seccomp: allow rseq syscall

Starting with v4.18, the Linux kernel provides the rseq syscall which is a mechanism for fast userspace task synchronization. Starting with v2.35 glibc uses the new syscall, if it exists, to gain some performance improvements, so we need to update the policy files to allow it. Even on older kernels where rseq is not supported, glibc will still probe for its existence by expecting an -ENOSYS response. BUG=b:235960683 TEST=Local builds against glibc 2.35 Change-Id: I704f2fbf2b058c3a4c3269c7441c3a7324012f8a Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3763901 Commit-Queue: Manoj Gupta <manojgupta@chromium.org> Owners-Override: Dominick Ng <dominickn@google.com> Reviewed-by: Allen Webb <allenwebb@google.com> Reviewed-by: Dennis Kempin <denniskempin@google.com> Tested-by: Manoj Gupta <manojgupta@chromium.org>
2025-02-10 20:19:07 +00:00 · 2022-07-13 18:01:19 +03:00 · 2022-07-13 18:01:19 +03:00 · 1a7a822858
commit 1a7a822858
parent a3da0f9803
6 changed files with 22 additions and 0 deletions
--- a/seccomp/aarch64/common_device.policy
+++ b/seccomp/aarch64/common_device.policy
@ -2,6 +2,9 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

+# rseq should be first due to frequency and purpose to decrease nptl latency
+rseq: 1
+
 brk: 1
 clock_gettime: 1
 clone: arg0 & CLONE_THREAD
--- a/seccomp/aarch64/gpu_common.policy
+++ b/seccomp/aarch64/gpu_common.policy
@ -4,6 +4,10 @@

 # Rules from common_device.policy with some rules removed because they block certain flags needed
 # for gpu.
+
+# rseq should be first due to frequency and purpose to decrease nptl latency
+rseq: 1
+
 brk: 1
 clock_gettime: 1
 close: 1
--- a/seccomp/arm/common_device.policy
+++ b/seccomp/arm/common_device.policy
@ -2,6 +2,9 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

+# rseq should be first due to frequency and purpose to decrease nptl latency
+rseq: 1
+
 brk: 1
 clock_gettime: 1
 clock_gettime64: 1
--- a/seccomp/arm/gpu_common.policy
+++ b/seccomp/arm/gpu_common.policy
@ -4,6 +4,10 @@

 # Rules from common_device.policy with some rules removed because they block certain flags needed
 # for gpu.
+
+# rseq should be first due to frequency and purpose to decrease nptl latency
+rseq: 1
+
 brk: 1
 close: 1
 dup2: 1
--- a/seccomp/x86_64/common_device.policy
+++ b/seccomp/x86_64/common_device.policy
@ -3,6 +3,10 @@
 # found in the LICENSE file.

@frequency ./common_device.frequency
+
+# rseq should be first due to frequency and purpose to decrease nptl latency
+rseq: 1
+
 brk: 1
 clock_gettime: 1
 clone: arg0 & CLONE_THREAD
--- a/seccomp/x86_64/gpu_common.policy
+++ b/seccomp/x86_64/gpu_common.policy
@ -4,6 +4,10 @@

 # Rules from common_device.policy with some rules removed because they block certain flags needed
 # for gpu.
+
+# rseq should be first due to frequency and purpose to decrease nptl latency
+rseq: 1
+
 brk: 1
 clock_gettime: 1
 close: 1