diff --git a/0001-Micro-fix-the-ioctl-allow-for-aarch64.patch b/0001-Micro-fix-the-ioctl-allow-for-aarch64.patch new file mode 100644 index 0000000000000000000000000000000000000000..072cf2075f2316fc06dfced8a86e40123ff08552 --- /dev/null +++ b/0001-Micro-fix-the-ioctl-allow-for-aarch64.patch @@ -0,0 +1,54 @@ +From 090add698de7e3f2a23ad4f26a41628553d3c1ae Mon Sep 17 00:00:00 2001 +From: Jinyu Tang +Date: Mon, 5 Aug 2024 15:37:57 +0800 +Subject: [PATCH] Micro: fix the ioctl allow for aarch64 + +In micro mode, KVM_SET_VCPU_EVENTS and KVM_SET_ONE_REG are not +allowed by seccomp, but they are essential for vcpu init. The +guest can not run when use micro mode in aarch64 for this reason. +So fix it. +--- + machine/src/aarch64/micro.rs | 1 + + machine/src/micro_common/syscall.rs | 1 + + machine/src/x86_64/micro.rs | 1 - + 3 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/machine/src/aarch64/micro.rs b/machine/src/aarch64/micro.rs +index e528da66..6afc15e2 100644 +--- a/machine/src/aarch64/micro.rs ++++ b/machine/src/aarch64/micro.rs +@@ -231,6 +231,7 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule { + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_ONE_REG() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_DEVICE_ATTR() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_REG_LIST() as u32) ++ .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_ONE_REG() as u32) + } + + pub(crate) fn arch_syscall_whitelist() -> Vec { +diff --git a/machine/src/micro_common/syscall.rs b/machine/src/micro_common/syscall.rs +index f3acec19..6ae9a56a 100644 +--- a/machine/src/micro_common/syscall.rs ++++ b/machine/src/micro_common/syscall.rs +@@ -159,6 +159,7 @@ fn ioctl_allow_list() -> BpfRule { + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_API_VERSION() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MP_STATE() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MP_STATE() as u32) ++ .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32); + arch_ioctl_allow_list(bpf_rule) + } +diff --git a/machine/src/x86_64/micro.rs b/machine/src/x86_64/micro.rs +index c530633f..5747076a 100644 +--- a/machine/src/x86_64/micro.rs ++++ b/machine/src/x86_64/micro.rs +@@ -235,7 +235,6 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule { + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_LAPIC() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MSRS() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MSRS() as u32) +- .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_CPUID2() as u32) + } + +-- +2.41.0 + diff --git a/stratovirt.spec b/stratovirt.spec index 15931e0692f54b3db894f245529478daed4b042e..da181238aeb579a91d55dc4710f34b881735053f 100644 --- a/stratovirt.spec +++ b/stratovirt.spec @@ -6,13 +6,14 @@ Name: stratovirt Version: 2.4.0 -Release: 2 +Release: 3 Summary: StratoVirt is an opensource VMM(Virtual Machine Manager) which aims to perform next generation virtualization. License: MulanPSL-2.0 URL: https://gitee.com/openeuler/stratovirt Source0: https://gitee.com/openeuler/stratovirt/releases/download/v%{version}/%{name}-%{version}.tar.gz +Patch001: 0001-Micro-fix-the-ioctl-allow-for-aarch64.patch ExclusiveArch: x86_64 aarch64 @@ -103,6 +104,9 @@ install -d %{buildroot}%{_libdir}/stratovirt/static install -D -m555 ./target/%{rust_musl_target}/release/stratovirt %{buildroot}%{_libdir}/stratovirt/static %changelog +* Sat Sep 14 2024 Mingwang Li - 2.4.0-3 +- Micro fix the ioctl allow for aarch64 + * Tue Jul 30 2024 xufei - 2.4.0-2 - set debug is true for build debug package - add rust to BuildRequires