vmm: seccomp: Allow all threads to call sched_yield()

We occasionally saw cloud-hypervisor crashed due to seccomp violations. The coredumps showed the HTTP API thread crashing after it attempted to call sched_yield(). The call came from rust stdlib's mpmc module, which calls sched_yield() if several attempts to busy-wait for a condition to fulfil fall short. Since the system call is harmless and it comes from the stdlib, I opted to allow all threads to call it. Signed-off-by: Peteris Rudzusiks <rye@stripe.com>
2024-07-04 17:02:36 +00:00 · 2024-02-12 14:39:01 +01:00 · 2024-02-12 14:39:01 +01:00 · 612a8dfb1b
commit 612a8dfb1b
parent 321d6f47e6
1 changed files with 7 additions and 0 deletions
--- a/vmm/src/seccomp_filters.rs
+++ b/vmm/src/seccomp_filters.rs
@ -465,6 +465,7 @@ fn signal_handler_thread_rules() -> Result<Vec<(i64, Vec<SeccompRule>)>, Backend
        (libc::SYS_recvfrom, vec![]),
        (libc::SYS_rt_sigprocmask, vec![]),
        (libc::SYS_rt_sigreturn, vec![]),
+        (libc::SYS_sched_yield, vec![]),
        (libc::SYS_sendto, vec![]),
        (libc::SYS_sigaltstack, vec![]),
        (libc::SYS_write, vec![]),
@ -496,6 +497,7 @@ fn pty_foreground_thread_rules() -> Result<Vec<(i64, Vec<SeccompRule>)>, Backend
        (libc::SYS_restart_syscall, vec![]),
        (libc::SYS_rt_sigaction, vec![]),
        (libc::SYS_rt_sigreturn, vec![]),
+        (libc::SYS_sched_yield, vec![]),
        (libc::SYS_setsid, vec![]),
        (libc::SYS_sigaltstack, vec![]),
        (libc::SYS_write, vec![]),
@ -607,6 +609,7 @@ fn vmm_thread_rules(
        (libc::SYS_rt_sigreturn, vec![]),
        (libc::SYS_sched_getaffinity, vec![]),
        (libc::SYS_sched_setaffinity, vec![]),
+        (libc::SYS_sched_yield, vec![]),
        (libc::SYS_seccomp, vec![]),
        (libc::SYS_sendmsg, vec![]),
        (libc::SYS_sendto, vec![]),
@ -747,6 +750,7 @@ fn vcpu_thread_rules(
        (libc::SYS_rt_sigaction, vec![]),
        (libc::SYS_rt_sigprocmask, vec![]),
        (libc::SYS_rt_sigreturn, vec![]),
+        (libc::SYS_sched_yield, vec![]),
        (libc::SYS_sendmsg, vec![]),
        (libc::SYS_shutdown, vec![]),
        (libc::SYS_sigaltstack, vec![]),
@ -785,6 +789,7 @@ fn http_api_thread_rules() -> Result<Vec<(i64, Vec<SeccompRule>)>, BackendError>
        (libc::SYS_munmap, vec![]),
        (libc::SYS_recvfrom, vec![]),
        (libc::SYS_recvmsg, vec![]),
+        (libc::SYS_sched_yield, vec![]),
        (libc::SYS_sigaltstack, vec![]),
        (libc::SYS_write, vec![]),
    ])
@ -819,6 +824,7 @@ fn dbus_api_thread_rules() -> Result<Vec<(i64, Vec<SeccompRule>)>, BackendError>
        (293, vec![]),
        (libc::SYS_rt_sigprocmask, vec![]),
        (libc::SYS_sched_getaffinity, vec![]),
+        (libc::SYS_sched_yield, vec![]),
        (libc::SYS_sendmsg, vec![]),
        (libc::SYS_set_robust_list, vec![]),
        (libc::SYS_sigaltstack, vec![]),
@ -831,6 +837,7 @@ fn event_monitor_thread_rules() -> Result<Vec<(i64, Vec<SeccompRule>)>, BackendE
        (libc::SYS_brk, vec![]),
        (libc::SYS_futex, vec![]),
        (libc::SYS_mmap, vec![]),
+        (libc::SYS_sched_yield, vec![]),
        (libc::SYS_write, vec![]),
    ])
 }