From 4964f1e6d7e189887d998f71241198ed06433ea1306dc45d71bb2d727a1c21c1 Mon Sep 17 00:00:00 2001 From: Bruce Rogers Date: Thu, 26 Jul 2018 16:34:38 +0000 Subject: [PATCH] Accepting request 625450 from home:ldewey:branches:Virtualization - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 * Patches added: 0067-seccomp-allow-sched_setscheduler-wi.patch - Fixing seccomp resourcecontrol defunct issue (bsc#1102627) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 * Patches added: 0067-seccomp-allow-sched_setscheduler-wi.patch - Fixing seccomp resourcecontrol defunct issue (bsc#1102627) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 * Patches added: 0067-seccomp-allow-sched_setscheduler-wi.patch OBS-URL: https://build.opensuse.org/request/show/625450 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=418 --- ...-seccomp-allow-sched_setscheduler-wi.patch | 65 +++++++++++++++++++ qemu-linux-user.changes | 7 ++ qemu-linux-user.spec | 2 + qemu-testsuite.changes | 7 ++ qemu-testsuite.spec | 2 + qemu.changes | 7 ++ qemu.spec | 2 + 7 files changed, 92 insertions(+) create mode 100644 0067-seccomp-allow-sched_setscheduler-wi.patch diff --git a/0067-seccomp-allow-sched_setscheduler-wi.patch b/0067-seccomp-allow-sched_setscheduler-wi.patch new file mode 100644 index 00000000..f328a336 --- /dev/null +++ b/0067-seccomp-allow-sched_setscheduler-wi.patch @@ -0,0 +1,65 @@ +From 88a1488c572c681f9737bd3e3ae24e9a3c936212 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Tue, 10 Jul 2018 16:55:57 +0200 +Subject: [PATCH] seccomp: allow sched_setscheduler() with SCHED_IDLE policy +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Current and upcoming mesa releases rely on a shader disk cash. It uses +a thread job queue with low priority, set with +sched_setscheduler(SCHED_IDLE). However, that syscall is rejected by +the "resourcecontrol" seccomp qemu filter. + +Since it should be safe to allow lowering thread priority, let's allow +scheduling thread to idle policy. + +Related to: +https://bugzilla.redhat.com/show_bug.cgi?id=1594456 + +Signed-off-by: Marc-André Lureau +Acked-by: Eduardo Otubo +(cherry picked from commit 056de1e894155fbb99e7b43c1c4382d4920cf437) +[LD: BSD#1102627] +Signed-off-by: Larry Dewey +--- + qemu-seccomp.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/qemu-seccomp.c b/qemu-seccomp.c +index b770a77d33..845a3330df 100644 +--- a/qemu-seccomp.c ++++ b/qemu-seccomp.c +@@ -29,6 +29,12 @@ + struct QemuSeccompSyscall { + int32_t num; + uint8_t set; ++ uint8_t narg; ++ const struct scmp_arg_cmp *arg_cmp; ++}; ++ ++const struct scmp_arg_cmp sched_setscheduler_arg[] = { ++ SCMP_A1(SCMP_CMP_NE, SCHED_IDLE) + }; + + static const struct QemuSeccompSyscall blacklist[] = { +@@ -87,7 +93,8 @@ static const struct QemuSeccompSyscall blacklist[] = { + { SCMP_SYS(setpriority), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_setparam), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_getparam), QEMU_SECCOMP_SET_RESOURCECTL }, +- { SCMP_SYS(sched_setscheduler), QEMU_SECCOMP_SET_RESOURCECTL }, ++ { SCMP_SYS(sched_setscheduler), QEMU_SECCOMP_SET_RESOURCECTL, ++ ARRAY_SIZE(sched_setscheduler_arg), sched_setscheduler_arg }, + { SCMP_SYS(sched_getscheduler), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_setaffinity), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_getaffinity), QEMU_SECCOMP_SET_RESOURCECTL }, +@@ -113,7 +120,8 @@ int seccomp_start(uint32_t seccomp_opts) + continue; + } + +- rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, blacklist[i].num, 0); ++ rc = seccomp_rule_add_array(ctx, SCMP_ACT_KILL, blacklist[i].num, ++ blacklist[i].narg, blacklist[i].arg_cmp); + if (rc < 0) { + goto seccomp_return; + } diff --git a/qemu-linux-user.changes b/qemu-linux-user.changes index 40c1313f..b5c14542 100644 --- a/qemu-linux-user.changes +++ b/qemu-linux-user.