From 2f84739e8f2928b98190f76035e00db82ef6dc7e Mon Sep 17 00:00:00 2001

From: Thomas Huth <thuth@redhat.com>

Date: Tue, 14 Sep 2021 13:29:59 +0200

Subject: [PATCH] tools/virtiofsd: Add fstatfs64 syscall to the seccomp

 allowlist

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

RH-Author: Thomas Huth <thuth@redhat.com>

RH-MergeRequest: 37: tools/virtiofsd: Add fstatfs64 syscall to the seccomp allowlist

RH-Commit: [1/1] 464231b7cfa7159d9adfc4fc01b26bc3b3a66ecd

RH-Bugzilla: 2001728

RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>

RH-Acked-by: Cornelia Huck <cohuck@redhat.com>

RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>

The virtiofsd currently crashes on s390x when doing something like

this in the guest:

 mkdir -p /mnt/myfs

 mount -t virtiofs myfs /mnt/myfs

 touch /mnt/myfs/foo.txt

 stat -f /mnt/myfs/foo.txt

The problem is that the fstatfs64 syscall is called in this case

from the virtiofsd. We have to put it on the seccomp allowlist to

avoid that the daemon gets killed in this case.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2001728

Suggested-by: Vivek Goyal <vgoyal@redhat.com>

Signed-off-by: Thomas Huth <thuth@redhat.com>

---

 tools/virtiofsd/passthrough_seccomp.c | 1 +

 1 file changed, 1 insertion(+)

diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passthrough_seccomp.c

index 62441cfcdb..2edbd3af95 100644

--- a/tools/virtiofsd/passthrough_seccomp.c

+++ b/tools/virtiofsd/passthrough_seccomp.c

@@ -51,6 +51,7 @@ static const int syscall_allowlist[] = {

     SCMP_SYS(fsetxattr),

     SCMP_SYS(fstat),

     SCMP_SYS(fstatfs),

+    SCMP_SYS(fstatfs64),

     SCMP_SYS(fsync),

     SCMP_SYS(ftruncate),

     SCMP_SYS(futex),

-- 

2.27.0