mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2024-12-24 11:58:41 +00:00
devices: block: fix seccomp failures from free()
It looks like free() will sometimes try to open /proc/sys/vm/overcommit_memory in order to decide whether to return freed heap memory to the kernel; change the seccomp filter to fail the open syscalls with an error code (ENOENT) rather than killing the process. Also allow madvise to free memory for the same free() codepath. BUG=chromium:888212 TEST=Run fio loop test on kevin Change-Id: I1c27b265b822771f76b7d9572d9759476770000e Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1305756 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Reviewed-by: Dylan Reid <dgreid@chromium.org>
This commit is contained in:
parent
eeebe63c43
commit
5656c124af
2 changed files with 8 additions and 2 deletions
|
@ -18,6 +18,7 @@ _llseek: 1
|
|||
# negation, thus the manually negated mask constant.
|
||||
mmap2: arg2 in 0xfffffffb
|
||||
mprotect: arg2 in 0xfffffffb
|
||||
madvise: arg2 == MADV_DONTDUMP || arg2 == MADV_DONTNEED
|
||||
mremap: 1
|
||||
munmap: 1
|
||||
read: 1
|
||||
|
@ -41,3 +42,6 @@ epoll_wait: 1
|
|||
timerfd_create: 1
|
||||
timerfd_gettime: 1
|
||||
timerfd_settime: 1
|
||||
# libc free() attempts to open /proc/sys/vm/overcommit_memory
|
||||
open: return ENOENT
|
||||
openat: return ENOENT
|
||||
|
|
|
@ -17,8 +17,7 @@ lseek: 1
|
|||
# negation, thus the manually negated mask constant.
|
||||
mmap: arg2 in 0xfffffffb
|
||||
mprotect: arg2 in 0xfffffffb
|
||||
# Allow MADV_DONTDUMP only.
|
||||
madvise: arg2 == 0x00000010
|
||||
madvise: arg2 == MADV_DONTDUMP || arg2 == MADV_DONTNEED
|
||||
mremap: 1
|
||||
munmap: 1
|
||||
read: 1
|
||||
|
@ -42,3 +41,6 @@ epoll_wait: 1
|
|||
timerfd_create: 1
|
||||
timerfd_gettime: 1
|
||||
timerfd_settime: 1
|
||||
# libc free() attempts to open /proc/sys/vm/overcommit_memory
|
||||
open: return ENOENT
|
||||
openat: return ENOENT
|
||||
|
|
Loading…
Reference in a new issue