seccomp: allow madvise(*, *, MADV_DONTNEED)

Alexandra Iordache · alexandruag · commit 997e71c47b54 · 2019-03-08T00:06:41.000+02:00
The musl allocator calls it to punch holes in large chunks of allocated memory: https://elixir.bootlin.com/musl/v1.1.20/source/src/malloc/malloc.c#L501 Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Changelog
 
+## Unreleased
+
+### Fixed
+
+- A `madvise` call issued by the `musl` allocator was added to the seccomp
+  whitelist to prevent Firecracker from terminating abruptly when allocating
+  memory in certain conditions.
+
 ## [0.15.0]
 
 ### Added
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/vmm/src/default_syscalls/x86_64.rs b/vmm/src/default_syscalls/x86_64.rs
@@ -23,6 +23,8 @@ pub const ALLOWED_SYSCALLS: &[i64] = &[
     libc::SYS_futex,
     libc::SYS_ioctl,
     libc::SYS_lseek,
+    #[cfg(musl)]
+    libc::SYS_madvise,
     libc::SYS_mmap,
     libc::SYS_munmap,
     libc::SYS_open,
@@ -241,6 +243,21 @@ pub fn default_context() -> Result<SeccompFilterContext, Error> {
                 libc::SYS_lseek,
                 (0, vec![SeccompRule::new(vec![], SeccompAction::Allow)]),
             ),
+            #[cfg(musl)]
+            (
+                libc::SYS_madvise,
+                (
+                    0,
+                    vec![SeccompRule::new(
+                        vec![SeccompCondition::new(
+                            2,
+                            SeccompCmpOp::Eq,
+                            libc::MADV_DONTNEED as u64,
+                        )?],
+                        SeccompAction::Allow,
+                    )],
+                ),
+            ),
             (
                 libc::SYS_mmap,
                 (
