External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2024-07-07 10:15:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

vmm: cpu: Add missing io_uring syscalls to vCPU threads

Browse Source 
Some of the io_uring setup happens upon activation of the virtio-blk
device, which is initially triggered through an MMIO VM exit. That's why
the vCPU threads must authorize io_uring related syscalls.

This commit ensures the virtio-blk io_uring implementation can be used
along with the seccomp filters enabled.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit is contained in:
Sebastien Boeuf 2020-09-16 11:18:14 +02:00
parent 3d7e7d3869
commit b3435d51d9
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vmm/src/seccomp_filters.rs
View File

@ -420,7 +420,11 @@ fn vcpu_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
allow_syscall(libc::SYS_newfstatat),
allow_syscall(libc::SYS_futex),
allow_syscall(libc::SYS_getpid),
allow_syscall(libc::SYS_getrandom),
allow_syscall_if(libc::SYS_ioctl, create_vcpu_ioctl_seccomp_rule()?),
allow_syscall(SYS_IO_URING_ENTER),
allow_syscall(SYS_IO_URING_SETUP),
allow_syscall(SYS_IO_URING_REGISTER),
allow_syscall(libc::SYS_lseek),
allow_syscall(libc::SYS_madvise),
allow_syscall(libc::SYS_mmap),