add restart_syscall(2) to seccomp allowlist

roypat · roypat · commit 5cf6525015bb · 2025-02-14T12:13:27.000Z
This syscall is issued transparently by the linux kernel when
timing-related syscalls (such as nanosleep) get interrupted, for example
because of SIGSTOP.

Signed-off-by: Patrick Roy &lt;roypat@amazon.co.uk&gt;
diff --git a/resources/seccomp/aarch64-unknown-linux-musl.json b/resources/seccomp/aarch64-unknown-linux-musl.json
@@ -444,6 +444,10 @@
             {
                 "syscall": "recvmsg",
                 "comment": "Used by vhost-user frontend to read response from the backend"
+            },
+            {
+                "syscall": "restart_syscall",
+                "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"
             }
         ]
     },
@@ -726,6 +730,10 @@
             {
                 "syscall": "sched_yield",
                 "comment": "Used by the rust standard library in std::sync::mpmc. Firecracker uses mpsc channels from this module for inter-thread communication"
+            },
+            {
+                "syscall": "restart_syscall",
+                "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"
             }
         ]
     },
@@ -1009,6 +1017,10 @@
             {
                 "syscall": "sendmsg",
                 "comment": "Used by vhost-user frontend to communicate with the backend"
+            },
+            {
+                "syscall": "restart_syscall",
+                "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"
             }
         ]
     }
diff --git a/resources/seccomp/x86_64-unknown-linux-musl.json b/resources/seccomp/x86_64-unknown-linux-musl.json
@@ -452,6 +452,10 @@
             {
                 "syscall": "recvmsg",
                 "comment": "Used by vhost-user frontend to read response from the backend"
+            },
+            {
+                "syscall": "restart_syscall",
+                "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"
             }
         ]
     },
@@ -734,6 +738,10 @@
             {
                 "syscall": "sched_yield",
                 "comment": "Used by the rust standard library in std::sync::mpmc. Firecracker uses mpsc channels from this module for inter-thread communication"
+            },
+            {
+                "syscall": "restart_syscall",
+                "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"
             }
         ]
     },
@@ -1125,6 +1133,10 @@
             {
                 "syscall": "sendmsg",
                 "comment": "Used by vhost-user frontend to communicate with the backend"
+            },
+            {
+                "syscall": "restart_syscall",
+                "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"
             }
         ]
     }

Original file line number	Diff line number	Diff line change
`@@ -444,6 +444,10 @@`
`444`	`444`	`{`
`445`	`445`	`"syscall": "recvmsg",`
`446`	`446`	`"comment": "Used by vhost-user frontend to read response from the backend"`
	`447`	`+ },`
	`448`	`+ {`
	`449`	`+ "syscall": "restart_syscall",`
	`450`	`+ "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"`
`447`	`451`	`}`
`448`	`452`	`]`
`449`	`453`	`},`
`@@ -726,6 +730,10 @@`
`726`	`730`	`{`
`727`	`731`	`"syscall": "sched_yield",`
`728`	`732`	`"comment": "Used by the rust standard library in std::sync::mpmc. Firecracker uses mpsc channels from this module for inter-thread communication"`
	`733`	`+ },`
	`734`	`+ {`
	`735`	`+ "syscall": "restart_syscall",`
	`736`	`+ "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"`
`729`	`737`	`}`
`730`	`738`	`]`
`731`	`739`	`},`
`@@ -1009,6 +1017,10 @@`
`1009`	`1017`	`{`
`1010`	`1018`	`"syscall": "sendmsg",`
`1011`	`1019`	`"comment": "Used by vhost-user frontend to communicate with the backend"`
	`1020`	`+ },`
	`1021`	`+ {`
	`1022`	`+ "syscall": "restart_syscall",`
	`1023`	`+ "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"`
`1012`	`1024`	`}`
`1013`	`1025`	`]`
`1014`	`1026`	`}`
Original file line number	Diff line number	Diff line change
`@@ -452,6 +452,10 @@`
`452`	`452`	`{`
`453`	`453`	`"syscall": "recvmsg",`
`454`	`454`	`"comment": "Used by vhost-user frontend to read response from the backend"`
	`455`	`+ },`
	`456`	`+ {`
	`457`	`+ "syscall": "restart_syscall",`
	`458`	`+ "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"`
`455`	`459`	`}`
`456`	`460`	`]`
`457`	`461`	`},`
`@@ -734,6 +738,10 @@`
`734`	`738`	`{`
`735`	`739`	`"syscall": "sched_yield",`
`736`	`740`	`"comment": "Used by the rust standard library in std::sync::mpmc. Firecracker uses mpsc channels from this module for inter-thread communication"`
	`741`	`+ },`
	`742`	`+ {`
	`743`	`+ "syscall": "restart_syscall",`
	`744`	`+ "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"`
`737`	`745`	`}`
`738`	`746`	`]`
`739`	`747`	`},`
`@@ -1125,6 +1133,10 @@`
`1125`	`1133`	`{`
`1126`	`1134`	`"syscall": "sendmsg",`
`1127`	`1135`	`"comment": "Used by vhost-user frontend to communicate with the backend"`
	`1136`	`+ },`
	`1137`	`+ {`
	`1138`	`+ "syscall": "restart_syscall",`
	`1139`	`+ "comment": "automatically issued by the kernel when specific timing-related syscalls (e.g. nanosleep) get interrupted by SIGSTOP"`
`1128`	`1140`	`}`
`1129`	`1141`	`]`
`1130`	`1142`	`}`