[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] tools/virtiofsd: Add rseq syscall to the seccomp allowlist
|
From: |
christian . ehrhardt |
|
Subject: |
[PATCH] tools/virtiofsd: Add rseq syscall to the seccomp allowlist |
|
Date: |
Wed, 9 Feb 2022 12:14:56 +0100 |
From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
The virtiofsd currently crashes when used with glibc 2.35.
That is due to the rseq system call being added to every thread
creation [1][2].
[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
This happens not at daemon start, but when a guest connects
/usr/lib/qemu/virtiofsd -f --socket-path=/tmp/testvfsd -o sandbox=chroot \
-o source=/var/guests/j-virtiofs --socket-group=kvm
virtio_session_mount: Waiting for vhost-user socket connection...
# start ok, now guest will connect
virtio_session_mount: Received vhost-user socket connection
virtio_loop: Entry
fv_queue_set_started: qidx=0 started=1
fv_queue_set_started: qidx=1 started=1
Bad system call (core dumped)
We have to put rseq on the seccomp allowlist to avoid that the daemon
is crashing in this case.
Reported-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
tools/virtiofsd/passthrough_seccomp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/virtiofsd/passthrough_seccomp.c
b/tools/virtiofsd/passthrough_seccomp.c
index a3ce9f898d..21b8f53bd9 100644
--- a/tools/virtiofsd/passthrough_seccomp.c
+++ b/tools/virtiofsd/passthrough_seccomp.c
@@ -116,6 +116,9 @@ static const int syscall_allowlist[] = {
SCMP_SYS(write),
SCMP_SYS(writev),
SCMP_SYS(umask),
+#ifdef __NR_rseq
+ SCMP_SYS(rseq), /* required since glibc 2.35 */
+#endif
};
/* Syscalls used when --syslog is enabled */
--
2.35.0
- [PATCH] tools/virtiofsd: Add rseq syscall to the seccomp allowlist,
christian . ehrhardt <=