From: Timothy Arceri <tarceri@itsqueeze.com>
Date: Tue, 29 Oct 2019 06:41:41 +0000 (+1100)
Subject: radv: allow select() calls in secure compile
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=23a6827e4d96f03775f6127ee55ed93cbc279acb;p=mesa.git

radv: allow select() calls in secure compile

This will be used in the following patch to support timeouts for
reading the pipe between processes.

Reviewed-by: Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
---

diff --git a/src/amd/vulkan/radv_device.c b/src/amd/vulkan/radv_device.c
index d86a1dbca02..b02483bb949 100644
--- a/src/amd/vulkan/radv_device.c
+++ b/src/amd/vulkan/radv_device.c
@@ -1947,7 +1947,11 @@ static int install_seccomp_filter() {
 	struct sock_filter filter[] = {
 		/* Check arch is 64bit x86 */
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, arch))),
-		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, AUDIT_ARCH_X86_64, 0, 10),
+		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, AUDIT_ARCH_X86_64, 0, 12),
+
+		/* Futex is required for mutex locks */
+		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
+		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_select, 11, 0),
 
 		/* Allow system exit calls for the forked process */
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),