diff --git a/0001-Micro-fix-the-ioctl-allow-for-aarch64.patch b/0001-Micro-fix-the-ioctl-allow-for-aarch64.patch new file mode 100644 index 0000000000000000000000000000000000000000..a863589c01d2b4af9cccea2b332bae6337468234 --- /dev/null +++ b/0001-Micro-fix-the-ioctl-allow-for-aarch64.patch @@ -0,0 +1,44 @@ +diff --git a/machine/src/aarch64/micro.rs b/machine/src/aarch64/micro.rs +index d7e1b1d..42e9171 100644 +--- a/machine/src/aarch64/micro.rs ++++ b/machine/src/aarch64/micro.rs +@@ -235,6 +235,7 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule { + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_ONE_REG() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_DEVICE_ATTR() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_REG_LIST() as u32) ++ .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_ONE_REG() as u32) + } + + pub(crate) fn arch_syscall_whitelist() -> Vec { +diff --git a/machine/src/micro_common/syscall.rs b/machine/src/micro_common/syscall.rs +index fe03164..6ae9a56 100644 +--- a/machine/src/micro_common/syscall.rs ++++ b/machine/src/micro_common/syscall.rs +@@ -86,6 +86,7 @@ pub fn syscall_whitelist() -> Vec { + BpfRule::new(libc::SYS_accept4), + BpfRule::new(libc::SYS_lseek), + futex_rule(), ++ BpfRule::new(libc::SYS_clone), + BpfRule::new(libc::SYS_exit), + BpfRule::new(libc::SYS_exit_group), + BpfRule::new(libc::SYS_rt_sigreturn), +@@ -158,6 +159,7 @@ fn ioctl_allow_list() -> BpfRule { + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_API_VERSION() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MP_STATE() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MP_STATE() as u32) ++ .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32); + arch_ioctl_allow_list(bpf_rule) + } +diff --git a/machine/src/x86_64/micro.rs b/machine/src/x86_64/micro.rs +index d8fb92e..7b4e08e 100644 +--- a/machine/src/x86_64/micro.rs ++++ b/machine/src/x86_64/micro.rs +@@ -238,7 +238,6 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule { + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_LAPIC() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MSRS() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MSRS() as u32) +- .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_CPUID2() as u32) + } + diff --git a/stratovirt.spec b/stratovirt.spec index 15931e0692f54b3db894f245529478daed4b042e..6a945852f2407765fb43cc4b2bfbf8c59ea30bb7 100644 --- a/stratovirt.spec +++ b/stratovirt.spec @@ -6,13 +6,14 @@ Name: stratovirt Version: 2.4.0 -Release: 2 +Release: 3 Summary: StratoVirt is an opensource VMM(Virtual Machine Manager) which aims to perform next generation virtualization. License: MulanPSL-2.0 URL: https://gitee.com/openeuler/stratovirt Source0: https://gitee.com/openeuler/stratovirt/releases/download/v%{version}/%{name}-%{version}.tar.gz +Patch001:0001-Micro-fix-the-ioctl-allow-for-aarch64.patch ExclusiveArch: x86_64 aarch64 @@ -103,6 +104,9 @@ install -d %{buildroot}%{_libdir}/stratovirt/static install -D -m555 ./target/%{rust_musl_target}/release/stratovirt %{buildroot}%{_libdir}/stratovirt/static %changelog +* Thu Nov 21 2024 jinyihua - 2.4.0-3 +- Micro fix the ioctl allow for aarch64 + * Tue Jul 30 2024 xufei - 2.4.0-2 - set debug is true for build debug package - add rust to BuildRequires