packages/stratovirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
stratovirt/0006-syscall-add-syscall-newfstatat-in-x86_64-unknown-lin.patch
Jie Yang 7575a30103 Update version to 2.0.0-3 
virtio: fix dev_id initialization for virtio-pci and vfio device on aarch64 platform
vfio: fix the problem of dma mapping failed
syscall: add syscall "newfstatat" in x86_64-unknown-linux-gnu target
kernel_config: update kernel config 5.10 on aarch64 platform
machine/standard_vm: fix inappropriate file open permissions
migration: fix an errors during the PL011 device state restore
migration: fix an error during migration interface on aarch64
fix spelling errors in project

(cherry picked from commit a12a13829fa5d788667e11b886c254760e6a4579)
2021-08-21 02:49:04 +08:00

100 lines
4.1 KiB
Diff
Raw Blame History

From 2a70e217561e64f460e95d4d89d145fc615f12ec Mon Sep 17 00:00:00 2001
From: Qi Xi <xiqi1@huawei.com>
Date: Fri, 20 Aug 2021 15:43:00 +0800
Subject: [PATCH 6/8] syscall: add syscall "newfstatat" in
x86_64-unknown-linux-gnu target
When we run stratovirt, built with GNU toolchain on x86 platform, and
use serial port for IO, it will be blocked. The bug is caused by when
it is the first time for rtc device to call "libc::gmtime_r" after
seccomp taking effect, it will use the syscall "newfstatat" which is
not in the syscall whitelist.
The bug is fixed by adding "newfstatat" to syscall whitelist with
x86_64-unknown-linux-gnu target.
Signed-off-by: Qi Xi <xiqi1@huawei.com>
---
docs/config_guidebook.md | 18 +++++++++++++++---
machine/src/micro_vm/syscall.rs | 4 +++-
machine/src/standard_vm/x86_64/syscall.rs | 4 +++-
3 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/docs/config_guidebook.md b/docs/config_guidebook.md
index 6a5cda7..72b4c7e 100644
--- a/docs/config_guidebook.md
+++ b/docs/config_guidebook.md
@@ -679,10 +679,22 @@ And you can also restore StratoVirt's **pid number** to a file by:
### 4.2 Seccomp
StratoVirt use [seccomp(2)](https://man7.org/linux/man-pages/man2/seccomp.2.html) to limit the syscalls
-in StratoVirt process by default. StratoVirt use only 40 syscalls in x86_64 (39 syscalls in aarch64) after running.
-It will make a slight influence on performance to StratoVirt. If you want to disable seccomp, you can
-run StratoVirt with `-disable-seccomp`.
+in StratoVirt process by default. It will make a slight influence on performance to StratoVirt.
+* X86_64
+| Number of Syscalls | GNU Toolchain | MUSL Toolchain |
+| :----------------: | :-----------: | :------------: |
+| Micro_vm | 41 | 41 |
+| Standard_vm | 46 | 43 |
+
+* AArch64
+
+| Number of Syscalls | GNU Toolchain | MUSL Toolchain |
+| :----------------: | :-----------: | :------------: |
+| Micro_vm | 39 | 40 |
+| Standard_vm | 43 | 42 |
+
+If you want to disable seccomp, you can run StratoVirt with `-disable-seccomp`.
```shell
# cmdline
-disable-seccomp
diff --git a/machine/src/micro_vm/syscall.rs b/machine/src/micro_vm/syscall.rs
index eb52df6..ddc9023 100644
--- a/machine/src/micro_vm/syscall.rs
+++ b/machine/src/micro_vm/syscall.rs
@@ -92,7 +92,7 @@ ioctl_iowr_nr!(KVM_GET_REG_LIST, KVMIO, 0xb0, kvm_reg_list);
///
/// # Notes
/// This allowlist limit syscall with:
-/// * x86_64-unknown-gnu: 40 syscalls
+/// * x86_64-unknown-gnu: 41 syscalls
/// * x86_64-unknown-musl: 41 syscalls
/// * aarch64-unknown-gnu: 39 syscalls
/// * aarch64-unknown-musl: 40 syscalls
@@ -153,6 +153,8 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
BpfRule::new(libc::SYS_statx),
#[cfg(all(target_env = "musl", target_arch = "x86_64"))]
BpfRule::new(libc::SYS_stat),
+ #[cfg(all(target_env = "gnu", target_arch = "x86_64"))]
+ BpfRule::new(libc::SYS_newfstatat),
#[cfg(all(target_env = "musl", target_arch = "aarch64"))]
BpfRule::new(libc::SYS_newfstatat),
#[cfg(target_arch = "x86_64")]
diff --git a/machine/src/standard_vm/x86_64/syscall.rs b/machine/src/standard_vm/x86_64/syscall.rs
index d794c78..dddeb8a 100644
--- a/machine/src/standard_vm/x86_64/syscall.rs
+++ b/machine/src/standard_vm/x86_64/syscall.rs
@@ -78,7 +78,7 @@ ioctl_iowr_nr!(KVM_GET_MSRS, KVMIO, 0x88, kvm_msrs);
///
/// # Notes
/// This allowlist limit syscall with:
-/// * x86_64-unknown-gnu: 45 syscalls
+/// * x86_64-unknown-gnu: 46 syscalls
/// * x86_64-unknown-musl: 43 syscalls
/// To reduce performance losses, the syscall rules is ordered by frequency.
pub fn syscall_whitelist() -> Vec<BpfRule> {
@@ -132,6 +132,8 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
BpfRule::new(libc::SYS_gettid),
BpfRule::new(libc::SYS_getpid),
BpfRule::new(libc::SYS_fstat),
+ #[cfg(all(target_env = "gnu"))]
+ BpfRule::new(libc::SYS_newfstatat),
BpfRule::new(libc::SYS_pread64),
BpfRule::new(libc::SYS_pwrite64),
BpfRule::new(libc::SYS_statx),
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink