mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-11 12:35:26 +00:00
1a7a822858
Starting with v4.18, the Linux kernel provides the rseq syscall which is a mechanism for fast userspace task synchronization. Starting with v2.35 glibc uses the new syscall, if it exists, to gain some performance improvements, so we need to update the policy files to allow it. Even on older kernels where rseq is not supported, glibc will still probe for its existence by expecting an -ENOSYS response. BUG=b:235960683 TEST=Local builds against glibc 2.35 Change-Id: I704f2fbf2b058c3a4c3269c7441c3a7324012f8a Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3763901 Commit-Queue: Manoj Gupta <manojgupta@chromium.org> Owners-Override: Dominick Ng <dominickn@google.com> Reviewed-by: Allen Webb <allenwebb@google.com> Reviewed-by: Dennis Kempin <denniskempin@google.com> Tested-by: Manoj Gupta <manojgupta@chromium.org>
100 lines
2 KiB
Text
100 lines
2 KiB
Text
# Copyright 2021 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# Rules from common_device.policy with some rules removed because they block certain flags needed
|
|
# for gpu.
|
|
|
|
# rseq should be first due to frequency and purpose to decrease nptl latency
|
|
rseq: 1
|
|
|
|
brk: 1
|
|
clock_gettime: 1
|
|
close: 1
|
|
dup3: 1
|
|
dup: 1
|
|
epoll_create1: 1
|
|
epoll_ctl: 1
|
|
epoll_pwait: 1
|
|
eventfd2: 1
|
|
exit: 1
|
|
exit_group: 1
|
|
futex: 1
|
|
getcwd: 1
|
|
getpid: 1
|
|
gettid: 1
|
|
gettimeofday: 1
|
|
io_uring_setup: 1
|
|
io_uring_enter: 1
|
|
kill: 1
|
|
madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE
|
|
mremap: 1
|
|
munmap: 1
|
|
nanosleep: 1
|
|
clock_nanosleep: 1
|
|
pipe2: 1
|
|
ppoll: 1
|
|
read: 1
|
|
readlinkat: 1
|
|
readv: 1
|
|
recvfrom: 1
|
|
recvmsg: 1
|
|
restart_syscall: 1
|
|
rseq: 1
|
|
rt_sigaction: 1
|
|
rt_sigprocmask: 1
|
|
rt_sigreturn: 1
|
|
sched_getaffinity: 1
|
|
sched_yield: 1
|
|
sendmsg: 1
|
|
sendto: 1
|
|
set_robust_list: 1
|
|
sigaltstack: 1
|
|
write: 1
|
|
writev: 1
|
|
uname: 1
|
|
|
|
# Required for perfetto tracing
|
|
getsockopt: 1
|
|
shutdown: 1
|
|
|
|
## Rules specific to gpu
|
|
connect: 1
|
|
getrandom: 1
|
|
lseek: 1
|
|
ftruncate: 1
|
|
statx: 1
|
|
fstat: 1
|
|
newfstatat: 1
|
|
getdents64: 1
|
|
sysinfo: 1
|
|
fstatfs: 1
|
|
prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME
|
|
|
|
# 0x6400 == DRM_IOCTL_BASE, 0x8000 = KBASE_IOCTL_TYPE (mali), 0x40086200 = DMA_BUF_IOCTL_SYNC, 0x40087543 == UDMABUF_CREATE_LIST
|
|
ioctl: arg1 & 0x6400 || arg1 & 0x8000 || arg1 == 0x40086200 || arg1 == 0x40087543
|
|
|
|
# Used for sharing memory with wayland. arg1 == MFD_CLOEXEC|MFD_ALLOW_SEALING
|
|
memfd_create: arg1 == 3
|
|
|
|
## mmap/mprotect differ from the common_device.policy
|
|
mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ
|
|
mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ
|
|
openat: 1
|
|
|
|
## Rules specific to pvr
|
|
geteuid: 1
|
|
getuid: 1
|
|
fcntl: 1
|
|
tgkill: 1
|
|
|
|
# Rules specific to Mesa.
|
|
sched_setscheduler: 1
|
|
sched_setaffinity: 1
|
|
kcmp: 1
|
|
|
|
# Rules for Vulkan loader / layers
|
|
faccessat: 1
|
|
faccessat2: 1
|
|
getgid: 1
|
|
getegid: 1
|