seccomp: add futex_requeue syscall (kernel v6.7, libseccomp v2.5.5)

Add this syscall to match the profile in containerd containerd: containerd/containerd@a6e52c7 libseccomp: seccomp/libseccomp@53267af kernel: torvalds/linux@0f4b5f9 futex: Add sys_futex_requeue() Finish off the 'simple' futex2 syscall group by adding sys_futex_requeue(). Unlike sys_futex_{wait,wake}() its arguments are too numerous to fit into a regular syscall. As such, use struct futex_waitv to pass the 'source' and 'destination' futexes to the syscall. This syscall implements what was previously known as FUTEX_CMP_REQUEUE and uses {val, uaddr, flags} for source and {uaddr, flags} for destination. This design explicitly allows requeueing between different types of futex by having a different flags word per uaddr. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit df57a08) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
moby · Feb 6, 2024 · 4cc0416 · 4cc0416
1 parent f9f9e7f
commit 4cc0416
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
@@ -132,6 +132,7 @@
 				"ftruncate",
 				"ftruncate64",
 				"futex",
+				"futex_requeue",
 				"futex_time64",
 				"futex_waitv",
 				"futimesat",

diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
@@ -124,6 +124,7 @@ func DefaultProfile() *Seccomp {
 					"ftruncate",
 					"ftruncate64",
 					"futex",
+					"futex_requeue", // kernel v6.7, libseccomp v2.5.5
 					"futex_time64",
 					"futex_waitv",
 					"futimesat",