fdbased: Vectorized write for packet; relax writev syscall filter.

Now it calls pkt.Data.ToView() when writing the packet. This may require copying when the packet is large, which puts the worse case in an even worse situation. This sent out in a separate preparation change as it requires syscall filter changes. This change will be followed by the change for the adoption of the new PacketHeader API. PiperOrigin-RevId: 321447003
author: Ting-Yu Wang <anivia@google.com> 2020-07-15 15:04:10 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-07-15 15:05:32 -0700
commit: db653bb34baeba24b8b658eb0985e4c5185344cb (patch)
tree: a71ac8d63cfc06983b94d7c4aca40ec5272baf0c /runsc
parent: 857d03f258ffafb815698917f2a1ee9e7e265464 (diff)
1 files changed, 2 insertions, 9 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 60e33425f..149eb0b1b 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -310,19 +310,12 @@ var allowedSyscalls = seccomp.SyscallRules{
 		},
 	},
 	syscall.SYS_WRITE: {},
-	// The only user in rawfile.NonBlockingWrite3 always passes iovcnt with
-	// values 2 or 3. Three iovec-s are passed, when the PACKET_VNET_HDR
-	// option is enabled for a packet socket.
+	// For rawfile.NonBlockingWriteIovec.
 	syscall.SYS_WRITEV: []seccomp.Rule{
 		{
 			seccomp.AllowAny{},
 			seccomp.AllowAny{},
-			seccomp.AllowValue(2),
-		},
-		{
-			seccomp.AllowAny{},
-			seccomp.AllowAny{},
-			seccomp.AllowValue(3),
+			seccomp.GreaterThan(0),
 		},
 	},
 }
author	Ting-Yu Wang <anivia@google.com>	2020-07-15 15:04:10 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-07-15 15:05:32 -0700
commit	db653bb34baeba24b8b658eb0985e4c5185344cb (patch)
tree	a71ac8d63cfc06983b94d7c4aca40ec5272baf0c /runsc
parent	857d03f258ffafb815698917f2a1ee9e7e265464 (diff)