From 024d5c4070df66913e1bf12e5f21eaa090ea2f68 Mon Sep 17 00:00:00 2001
From: zhouli57 <zhouli57@huawei.com>
Date: Tue, 12 Jul 2022 20:53:15 +0800
Subject: [PATCH] micro_vm: update seccomp rules

When you run the query-cpus QMP command in the ARM of the micro vm, a bad
system call is displayed.

Signed-off-by: zhouli57 <zhouli57@huawei.com>
---
 docs/config_guidebook.md        | 2 +-
 machine/src/micro_vm/syscall.rs | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/config_guidebook.md b/docs/config_guidebook.md
index a8e010a..2146f49 100644
--- a/docs/config_guidebook.md
+++ b/docs/config_guidebook.md
@@ -557,7 +557,7 @@ in StratoVirt process by default. It will make a slight influence on performance
 
 | Number of Syscalls | GNU Toolchain | MUSL Toolchain |
 | :----------------: | :-----------: | :------------: |
-|      microvm       |      44       |       45       |
+|      microvm       |      45       |       45       |
 |        virt        |      48       |       47       |
 
 If you want to disable seccomp, you can run StratoVirt with `-disable-seccomp`.
diff --git a/machine/src/micro_vm/syscall.rs b/machine/src/micro_vm/syscall.rs
index 81637a3..bdd232d 100644
--- a/machine/src/micro_vm/syscall.rs
+++ b/machine/src/micro_vm/syscall.rs
@@ -50,7 +50,7 @@ const KVM_RUN: u32 = 0xae80;
 /// This allowlist limit syscall with:
 /// * x86_64-unknown-gnu: 43 syscalls
 /// * x86_64-unknown-musl: 43 syscalls
-/// * aarch64-unknown-gnu: 41 syscalls
+/// * aarch64-unknown-gnu: 42 syscalls
 /// * aarch64-unknown-musl: 42 syscalls
 /// To reduce performance losses, the syscall rules is ordered by frequency.
 pub fn syscall_whitelist() -> Vec<BpfRule> {
@@ -108,7 +108,7 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
         BpfRule::new(libc::SYS_stat),
         #[cfg(all(target_env = "gnu", target_arch = "x86_64"))]
         BpfRule::new(libc::SYS_newfstatat),
-        #[cfg(all(target_env = "musl", target_arch = "aarch64"))]
+        #[cfg(target_arch = "aarch64")]
         BpfRule::new(libc::SYS_newfstatat),
         #[cfg(target_arch = "x86_64")]
         BpfRule::new(libc::SYS_unlink),
@@ -178,12 +178,12 @@ fn ioctl_arch_allow_list(bpf_rule: BpfRule) -> BpfRule {
 }
 
 fn madvise_rule() -> BpfRule {
-    #[cfg(all(target_env = "musl", target_arch = "x86_64"))]
+    #[cfg(target_env = "musl")]
     return BpfRule::new(libc::SYS_madvise)
         .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_FREE as u32)
         .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTNEED as u32)
         .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32);
-    #[cfg(not(all(target_env = "musl", target_arch = "x86_64")))]
+    #[cfg(not(target_env = "musl"))]
     return BpfRule::new(libc::SYS_madvise)
         .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTNEED as u32)
         .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32);
-- 
2.27.0