[CRIU] [PATCH 6/8] seccomp/restorer: Disable gtod from vdso in strict mode
Dmitry Safonov
dima at arista.com
Fri Jul 26 01:01:12 MSK 2019
Signed-off-by: Dmitry Safonov <dima at arista.com>
---
criu/pie/restorer.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/criu/pie/restorer.c b/criu/pie/restorer.c
index d60fdbebf8c2..9d49a831373b 100644
--- a/criu/pie/restorer.c
+++ b/criu/pie/restorer.c
@@ -476,6 +476,23 @@ static int restore_seccomp(struct thread_restore_args *args)
return 0;
break;
case SECCOMP_MODE_STRICT:
+ /*
+ * Disable gettimeofday() from vdso: it may use TSC
+ * which is restricted by kernel:
+ *
+ * static long seccomp_set_mode_strict(void)
+ * {
+ * [..]
+ * #ifdef TIF_NOTSC
+ * disable_TSC();
+ * #endif
+ * [..]
+ *
+ * XXX: It may need to be fixed in kernel under
+ * PTRACE_O_SUSPEND_SECCOMP, but for now just get timings
+ * with a raw syscall instead of vdso.
+ */
+ std_log_set_gettimeofday(NULL);
ret = sys_prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT, 0, 0, 0);
if (ret < 0) {
pr_err("seccomp: SECCOMP_MODE_STRICT returned %d on tid %d\n",
--
2.22.0
More information about the CRIU
mailing list