radv: allow select() calls in secure compile

This will be used in the following patch to support timeouts for reading the pipe between processes. Reviewed-by: Bas Nieuwenhuizen <[email protected]>
author: Timothy Arceri <[email protected]> 2019-10-29 17:41:41 +1100
committer: Timothy Arceri <[email protected]> 2019-10-30 04:49:58 +0000
commit: 23a6827e4d96f03775f6127ee55ed93cbc279acb (patch)
tree: 1b83229c8a24f3bdf74651f1a31d0e9658d64bf3 /src/amd
parent: 1abf05764bacaa8828ffc8b08848d07b1ad3272c (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/amd/vulkan/radv_device.c b/src/amd/vulkan/radv_device.c
index d86a1dbca02..b02483bb949 100644
--- a/src/amd/vulkan/radv_device.c
+++ b/src/amd/vulkan/radv_device.c
@@ -1947,7 +1947,11 @@ static int install_seccomp_filter() {
 	struct sock_filter filter[] = {
 		/* Check arch is 64bit x86 */
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, arch))),
-		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, AUDIT_ARCH_X86_64, 0, 10),
+		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, AUDIT_ARCH_X86_64, 0, 12),
+
+		/* Futex is required for mutex locks */
+		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
+		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_select, 11, 0),
 
 		/* Allow system exit calls for the forked process */
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
author	Timothy Arceri <[email protected]>	2019-10-29 17:41:41 +1100
committer	Timothy Arceri <[email protected]>	2019-10-30 04:49:58 +0000
commit	23a6827e4d96f03775f6127ee55ed93cbc279acb (patch)
tree	1b83229c8a24f3bdf74651f1a31d0e9658d64bf3 /src/amd
parent	1abf05764bacaa8828ffc8b08848d07b1ad3272c (diff)