From 612a8dfb1bd36986c0c96bc07bd90c8536ef38a0 Mon Sep 17 00:00:00 2001
From: Peteris Rudzusiks <rye@stripe.com>
Date: Mon, 12 Feb 2024 14:39:01 +0100
Subject: [PATCH] vmm: seccomp: Allow all threads to call sched_yield()

We occasionally saw cloud-hypervisor crashed due to seccomp violations. The
coredumps showed the HTTP API thread crashing after it attempted to call
sched_yield(). The call came from rust stdlib's mpmc module, which calls
sched_yield() if several attempts to busy-wait for a condition to fulfil fall
short.

Since the system call is harmless and it comes from the stdlib, I opted to allow
all threads to call it.

Signed-off-by: Peteris Rudzusiks <rye@stripe.com>
---
 vmm/src/seccomp_filters.rs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs
index debc779a3..99d840dc2 100644
--- a/vmm/src/seccomp_filters.rs
+++ b/vmm/src/seccomp_filters.rs
@@ -465,6 +465,7 @@ fn signal_handler_thread_rules() -> Result<Vec<(i64, Vec<SeccompRule>)>, Backend
         (libc::SYS_recvfrom, vec![]),
         (libc::SYS_rt_sigprocmask, vec![]),
         (libc::SYS_rt_sigreturn, vec![]),
+        (libc::SYS_sched_yield, vec![]),
         (libc::SYS_sendto, vec![]),
         (libc::SYS_sigaltstack, vec![]),
         (libc::SYS_write, vec![]),
@@ -496,6 +497,7 @@ fn pty_foreground_thread_rules() -> Result<Vec<(i64, Vec<SeccompRule>)>, Backend
         (libc::SYS_restart_syscall, vec![]),
         (libc::SYS_rt_sigaction, vec![]),
         (libc::SYS_rt_sigreturn, vec![]),
+        (libc::SYS_sched_yield, vec![]),
         (libc::SYS_setsid, vec![]),
         (libc::SYS_sigaltstack, vec![]),
         (libc::SYS_write, vec![]),
@@ -607,6 +609,7 @@ fn vmm_thread_rules(
         (libc::SYS_rt_sigreturn, vec![]),
         (libc::SYS_sched_getaffinity, vec![]),
         (libc::SYS_sched_setaffinity, vec![]),
+        (libc::SYS_sched_yield, vec![]),
         (libc::SYS_seccomp, vec![]),
         (libc::SYS_sendmsg, vec![]),
         (libc::SYS_sendto, vec![]),
@@ -747,6 +750,7 @@ fn vcpu_thread_rules(
         (libc::SYS_rt_sigaction, vec![]),
         (libc::SYS_rt_sigprocmask, vec![]),
         (libc::SYS_rt_sigreturn, vec![]),
+        (libc::SYS_sched_yield, vec![]),
         (libc::SYS_sendmsg, vec![]),
         (libc::SYS_shutdown, vec![]),
         (libc::SYS_sigaltstack, vec![]),
@@ -785,6 +789,7 @@ fn http_api_thread_rules() -> Result<Vec<(i64, Vec<SeccompRule>)>, BackendError>
         (libc::SYS_munmap, vec![]),
         (libc::SYS_recvfrom, vec![]),
         (libc::SYS_recvmsg, vec![]),
+        (libc::SYS_sched_yield, vec![]),
         (libc::SYS_sigaltstack, vec![]),
         (libc::SYS_write, vec![]),
     ])
@@ -819,6 +824,7 @@ fn dbus_api_thread_rules() -> Result<Vec<(i64, Vec<SeccompRule>)>, BackendError>
         (293, vec![]),
         (libc::SYS_rt_sigprocmask, vec![]),
         (libc::SYS_sched_getaffinity, vec![]),
+        (libc::SYS_sched_yield, vec![]),
         (libc::SYS_sendmsg, vec![]),
         (libc::SYS_set_robust_list, vec![]),
         (libc::SYS_sigaltstack, vec![]),
@@ -831,6 +837,7 @@ fn event_monitor_thread_rules() -> Result<Vec<(i64, Vec<SeccompRule>)>, BackendE
         (libc::SYS_brk, vec![]),
         (libc::SYS_futex, vec![]),
         (libc::SYS_mmap, vec![]),
+        (libc::SYS_sched_yield, vec![]),
         (libc::SYS_write, vec![]),
     ])
 }