From 22be5f9d0fde68cdb415224b3a29c4843f972389 Mon Sep 17 00:00:00 2001 From: Sebastien Boeuf Date: Tue, 11 Oct 2022 15:59:38 +0200 Subject: [PATCH] vmm: Extend list of authorized ioctls for vDPA Adding VHOST_VDPA_GET_CONFIG_SIZE and VHOST_VDPA_SUSPEND to the list of authorized ioctls for the vmm thread. Signed-off-by: Sebastien Boeuf --- vmm/src/seccomp_filters.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs index 1f8e65d94..b18e3c48c 100644 --- a/vmm/src/seccomp_filters.rs +++ b/vmm/src/seccomp_filters.rs @@ -108,6 +108,8 @@ const VHOST_VDPA_SET_VRING_ENABLE: u64 = 0x4008af75; const VHOST_VDPA_GET_VRING_NUM: u64 = 0x8002af76; const VHOST_VDPA_SET_CONFIG_CALL: u64 = 0x4004af77; const VHOST_VDPA_GET_IOVA_RANGE: u64 = 0x8010af78; +const VHOST_VDPA_GET_CONFIG_SIZE: u64 = 0x8004af79; +const VHOST_VDPA_SUSPEND: u64 = 0xaf7d; // See include/uapi/linux/kvm.h in the kernel code. #[cfg(feature = "kvm")] @@ -318,6 +320,8 @@ fn create_vmm_ioctl_seccomp_rule_common( and![Cond::new(1, ArgLen::Dword, Eq, VHOST_VDPA_GET_VRING_NUM)?], and![Cond::new(1, ArgLen::Dword, Eq, VHOST_VDPA_SET_CONFIG_CALL)?], and![Cond::new(1, ArgLen::Dword, Eq, VHOST_VDPA_GET_IOVA_RANGE)?], + and![Cond::new(1, ArgLen::Dword, Eq, VHOST_VDPA_GET_CONFIG_SIZE)?], + and![Cond::new(1, ArgLen::Dword, Eq, VHOST_VDPA_SUSPEND)?], ]; let hypervisor_rules = create_vmm_ioctl_seccomp_rule_hypervisor(hypervisor_type)?;