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jul 25 22:26:19 UTC 2018 - ldewey@suse.com + +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 +* Patches added: + 0067-seccomp-allow-sched_setscheduler-wi.patch + ------------------------------------------------------------------- Thu Jul 5 21:32:03 UTC 2018 - brogers@suse.com diff --git a/qemu-linux-user.spec b/qemu-linux-user.spec index ded4af57..addd2d98 100644 --- a/qemu-linux-user.spec +++ b/qemu-linux-user.spec @@ -92,6 +92,7 @@ Patch0063: 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch Patch0064: 0064-ahci-fix-PxCI-register-race.patch Patch0065: 0065-ccid-card-passthru-fix-regression-i.patch Patch0066: 0066-xen-add-block-resize-support-for-xe.patch +Patch0067: 0067-seccomp-allow-sched_setscheduler-wi.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. Source400: update_git.sh @@ -191,6 +192,7 @@ syscall layer occurs on the native hardware and operating system. %patch0064 -p1 %patch0065 -p1 %patch0066 -p1 +%patch0067 -p1 %build ./configure \ diff --git a/qemu-testsuite.changes b/qemu-testsuite.changes index bd5f63a3..cfbdbf7f 100644 --- a/qemu-testsuite.changes +++ b/qemu-testsuite.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jul 25 22:26:16 UTC 2018 - ldewey@suse.com +- Fixing seccomp resourcecontrol defunct issue (bsc#1102627) +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 +* Patches added: + 0067-seccomp-allow-sched_setscheduler-wi.patch + ------------------------------------------------------------------- Thu Jul 5 21:31:58 UTC 2018 - brogers@suse.com diff --git a/qemu-testsuite.spec b/qemu-testsuite.spec index f8c13205..5a75262e 100644 --- a/qemu-testsuite.spec +++ b/qemu-testsuite.spec @@ -196,6 +196,7 @@ Patch0063: 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch Patch0064: 0064-ahci-fix-PxCI-register-race.patch Patch0065: 0065-ccid-card-passthru-fix-regression-i.patch Patch0066: 0066-xen-add-block-resize-support-for-xe.patch +Patch0067: 0067-seccomp-allow-sched_setscheduler-wi.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -931,6 +932,7 @@ This package provides a service file for starting and stopping KSM. %patch0064 -p1 %patch0065 -p1 %patch0066 -p1 +%patch0067 -p1 %if 0%{?suse_version} > 1320 %patch1000 -p1 diff --git a/qemu.changes b/qemu.changes index bd5f63a3..cfbdbf7f 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jul 25 22:26:16 UTC 2018 - ldewey@suse.com +- Fixing seccomp resourcecontrol defunct issue (bsc#1102627) +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 +* Patches added: + 0067-seccomp-allow-sched_setscheduler-wi.patch + ------------------------------------------------------------------- Thu Jul 5 21:31:58 UTC 2018 - brogers@suse.com diff --git a/qemu.spec b/qemu.spec index 8a221888..df14be28 100644 --- a/qemu.spec +++ b/qemu.spec @@ -196,6 +196,7 @@ Patch0063: 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch Patch0064: 0064-ahci-fix-PxCI-register-race.patch Patch0065: 0065-ccid-card-passthru-fix-regression-i.patch Patch0066: 0066-xen-add-block-resize-support-for-xe.patch +Patch0067: 0067-seccomp-allow-sched_setscheduler-wi.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -931,6 +932,7 @@ This package provides a service file for starting and stopping KSM. %patch0064 -p1 %patch0065 -p1 %patch0066 -p1 +%patch0067 -p1 %if 0%{?suse_version} > 1320 %patch1000 -p1