----------: | :------------: |
+| Micro_vm | 41 | 41 |
+| Standard_vm | 46 | 43 |
+
+* AArch64
+
+| Number of Syscalls | GNU Toolchain | MUSL Toolchain |
+| :----------------: | :-----------: | :------------: |
+| Micro_vm | 39 | 40 |
+| Standard_vm | 43 | 42 |
+
+If you want to disable seccomp, you can run StratoVirt with `-disable-seccomp`.
```shell
# cmdline
-disable-seccomp
diff --git a/machine/src/micro_vm/syscall.rs b/machine/src/micro_vm/syscall.rs
index eb52df6..ddc9023 100644
--- a/machine/src/micro_vm/syscall.rs
+++ b/machine/src/micro_vm/syscall.rs
@@ -92,7 +92,7 @@ ioctl_iowr_nr!(KVM_GET_REG_LIST, KVMIO, 0xb0, kvm_reg_list);
///
/// # Notes
/// This allowlist limit syscall with:
-/// * x86_64-unknown-gnu: 40 syscalls
+/// * x86_64-unknown-gnu: 41 syscalls
/// * x86_64-unknown-musl: 41 syscalls
/// * aarch64-unknown-gnu: 39 syscalls
/// * aarch64-unknown-musl: 40 syscalls
@@ -153,6 +153,8 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
BpfRule::new(libc::SYS_statx),
#[cfg(all(target_env = "musl", target_arch = "x86_64"))]
BpfRule::new(libc::SYS_stat),
+ #[cfg(all(target_env = "gnu", target_arch = "x86_64"))]
+ BpfRule::new(libc::SYS_newfstatat),
#[cfg(all(target_env = "musl", target_arch = "aarch64"))]
BpfRule::new(libc::SYS_newfstatat),
#[cfg(target_arch = "x86_64")]
diff --git a/machine/src/standard_vm/x86_64/syscall.rs b/machine/src/standard_vm/x86_64/syscall.rs
index d794c78..dddeb8a 100644
--- a/machine/src/standard_vm/x86_64/syscall.rs
+++ b/machine/src/standard_vm/x86_64/syscall.rs
@@ -78,7 +78,7 @@ ioctl_iowr_nr!(KVM_GET_MSRS, KVMIO, 0x88, kvm_msrs);
///
/// # Notes
/// This allowlist limit syscall with:
-/// * x86_64-unknown-gnu: 45 syscalls
+/// * x86_64-unknown-gnu: 46 syscalls
/// * x86_64-unknown-musl: 43 syscalls
/// To reduce performance losses, the syscall rules is ordered by frequency.
pub fn syscall_whitelist() -> Vec<BpfRule> {
@@ -132,6 +132,8 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
BpfRule::new(libc::SYS_gettid),
BpfRule::new(libc::SYS_getpid),
BpfRule::new(libc::SYS_fstat),
+ #[cfg(all(target_env = "gnu"))]
+ BpfRule::new(libc::SYS_newfstatat),
BpfRule::new(libc::SYS_pread64),
BpfRule::new(libc::SYS_pwrite64),
BpfRule::new(libc::SYS_statx),
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink