summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--pkg/sentry/platform/kvm/machine_unsafe.go4
-rw-r--r--runsc/boot/filter/config.go1
2 files changed, 2 insertions, 3 deletions
diff --git a/pkg/sentry/platform/kvm/machine_unsafe.go b/pkg/sentry/platform/kvm/machine_unsafe.go
index 4f5b01321..38c1f102f 100644
--- a/pkg/sentry/platform/kvm/machine_unsafe.go
+++ b/pkg/sentry/platform/kvm/machine_unsafe.go
@@ -88,7 +88,7 @@ func (c *vCPU) notify() {
_, _, errno := syscall.RawSyscall6(
syscall.SYS_FUTEX,
uintptr(unsafe.Pointer(&c.state)),
- linux.FUTEX_WAKE,
+ linux.FUTEX_WAKE|linux.FUTEX_PRIVATE_FLAG,
^uintptr(0), // Number of waiters.
0, 0, 0)
if errno != 0 {
@@ -106,7 +106,7 @@ func (c *vCPU) waitUntilNot(state uint32) {
_, _, errno := syscall.Syscall6(
syscall.SYS_FUTEX,
uintptr(unsafe.Pointer(&c.state)),
- linux.FUTEX_WAIT,
+ linux.FUTEX_WAIT|linux.FUTEX_PRIVATE_FLAG,
uintptr(state),
0, 0, 0)
if errno != 0 && errno != syscall.EINTR && errno != syscall.EAGAIN {
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 378396b9b..83c1fbcce 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -438,7 +438,6 @@ func ptraceFilters() seccomp.SyscallRules {
func kvmFilters() seccomp.SyscallRules {
return seccomp.SyscallRules{
syscall.SYS_ARCH_PRCTL: {},
- syscall.SYS_FUTEX: {},
syscall.SYS_IOCTL: {},
syscall.SYS_MMAP: {},
syscall.SYS_RT_SIGSUSPEND: {},