From 23a6827e4d96f03775f6127ee55ed93cbc279acb Mon Sep 17 00:00:00 2001 From: Timothy Arceri Date: Tue, 29 Oct 2019 17:41:41 +1100 Subject: radv: allow select() calls in secure compile This will be used in the following patch to support timeouts for reading the pipe between processes. Reviewed-by: Bas Nieuwenhuizen --- src/amd/vulkan/radv_device.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/amd/vulkan/radv_device.c b/src/amd/vulkan/radv_device.c index d86a1dbca02..b02483bb949 100644 --- a/src/amd/vulkan/radv_device.c +++ b/src/amd/vulkan/radv_device.c @@ -1947,7 +1947,11 @@ static int install_seccomp_filter() { struct sock_filter filter[] = { /* Check arch is 64bit x86 */ BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, arch))), - BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, AUDIT_ARCH_X86_64, 0, 10), + BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, AUDIT_ARCH_X86_64, 0, 12), + + /* Futex is required for mutex locks */ + BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))), + BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_select, 11, 0), /* Allow system exit calls for the forked process */ BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))), -- cgit v1.2.3